misc/jailbreak

jailbreak/chall.yaml

@@ -0,0 +1,14 @@
+name: JailBreak
+categories:
+  - misc
+value: 75
+flag: camp{PYth0n_M4steR_M2!f45}
+description: |-
+  After a recent prison escape due to hidden messages in letters, the facility has tightened security. Can you find a way around these new measures?
+hints:
+  - How can you access variables in python?
+files:
+  - src: ./main.py
+authors:
+  - Jack Crowley
+visible: true

jailbreak/deploy.py

@@ -0,0 +1,23 @@
+def sanitize(letter):
+    print("Checking for contraband...")
+    return any([i in letter.lower() for i in BANNED_CHARS])
+
+def end():
+    print("Contraband letters found!\nMessage Deleted!")
+    exit()
+
+BANNED_CHARS = "gdvxftundmn'~`@#$%^&*-/.{}"
+flag = "camp{PYth0n_M4steR_M2!f45}"
+
+print("Welcome to the prison's mail center")
+msg = input("Please enter your message: ")
+
+if sanitize(msg): 
+    end()
+
+try:
+    x = eval(msg)
+    if len(x) != len(flag): end()
+    print(x)
+except Exception as e:
+    print(f'Error occured: {str(e)}; Message could not be sent.')

jailbreak/main.py

@@ -0,0 +1,23 @@
+def sanitize(letter):
+    print("Checking for contraband...")
+    return any([i in letter.lower() for i in BANNED_CHARS])
+
+def end():
+    print("Contraband letters found!\nMessage Deleted!")
+    exit()
+
+BANNED_CHARS = "gdvxftundmn'~`@#$%^&*-/.{}"
+flag = "REDACTED"
+
+print("Welcome to the prison's mail center")
+msg = input("Please enter your message: ")
+
+if sanitize(msg): 
+    end()
+
+try:
+    x = eval(msg)
+    if len(x) != len(flag): end()
+    print(x)
+except Exception as e:
+    print(f'Error occured: {str(e)}; Message could not be sent.')

jailbreak/solve.md

@@ -0,0 +1,15 @@
+# JailBreak
+
+The `exec` function in python is very dangerous, especially with it executing an input given by the user. 
+
+This is what `PyJail` problems are built off of, where they restrict inputs, functions, or anything else to make it more challenging to get the flag.
+
+Based off of the banned keys, `gdvxftundmn'~`\``@#$%^&*-/.{}`, there are only a few functions we can use, one of which is the key to solving the problem, `locals`.
+
+`locals` is a function that has reference to all of the local parameters, including the `flag` variable which stores the flag. But since the `flag` has banned characters, we must use `chr()` function with the ascii value of each letter and join them together.  
+
+```
+locals()[chr(102)+chr(108)+chr(97)+chr(103)]
+```
+
+Using this input, the flag will be printed out.