Tags: pyjail python discord pwn jail
Rating: 5.0
# Houseplant CTF 2020 – Adventure-Revisited
* **Category:** pwn
* **Points:** 1872
## Challenge
> Let's go on an adventure!
>
> The solution is in there... somewhere.
>
> (#adventure-revisited on discord)
>
> Creator: Jess
>
> Hint! You might want to read that Story Starter again.
>
> hint.7z ad100f3cfbc3a5a51951de2ff88773da
## Solution
The challenge gives you a [file](https://github.com/m3ssap0/CTF-Writeups/raw/master/Houseplant%20CTF%202020/Adventure-Revisited/hint.7z). This file is not an archive, but it contains a base64 string.
```
iVBORw0KGgoAAAANSUhEUgAAAVgAAACaCAYAAADsO1BLAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAACfISURBVHhe7Z0HfFzVlf9/M5oqaUa9WZZkS7bl3i3jQgnVMc2UQAqJKYHks5CQXnZDlmzYkGR3E0hgk5AQIBASk8BCMN0Q4G8w2AbcbbnJVW7qdfr8z7nvPelJHjVbY6TR+dpXt777+u+de14ZS8WCc6MQBEEQBh2rHguCIAiDjAisIAhCnBCBFQRBiBMisIIgCHFCBFYQBCFOiMAKgiDECRFYQRCEOGGZPW+RPAcrCIIQB07bgo1Go12CIAiCoDFgge1LUPuqFwRBGCn0y0XQXSgz8yYjZ9RUpGeXwuEsgMWRAovFglCoBW0tx9BcU4W6o5tQd2yrPoUGtxnq5I6eh7IZn4HTnaGXDBx/ez32bPwLjh9ap5fEh+xwCDnhsIr5ShmhwHsqQtu5JsmGnXYHNxME4WOiT4E1i2v5lAswa94STJkwFuPKUuBOtuOplcdwpDaAKIunlU7xqAUWPbQ3H8XBXa/g0N439B6GvsguuPQXpyWuBiyya174hp47fQpDQYwLBjAh4MeUoB8lgQDsSk57xk/beqPTjUq7ExtcLhULgnDm6FFgzcLqSS/BRZfdgq/efDZSU+wkkjQh/du6qxHPvFaLhtawahclgWVhVSJL/zhmGmt3YudHT6C5YZ/KM6cqtHnjJuLY7h16bvA579pH9NTp8+bfb9JTA6ecRLSMRHQCxdMCPuSFQnrNqcMW7TvuFLxN4QRZuIIgxJeYAmsW17zRFVhw3m24+foxKMx3KQENRiKobQjinbU1WL+tDQFNXwljOhbPTgG1UnE0GsGW939Dw+a1eumpiez0Jcuw6eVn9dzgYxbYr3yuCMEQD7yB3644jPKxybj03Gwku5JQUx9QZV++vhDJ7iQEg1HUNQbx55VHVXumvwKbQttmgp8ENRTAZLJQZ/jb4Yyz/3plihevJKeiStwIghA3ThLYLuJaVIGpZ92B2ZPtuPqS0XDarWhtD2H9ljps3ePD0eN+tPpYgLR7ZYZcGj2wAWuhjFluKz/4Xxzae+oiG0tgUzKz0FpXq9IuTxqC7W0I05A6yWaHy+tV5b6mJlXmcCfD7nZ3KTNjFtgffHks7vltFb5xYzF+8egBfPeLJXj29ROorGrD5y7LV21YUFlkDx31Y+VbNarMoLvApofDGEvD/DQS1GyPB6lJSSg/ehjTaHlPhVqavtrhRD1ZpPUk0Fba8lba0uw6mEHrlef36S17ZqvThbUON1LSvLCS2Da3tqCNLOcw9ZPh9cBFlm4rbacolSXRrrLR8dFgTcKLKR69B0EQeiKpoLD4bj3dRVy9GSWYteg7cDujuPDsbGRnOlkNUX3Mh2dXsd81goAatSpngML8SILuHeio45h7zxo1B/XHNsLX3qDKmYGIbCwXwaRzL+koK54xF/62ZkSCIZRWLIKFxMBJYuD2ppMI16BkVoWaHwsx91V3sNNtwYyZvExPAefMzcDkshRlob7zYSOmjU/FK6vrVN3mnS1YNCsN67c2Y+5UL5pawti5v6tQ7tv2nJ4CLqJl+nntUZzf3oqFvjbMbKzH5IY6Gvp3FfjeCFitOJacghqbDccoHSJxTKV0Ggl0IQl3cTiIYrKCS0IhOGiT1tFWb0xORrXdjuxg7PnkhkOYFfBhSlOjWp5ZJLAVvnbMp2Wc0diAKVQ2k5aZ28wgwWZ3xTyysMvJ0n6TLGBBEHom5mNaLLTjZ34OETJZykpSUJDtBp3PSiSTU2zIzHGx1rIykoCRzcSV/YRtrLEzPtdFzONBRmEx2kk0juzYooIhwHvXvYP6wweU2LLo9gW7ARqbQ7iMXQMktOwmYK69OBeBYP/Wgf2pdzZoFvbp4IhEMIoEcCwJ6kQSuNLWZoymdSwm4RvNFisJaxZZyV4STQ9ZnAUUj6b2E9ta9R4Gjzkkssm0PIIg9EyHMhqCx/Hosk8gPXs8bJYwSosdSE5OInHVrMycdAc+dWE+ZkxIhttGJ1gk3OES4NPNSCvXgEl/zHXpWeNRNO6CLvMcbJLIaguSJWaGXQal8xYht6wcDhpW9wfDx7rrQBs27GjGsgtyVFlZsRvvfNRphffGjWStJhrvupLRNoALqyCMRNQZ0ilwWlw8YQkZp1ZkpdmRT9aqjZ1vOpzKz7Lj00tzce78NDidnXX9IUpSm52ehOXLr+0oUX8HQWRZQB00hGYCNKxNychSacbsjz205SNlxfYF+1/ZgmX/K/td33ivHj/7w35VxjGXMZzv7n81GEWWJQ+rEwUfHRc/ycxVQRCE3unmg+WXCKagpPyTKj+uxI0ZEz1IdtmUsCopVQkLbOwDDIWxa387fAEq67dARnBeRRouWDwWW7ZsxqFD1conyvTHF8t+UyOwgNZXH1Rx9pgy5Rbw07C5jSzGpuNHkZKZrdplFY2B3Z2MlpoTlJ8ET3YuPDm5sCYloWb/Hr1njYKx58Jm126CnQ78HOyhXa+g2ZqE+WRJZ5Kl3xvszt7kdOP/kWW9ecp0PETNt8+agz+Fo3gm2YO/e9LwjxQv3s0fhc2pHgSCQYwZgP92sHg1JRXPpKbpOUEQesMya+5CXRn51VZg/IzPYMzEpbBaIzi3Ih0XLsiC3RZrKBhFU1sQT71wGDv2RxDtpz/O5Y7imovzMW28F08++Rfcd9+vWa+J/otsPInHm1we2jafba5HGsUssyGyAmmLoTbJhuMUqux2Ck7lRjHIzs6GzWbD0aOdj311J58EdpGvDee3taAkTmLbTsu6j5Zvh8OFA7Q8r5HYC4LQPzoEVhuiRzH3/LuQkVMOhwO4aFEmzp6doW5wKQwjVddAFol1W+rwzKt1ZM1qZb1hpemmT3Ljk2dnI8PjwqZNm3DzF79ENZYBWbHCyfANrVwSWX51NofSNto37khUvc2lBSvCtGmjxs4j6JKqx53l/PRHPVndLKxHSFD5AiAIwqnRRWA5nLvsQThdabBYoyjItWIJiWFRnhtul51OQf1UVHevkngy7D3YjD88fQi+gOZG6AkrTVM0yo4li7MwrpisIDrp6+sbcMGFn1SiKgIrCEKicdLYP8mRgghpXJhMmWoanT73Wh0eXbEXqzfW4Mnn9+OplVVoaWXbVRNbb6qDRLHvu8kpbhsWTMtEWZGHxNaiZpyept10EgRBSER0ZdTE0oD9qRwi0RBq6v3Ydwx4/pUT2LDdh427wnjp7eNobA0iRG08HjtKi5y6ddszrSTKWytb0NTCd8Q0Om3VrvMXBEFIBLqZnlEEgy3KD6eCKiFYCdlKJcszELaQyLbhzXdrsK2yFW+uqUOKg7/S1LtARixRHKjxYd/hdhJvrW1jYyP97TrdYDyuJQiCMBRQPljjBhfHcy64C2k5E7RKyit/q655yuI03AFRfludp6FSKtPugKsWPcI3yyqme3HJwnR4UuzYuHEzbrzlS7rftX9+WNesG2EvvxQNT3S+0ioIgjAQ2K3Jj2nGm24WLNBcvxcRFk1Cs2JZRk2B9VZpLotqErXhT4xoAtkXEVLhbXta8OYHtWhoCWLzli16Tf9gcXXOvAHWQfheqyAIIxf+ul8k3Puz6YOBElizwRhq2kKWK9/E0tDE1CyynD+5rL80NUewZkML/vlBPd5e/Z5e2nUZesJBlqsgCMJgwCIbb7pZsBbs2bUB4wtqMSYfmDMpBZ+Yn4HM1CQS3ZOM3VPG7wf++VYl1q7lzxZ2Vdbe3AMWsVwFQRhG6KrJomYImwU1+9/Elz81Fp+6OA9LFqZj+ZW5yMsktSdz1ng863TgOe3d8oqeYszzFwRBSAximqVPP/Mstu3YCoc9CXabDYWFybjx2tGYWpoMexJNwner+jOm74GGml04tPt1PScIgpCYdBFY1kylmxR+9vNfIKI/TsUPEmRlWHD15QWYM8WFZEdMXe4X7PeoXP+4mkfH/ARBEBKQDqXUhI7/aGHb9h347vfvUmn2i1rhhMeVhIvPKUDF9FQS2VNTxs3vPoim+ipKdc5LRFYQhETE2nlTSYs5a4RXXnsN3/7evyES5mcFtNdbve4kzJvmUd8VGIgvli3XTe/8GscOvNdlHhpaorcbXIIgCMONk1wEmtixnGqW6yuvvobPfv5GfLRhI5Xz069RuBw29ZX//tJQsxNrX/mhLq5a3x3zEU0VBCFBUQIby4rV/6h/7C5YfuOtuOc/f4aqqn1AJNrhn+2N1qZqbF/7CNa9+iPlFugQVhZZbVaElhDrVRCERKPLz3Yb3wHofHXWnOaMSmH27DlITp+KQNJYpHjzYXNovy4aCrSgtfkoGmt2o6Z6I2qPbtZEVWkqCygLqyGuWlql+imuaTet0lNA3e/P1VOCIAinBv+UVDyJKbCMWWT5j/qnqumP3ozLYqFEVUuoP6yfqiyGuDIisIIgfBzEW2C7+WC7i54uiPSH8+ag6eXJ5Rxi1dEf/q/3qRIKc1oQBCGR6CKwzMni11UoVZmKrV3KugbqNka50ZeBOS0IgpBonCSwTHcR1LJdxVILsUT25DJt2pP7HU5ctewKLFxwlp7rCpdz/WBw803L9ZQgCMOdmALLdIqjyul5c1rLd6ZPLtPaanlOq6k76uLPSy88hw0fvo/Vb7+O3/32Ab00Nvf+53/oqdjcdustqKiYq+e6snz5DViy5GI9dzJ99W3mq1/5Fz0lCMJwp0eBNegqhoaIdhfOzmCu66zX0PJnlkcfexyLz7kA48eN69U6nDlzhp4afOLZtyAIQ5c+BZYxxLKrQGriaa7T6o2g0bXu44GH8A6HHfX19Sr/2CO/xxurXsazzzyl6jiflZWp8mZYkLmMLWGuZ7g9l3G475f/rcrMcF9ct+Ivj3fkzX2zNWtMb7gVfvBv31Pz4CAIQuLQL4E1YxbMWKLZV/2Z5orLL8M9P74bzc0tOHbsuBK4tLQ0nH/hEuzbfwB3fvV2LL/pVtTW1mHZ1dfpU2ncfNMX8I/nX8AnL71S1TPcfv0HH6q25RPGd7GKDVcA1zU0NioBNvfNgjp/foVKv/nW21j+hRtU2ZJLLsKP77lXzUcQhMRhwALbnaEmqN35x/MrlZgeP34c1113LTLJmmRxY7729W/B6+35p8MDgSD++Mhjek6D2y9auCCmtcl9FxUVqbpiitvb2vQajZKSYmVJc/0lF1+kfvSRy/bs2Yt313T+uoMgCInBaQvscKO93YdJkyaq9NfuvAN+/nmFHkhNTdFTgNPJv5zLv8bgV99nYGuTw44dlaqc4b537d7dUff8yhf1Go2mpmZlSRv1v3voYVXOFjXT01MKgiAMTxJeYNlFwP5WFrGnnvq7CnzDi63Ia6+5SrkAGBbQ7lYpf+CGp+VgCDG35+m4LYe8vFxVzpj75nD++eepcqNvtoabmppUf5znpw/uu/+Bjvq7fvB9tLS0qGkEQRj+dHlVdqgjr8oKgjCYnNFXZQVBEITBQwRWEAQhTojACoIgxAkRWEEQhDghAisIghAnRGAFQRDihAisIAhCnBCBFQRBiBMisIIgCHFCBFYQBCFOiMAKgtArqR6PnhIGSkIL7Ow583DBRZdg4eJzMLa0TC+NTUHBKD0lCIkDH/d8HphJz8hQ50V/4LYTJmhfnzsVXC636mOkkvAW7Afr1+Ld1W8jJye31ytxwahCPSUIiUNGRiY8dNyz0BkUFBQiFAyeEeFzuV1qGUYqI8JFYLPZYLPb6aAKqfz4CeWomL8A02bMVHWc54OQ84KQaBw4sB9FxcUqzcc7H+t19dovdDDdzwfGsHzN1isbKFzG7Qxx5mm5bVFxiSrjeu6Lyxmeno0XYwTZfV7cJ087afLUhLR0E15geQfzTve1tyMUCipXgMvtxtr316Chvp52+ETs2