- category: misc
- points: 50
When has a blacklist of insecure keywords EVER failed?
nc chall2.2019.redpwn.net 6006
netcat to the server just output a typical python command line interface.
We can not input any of the
blacklist.txt words, doing this will end the connection to the server:
Working around I found that concatenating one or more string will work perfectly, the function that searches for blacklisted words won’t trigger any error; then our input is probably passed to the
exec function. Trying to execute
execfile function will output the line of the file where python couldn’t comprehend the syntax, and here is the flag.