HSCTF_2017: Python Exploitation 1
Category: Exploitation Points: 100 Description:
Seeing a non-web exploitation problem Keith prepared their binary and c knowledge, but to their surprise, it was a .py! Help Keith learn to exploit python programs. Netcat to 220.127.116.11:8005. Note- The flag can be mistaken for an error message.
This one was meant to be simple, involving the use of Python 2s completely insecure
input() function which uses an
eval(raw_input()) wrapper. We can easily hijack this by supplementing the input with the password variable like
thisisthepassword or we can take it a step further.
Therefore, the flag is