lmJ5uZmbN64QZ9KEBKHgySwhhXJI7kjR6rRQsc7E+t84DIWvg8/WIedO3eodsz0GbOwaeNH2L51CyZPmabKikvG0HkVwpHqw3SO+dQ03FdObp6q5+m5rmrvnpjzYpEtJfE9cuRwxzIlEgkvsLyDeYc2NzepKynvYD7gGI7dlBeERIWtVRZANiCySVz5HDhx/Lhe5415PnDZkepqVWbGTmLIIsuBDRamvq5OTcfzsNltHRZuLHo699jCZsHlPhKNEeEiMMM70bia85AkSFatICQ6Bw/uRzENxfl49/k0cWTrsafzwRA/m+mD1EFqyxYsW6kcd4dHi1zOI0H28XZnJJ57I8JFwD4f7ap8WAUeJvGVloc5PHRh+GDjMkFIJNhyZXj4bbZM63UfbKzzgdvwcJ7LCkZ1Pl1TtWc3Ks5aqMonTZmql3bCo0Su48D3PBh2G7DVzL7Xns69REZ+MkYQhBFLvH8yRgR2mGONRsGHiH8I/mR6osD31Xk72xCFhf4ZaRudOa5ohEIULmrj5nQkCifFHirzcByJwEshPRIGD7pbaXqf1YI2itutVrRZrDhO8QdON6qTknh2whlEBNbESBfYgnAYk4N+TA34MYfiLDpx+WRnAiSwr7qS8SadqFsd2k+MCwNndDiEklAIY0MBlFJcTts5k7bzmWCdw4U1Thfep1BnFbE9E4jAmhipAjuKhPXy9hYsa+vfT3qvJpH9jSdNTtJ+MIUuVlNCQRVPDgaQSlbnUOAldwr+npxKVq32XKoQH0RgTYw0geVh5RXtrfhM68CfD3yVTtBfetJhtfJLFm5YRrDY8nDeSxepdLJO02ibZpKgTva3oqKtmYbwYa3REOXP6bl41puNII1QorSsoWA7IpHEe5zp40IE1sRIEdhkGpJe5mvD51qb4NBdAD3Bp1rQYlX+v+7ckpWPmuT0My6u7LawWujgpZgDP6qi0nqdKqN6lTbaU2zR8+xNtpIoqjK9nuSF6qkfVaal3YgghYST1z2FxIe3m4fiFBLSFD3t5fQZsErryNLcQyOH2iS78q22WpLQQnELbft2CiyQQVryCMUs+C5aPvbVJtPyz/c1Yx6JfU8ctzmwIi0Hr6emK5EN+BPvgfyPCxFYE0NFYMeMKcG+fdoD04NJDp1si/3t+DSdbHxjJBab7E6scbmwjeLddHAYrWbSEPd6mo5jg+dHF+PhpL6/hGRYeCxGqXQCe/TAaS73kMWURnEGxW4qM4TRpgujjZY1iZSQYxnQnjosoDlkXU/3teolXXnek4WHM/MxbUoZampq4nIMjjREYE0MVGCvWnYFll11Jb57w3LwbZ/8UAgOEpMvLr8B2zdswtYPP8JlF1+IDWvXoa2+HnYSDCcFB7XlWKUp2MnSiLDdRCJSMmYMWtvacOz4ca2M2nI5o+WjKo5QWWlpKXbsrYLT60HO6CJsqKyEn+r4htS8sxcjb/RoPLribxgXCuCS7Ex4DxzQOopB66hCPNDarm5i3XbbLRhLy8Fs3bYdTzzxpEqf72vHt5s63zE/mJGJh+0eTShZNHUBZddDGg+XKWRS8FBe0DhBJ9wJshjZIrV5C+BKcqK9rgrJdAyMCfjUNosnb+VPxJH2Wixua8LoYOfF0uCPGflYN74UX/3K7fjVrx/sVWTZEPjSbV/E9//1ro48T/eNb34H9/7kxx3lp8rcuXNQNLoQ//fsP3DhBedjytTJuP/+B/Tak+Hj9qGHHlbn5cFDh7F+/QdqmW5c/nk4nU74/X7c/aN7VNuBlHPZp6+/Di6Xs6NdfxGBNTEQgb2ppREXO+zwkkVnJUEc7vhIlNvYD+d2w52egf0k8D6LFeOnTMaH27fDT2nmovbY1o+gwfK4LW88qnMnYn/tLjTanDgWaEbqqJnILZqL7ev+qNp5vKNRMukyhMN+7NDLcovnIzNvCuo2PY3s5qMoJAGc5i1CXvVmJJ+hi9Q2Vwq+6U1XgrZ48cI+BYXFrLy8HD/92X8pUX36mWc7hO10LWBz30xffX7vu99WbY2Y+cX//LzjQsECzLAID6T8xPETSrBvuvHzuP2Or6my/iICa6K/ArvQ78NdjbV6ThASh7dS0vDTlFSVZrFha7Qv7v73H8Dn86OdRjiGhcllLM6GUBvs3rMXWVmZcJs+b8hiaFiO3I9RxoLtpdHZqlVvoLm5BaVlY5UI3nDDZzGurFRZmWtpdMjix/MpKirEwYOHO2KjD7Ml/eAD9ymRHGh593R/ibfAamZPgsG+QUFINNa7PXg0M1/PAcfJcmMrsi9WvvASZs6cjueee14v4a9qZat46dIlePSxxzssYXY3TRg/Tlm5LIAshgyL6+rV76oyFmqerxJPEkp2EXg8qcjMyFRCPHvWTNUfC+FHGzaqviorK7HmvbVq+hMnalTMfTQ2Nqn+zQy0fCiTkALLD2q/7ErWc4IwPHkvqwSPLb4NvzvvK/hy+WLck1uMemvX24hsOfbFNVcvw4oVf1Mi2R0W6VkzZygL08yq19/QUxosyEbZgf0HlGsgFtwX92nAQ3n21RaXFCvLmEWSLVueH4sv+027M9DyoUxCCiy/Nnq/NwOb/ve3uDUrD/d6M1F7+RVoKj/1n74QhIFylIaflc5kHMqdgN0pGdhBaQ5V6YWqjNP7MoqwN60A28kg4GDmePFcvFy/Gy9VvYGjvnq9tJPc3JyThLA7d955h7oRylYmD+9Z4Mzw9BUV85BfkN+rP9fvDyjrlElJTe3ywW4zLPixRDA/L08Jcw4ts2GFsvgaljTDy8YW8UDLhzJJBYXFd+vpIY9r1hf0FND+4aN6qmeuuvZq/PXlV7GfDvSia69BzfwF+M5HG7HD7sRUuoJW0w7LjHFzIuRyocHjxbH0dFhmz0FDfgECY8ZgRxSwTJqEwx4PKi1WeCsqsK6tHS5q01pSAh8NrQ6MLsLLtfVIPudsbKD5bnUnw7FwIVYePY5NDidOZGUhc/YstLGPKzkZkXAIthifdkt0mpMzcSw1Cx/RNtnucOGY3QF/1lh1Iy8YCaonOvhRsOHCUU8e1tG+/meyF895s/Du+d/E+oW3Yuv0K/F29hj8takKa4vn4OjFd2F13gSsaN6vXgZ5K6sYRy/6N6wfMx87Zl6Dw3RsRur3431vNh6JtCIUOPmmZTjkU8K5d28VNm3arJeeDFuJ06dNxS9/+SuVX/3Ou7jt1ltQuXMnFi1cgBdffBmXXbYUGXSc5+bk4OzFi7Bv//6OOubSpUtUOhwOK9/qLBr+jxtXhif/sgKhUBhnnVWhRDMYCCA7Oxt/evzPOO+8czrC6KLReJnOQe77t7/7PSbR+XPkyBG8+JLWf4CE+9Zbb8a8uXNRVlaKx/70OBoaGgdczhjLOhCscX5GfMQ/B5vLjynRycx36dspnKnXS813XHnQl0EH8MT8PLQcPoS0SAReWibjIyGjyCJwtbSod+L54yLslufHx8TXHD9arVbUJ9nRQMdDc5INTSpOQrs9GQ3REFqprIUusj6XB0fpgsAvFHTH7kxF0N85hO+eN9NbXXc+dc1Suja71Q2l08V8Y4gFlDEe+zuT9PQEwkDLB4o8RWBiqLxoMJTgh/5ZoFls1cP+FKuH/zlPsYsEwUZikUR7mV9KiNJFJEJ1/EYRB35HKjmtCJ7scQiGA2io2YXW1hOqnJ/l5WlKg36M87dhoq8NFe0t1H9iCPtehxtVZD0fJOv5KFmO7N+sIxFtIGHlN6+GIoP9JheL6uhC7UaW+SmDkYIIrAkR2IEz2N8i4KE7v2nE7/LPam9FaUD7Ov5QhS8ie+wuHHA4ccTmVH7RahLUg1Q2VEW0J+RbBIOPCKwJEdihB3/eb2IwgOxwWL35xt9GdZOFa3wblWN+opJfo1XDbKtFDaebaXjN/lYeinPM30Xlt+AMejso2boOKuvagjBNyx5sFlKWHSMOUx3HNWSRJoa9LcQDEVgTIrCCIAwm8qKBIAjCMEUEVhAEIU6IwAqCIMQJEVhBEIQ4IQIrCIIQJ0RgBUEQ4kRCC+zsOfNwwUWX4NzzzsekyVNhs8kPmgiCcOZIeAv2g/Vr8dabb8Bmt6FglPZKoCAIwplgxLgIfO2dr3QWFIzCtBkzVXC53CpwumL+AhWzpctlbAFz2djSso7pOM/lqR7txwTHTyhX9VzOaUEQBIOEF9gJEyYqQfR4vDhSfVgJZ1FxCTZv3ICDB/ZjfHk5QqEgtm/dgrXvr0EoGFLiWTBqlGrPZdyOpxtbNg4ffrAOO3fuwPQZs1T/3C+LN7fLyMhUZYIgCEzCCyyLIcNiGQqF4HK7YLPbleiWlo7rsGwnTZmqytxu7beIjlRXIzs3V1mm6SScPJ3RR0tzcxeL+MiRahVznSAIgsGIcBFsI+uUrU+2QlkEWRzZEuVQtXePsmhZUDnf3Kx9bZ2tWrZyuWxC+UQ1nWGhKheCLsSCIAg9MSIE1udrx85KHtbPVNZnOwms4UtlcW2mMhZRzhsimpOTq/LsCmDRNU9XcdZCVO3ZrdoJgiD0hHxNSxCEEYt8TUsQBGGYIgIrCIIQJ0RgBUEQ4oQIrCAIQpwQgRUEQYgTIrCnAP8m++lwutMnAsNtGwxkeQe6bnI8JC4JK7B80D74wH16TuPuf/8Brlp2hZ47db79ra/rqd6ZO3dOzPn1d/pEZjhtg+9999uYNXOGnuubWOt2709+rKdORo6HxCVhBXbfvv1Y895a3HnnHSp/4QXnq/j/nv2His8ERaMLUV4uH4ARgN899Ac9JYwkEv5Fg1/8z8/xq18/iK9+5XYVs/CydXvj8s/D5/OrNj/92X/htttuwd49VVj1+hsdacbjSUVFxTw8/cyzWL/+A1XGlvHBg/zhGCeqjxzBQw89HLNPtlq8Xg9WrXqji7D//qHf4PDhwyq9e89ePPHEk+pCkJGerspWr35XLQdbTgbcnwFbxbxMjY1NqKuvU/Pn6d2uztd3ze1jLRtfcKZMnazm6XQ6O9aP1z2Tv71A6/boY49jXFlZzHYG3dtfeeXleO6559V2vuGGz6K1pUW16768vA1vv+Nrqs7AWN+0NK+aT3paGhYvXqjKjO3E82NGFRSo5dm6bTstY6lKf/9f7+qzvr/bzrzNymj6F198qWMfcntjHXlUxOvNaV5+njbW/uV2d//oHrXdjXWqb2jA/fc/ELO9QU/HBW9vhtuvXv2O2u7cF2Msh7E9jX1jLKN5WmObmvchtzPovrzvvLMG11y9TG0/hufTfZvzdjZoLZqKtsJy5Lz3dJf04SW36y2AwpcfVHV1s5eqfOaHLyLl4BaVjjfyosFp8uRfVuBHP/ohdlRWdhw4fOLwwcoHR7uvXZ10fICxmDJGmsPSpZ9U1odZVBjO8wkzdswY5QqI1efateuUEHe3mh1OhzqQefoFZ1WoMj5hOc9h6dIlano+4Lm/v654SrUx+GjDRnUQc91E3UKeMH6cWiYuKyrq+t3bWMvG61ZSXKzmx+v32c9cr0SF14fbrXzhJXXSmtvx+hgjASZW+9raOlx88YWqfsrkSWrdYy1vd1iMedm4jbG9eTsY24n74vnxvuEP8nAZn+RZWZkdaWM/9lbf32336euv69hme0iIzBjryMtTWFhIArRIpQ3hirV/c3KyVWxeJ97nTKz2Bt2PC2bS5Ild2vNxzfuI4WORl8O8PXk9eH2Y7tPG2odmui9vTU1Nx/Zj+Hjovs15OxuE3R4E0vO7pJsmLEDEmaKENe/tP6u6o5+4EUXP/VwFQ2gTgYQXWD5x+DsCbKkY8MHOlgBzYP+BXofxfHKZr+gGxvR8QLErYCB98vJ075NPUrZy2MJw0gnHwsTWE1vgXGeGrUqjbVZ2ll7auUzd6WnZjh8/oWJeFk6zn5Etbu6XTxzDcjLadSdWe7aI+ITlE9egp+U1M5qEipeNMbYNbwcjzdvZ8IMa7Rhz2qC3+v5uOxbanransY68X1as+JuykFlwWciYWPvXwLxORtxb++7HBROrPRsQLKqLFi1QQmnenrwexoWj+7Q97XODWMtrLA/3aRglsfZDT3h3roHV34o9X/hvNI2fr8r82SXKquUQSMtVZYnAiHyKwO8PdAhASmqqGiqaMSyR/sBtm5tb+uyzL9iaYAvAsAwYTn/jm99R1htbJgaGVcH1fML0RV/LxnW5uTlqPU6cqFH9cuB59EZP7f1+v7KYXn/9nyrfn+Vla4uXrSd4Ox88pA2jT4f+bjvzNosFryMLqyHCPDzuSZBPh1jHRSxefXWVWp78vDxlVJi3J69HU1PsdR3oPmcLl10L3JZHZwMh5PbqKc0tUPanb6Fp4iIS12LYm2tUGYeSv9+jtxr+jMgfqXrxxZeVT5YtMxYW9s2ypXD22YsxY8Z0uqJ3Hgix4IOVr+IGxonVvc/s7GzVJ1sWZr9aT7BVwPDJzdYE+74MvymfNAZNTU0d/kGHo++LQaz1ZcuFfYs8Ty7jNrwePE9j3djn1ptlEqs9+wHZkrv++k91iEJ/lpeHn7yMbHmxmHIfGzdtVn5sFjOGtwFvl