Welcome to the Exec CTF challenge! Can you break out of a custom-built Python jail and successfully
use exec()?
The flag is hidden in a print statement inside a compiled code object. This is
provided to you in a variable named code
Your task is to execute it so that it prints the flag.
However, built-in execution functions like exec and eval are blocked by a
custom security mechanism. The challenge is to bypass these restrictions and successfully run the code
object.
To pass the challenge, the flag must be printed to stdout. Submit your Python code
below to attempt the challenge.
You can download a local testing environment here. Need a hand or more detailed instructions? Shoot me a DM on Discord!
Originally hosted on whcc.club
Security controls are rarely perfect, and this one is no exception. The execution environment
uses a custom package, safe-exec. Understanding its
behavior might help you find a way to run the code object.
Also, keep in mind that compiled code objects can contain nested exec and eval calls.
code = compile("print(...)", "<flag>", "exec")
Click Submit to check your solution.