[WEB] interdimensional internet

@rubenflush maybe take a look at encoding and try to ESCAPE the filter

I am able to bypass the firewall restrictions and I can execute some commands. I cannot recover the builtins functions though because access to globals attribute is not possible (python restricted execution mode) . Any hints here or via pm would be nice :slight_smile:

Thanks that worked! Now I am stuck again… this is taking soo much time lol

Can anyone give me a hint / PM? Is there any way to execute something?

Got it! :smiley: Who knew playing in a snake’s sandbox could be so fun. Thanks to @undefi for the nudge.

Thanks for this great challenge! :slight_smile:

Can someone DM me a hint on how to bypass r***x? No matter how hard I try to ESCAPE I seem to to still be stuck.

@moozilla
Sometimes it is good to use something twice.

Still working on this challenge. I don’t know how to get data back.

@secabit Thanks, I managed to get that part working finally, but now I’m stuck on the same thing as you. When I run my attack against the server locally I can get a reverse shell, but it doesn’t work against the actual box. That also feels like not the intended solution since it’s a web challenge. Feel like I’m missing something obvious.

Finally got this one! Was thinking about one of snuggles’ comments and right when I starting to get SLEEPy the answer hit me.

Really enjoyed this challenge and learned lots about Python 2 (shame that it has just entered EOL so some of the learning feels a bit wasted).

I took to blindfolded sleeping to exfiltrate my flag, one wink at a time. But it looks like there are different ways to do the last step.

As an aside, I dont understand why most people have rated this challenge ‘Brainfuck’. It could have been lots harder - just search for escaping python jails and ctf, there are some truly twisted ones out there.

@seekorswim @moozilla
Thanks for help guys.

Finally done. Watch out on every step, when you’ll forget about important things then you will lost a lot of time. It is making this box hard, but I really enjoyed.

Edit: sorry, wrong topic, my bad

oh man this took me ages because of the slow af exfil…
can’t wait to go find some writeups and see if i just did it in a really stupid way lol
EDIT: yeah i wasted hours because of slow exfil ■■■■. there’s a much better way than acting blind

Woohaa got the flag! Learned a lot about python. Thanks @doxxos for the last push!

Is it possible to return value from ***k? I would appreciate it if someone can explain this part to me in PM?

I found an EC() injection point, but the R*X is filtering basically everything that I can think of. Can someone inbox me a nudge for this stage?

Really enjoyable. Thanks to @seekorswim for the guidance.

Done

I saw many here posted that their exploit worked locally but not on the remote host. I’m facing the same issue. Any nudge would be appreciated :slight_smile:

Type your comment> @boris154 said:

I saw many here posted that their exploit worked locally but not on the remote host. I’m facing the same issue. Any nudge would be appreciated :slight_smile:

Finally finished :slight_smile:
If anyone else gets stuck with that issue, don’t trust your local python (especially on kali), you docker to run it and then test your exploit.