HSCTF_2017: Python Exploitation 1
Category: Exploitation Points: 100 Description:
Seeing a non-web exploitation problem Keith prepared their binary and c knowledge, but to their surprise, it was a .py! Help Keith learn to exploit python programs. Netcat to 188.8.131.52:8005. Note- The flag can be mistaken for an error message.
This one was meant to be simple, involving the use of Python 2s completely insecure
input() function which uses an
eval(raw_input()) wrapper. We can easily hijack this by supplementing the input with the password variable like
thisisthepassword or we can take it a step further.
For this one though, I'll just be spawning a shell.
Therefore, the flag is