9Ohv9vO2GbcPhYsMnzhY9gPz8Pk/mCsE1vkTF/CyZiPi55g65L9n1X79qm8eXsa+zcWPe1Dg+7Le+jwYcyeNbOj30qynHvDWXcYx879Ag5e+R2VZ8vV8LdymnHWHED65lXYd/1/wN54DMG0PIxZ8UNVN9yRr2mNUNhPxq6C/pzgwvCAhZD9193dB0LPyE0uIS7w0HCgbgxh6MJ38tl6FXEdWogFKwjCiEUsWEEQhGGKCKwgCEKcEIEVBEGIEyKwgiAIcUIEVhAEIU6IwAqCIMQJEVhBEIQ4kbDPwSZHIsiIRpBJcXokjPRwWOUzKM6iMn5HmMvDFgtClOY4Eo2qOMx5WFBntcJP+RprEuqSbCpfS+naJCvaLHJtEoThTryfg00ogZ0T8FPwYbG/HTkkpPGkjoT2iM2GXUl27LI7sIvSB3vZWR1CTyGDxZ/iEIm3j4S6jcSchbyaRPwg9SMIwplBBNZEbwJ7Z1M9lvja9NzHQ73Dic0UtpBgtpO1O9nlRInfj+LmRqSSqPaH3STWD6WmYTPFgiDEFxFYEz0J7OVtLfiXlkY9N/xhKb40t+tHswVBGHzkVdl+MDHU82fchiO8U2YFfFpGEIRhS0II7HvOzt9TikUVXaXey8nDa+4UvJ2ehTc9aXjbm47VFP4ZY1r2h9Y6XWiiYX6E0h8Hl7W3YmZA+w6qIAjDk4Txwd7U0ojr2rQf2EskfpiejXX9+Ki2IAgDR1wE/eSR1DR8n8TobdOvgyYC88RVIAjDloR6mHMDWXr3ejPx9YwcrHSnoDLOV6czQaM8bysIw5aEfdHAgJ8qHRMMIDUaVc+gGisbRadv1UK5JPpri0YopmGDHnLCIcz1+1BC8cdBo9WKb9HF4lCSPBsrCPFAHtMycSoCOxiMIYEdRyJdFgpiIsVZJNSMVd9ymlSzZPM/TbA55npOMxYL1el5rQ0FEn1tWm0owYFFdY/NgXVOJ950utFgZakXBCEeiMCa+LgE9kzBAtu/1xEEQRgM5CbXCELEVRASCxFYQRCEOCECKwiCECdEYAVBEOKECKwgCEKcEIEVBEGIE8NKYKPt9XpKEARh6DOsBDZQ+YKeEgRBOD0sZ+A19GElsL6PHoV/wxOIiCUrCMJpwOJqTYr/W5LD6k0uQRCE4YTc5BIEQYgTIrCCIAhxwlKx4FxxEQiCIMQBsWAFQRDihAisIAhCnBCBFQRBiBMisIIgCHEB+P+l6wxjleh44wAAAABJRU5ErkJggg==
```
The decoded string will give you a PNG image.
The image is referred to a RCE that chan be possible due to an `eval` in a Discord bot. The bot for this challenge is *Jade* under *#adventure-revisited* Discord channel.
You can have more info on the bot with the `jst help` command.
```
Help:
Enter actions starting with a verb ex. "go to the tavern" or "attack the orc."
To speak enter 'say "(thing you want to say)"' or just "(thing you want to say)"
Jade will respond to JST add [action] ex. JST add you slap yourself.
The following commands can be entered for any action:
"revert" Reverts the last action allowing you to pick a different action.
"print" Prints a transcript of your adventure (without extra newline formatting)
"help" Prints these instructions again
"invite" Give you a lovely invite link :3 -> https://discordapp.com/api/oauth2/authorize?client_id=410253782828449802&permissions=0&scope=bot
```
Another command, not listed, is `jst eval <some_command>`. You can't execute that command in the CTF Discord server, but you can invite the bot to your own server with the command `jst invite` and then click on the link provided by the bot.
You can trigger the `eval` with `jst eval x=1+1;return x` and what you can see is that the code is put into a Python method somehow invoked.
It seems that you can't use/invoke attributes/methods starting with `__` and that `import` clause is blocked. So this seems to be similar to a Python jail.
After few attempts, you can discover that `dir()` method returns some interesting values (other methods have the same output, e.g. `globals()`).
```
jst eval return dir()
Eval
def eval():
return dir()
Result:
{'adnozulerqhsymvtfc': '[HIDDEN]', 'ouhbn': '[HIDDEN]', 'omhwjqyfxzegkrp': '[HIDDEN]', 'rbwufi': '[HIDDEN]', 'wvb': '[HIDDEN]', 'nrmdychqxal': '[HIDDEN]', 'onetvfqmrspwza': '[HIDDEN]', 'igqotewvkhlczd ...
```
Another interesting thing is that if you pass an input to the method, like `dir(42)`, the following error will be raised: `getvars() takes 0 positional arguments but 1 was given`. It seems that the `dir()` method is a wrapper for a method that gets all possible vars. So the data returned before are variables names and variables contents, maybe.
You can try to find a content different from `[HIDDEN]` and you discover the flag format string.
```
jst eval dirs = [d for d in dir().values() if '[HIDDEN]' not in d]; return dirs
Eval
def eval():
dirs = [d for d in dir().values() if '[HIDDEN]' not in d]; return dirs
Result:
['rtcp{}']
```
What is the name of the variable? You can discover it with the following command.
```
jst eval dirs = [d for d in dir().keys() if 'rtcp{}' in dir()[d]]; return dirs
Eval
def eval():
dirs = [d for d in dir().keys() if 'rtcp{}' in dir()[d]]; return dirs
Result:
['rgslbtudhniypmvezkjxwfac']
```
If `rgslbtudhniypmvezkjxwfac` is the name of a variable, you can simply print its content with the following command and you will discover the flag.
```
jst eval return rgslbtudhniypmvezkjxwfac
Eval
def eval():
return rgslbtudhniypmvezkjxwfac
Result:
rtcp{1tz_n0t_4_bUg_1ts_a_fe4tur3}
```
