3v@l picoCTF 2025 Solution

Description

1. Step 1Bypass the filter
   Open DevTools and grep the JS for banned to see the exact rejected substrings. Probe with os (rejected) vs 'o'+'s' (accepted) to confirm static matching. Then build forbidden tokens at runtime: 'o'+'s' dodges the os check, chr(47) gives / without a literal slash, and __import__ dodges the import keyword block.
   Learn more

   Python's eval executes any arbitrary Python expression passed to it as a string. When web applications expose eval to user input - even with a blocklist - they create a code injection vulnerability. Blocklists that operate on raw string matching are fundamentally weak because Python offers many ways to construct the same string at runtime.

   String concatenation bypass works because the filter scans for the literal token os but never sees it: 'o'+'s' produces the same string only after Python evaluates the expression. The chr() built-in similarly converts an integer to a character, so chr(47) yields / without ever writing a slash in the input. These techniques exploit the fact that static string matching cannot track runtime values.

   __import__ is the lower-level function that backs Python's import statement. Because it accepts a plain string argument, it can import any module dynamically - including os - even when the import keyword itself is blocked. Once os is imported, os.popen opens a subprocess whose output is readable as a file object.

   The real-world lesson here is that blocklists are not a safe defense for code injection. Proper remediation means never passing user input to eval, exec, or similar functions. If dynamic evaluation is genuinely required, use an allowlist restricted to the exact operations the feature needs. See the Command Injection guide for filter-bypass patterns that map cleanly to shell injection too, and the Burp Suite for picoCTF guide for the Repeater loop that lets you iterate through these bypass payloads without retyping the request every send.

2. Step 2Dump the filesystem
   First list / with __import__('o'+'s').popen('l'+'s').read() to confirm flag.txt is there (don't guess the path). Then a cat payload like __import__('o'+'s').popen('c'+'at '+chr(47)+'flag.txt').read() exfiltrates the contents through the calculator's response field.
   Learn more

   Once arbitrary command execution is established, an attacker follows a standard enumeration pattern: first list directories to understand the filesystem layout, then read target files. Flags in CTF challenges are conventionally placed at /flag.txt or /root/flag.txt on Linux containers.

   os.popen launches a shell command and returns a file-like object. Calling .read() on it captures all stdout output as a Python string, which then gets returned to the web application and displayed in the response - completing the exfiltration loop without any separate network channel.

   In real penetration testing this step is called post-exploitation enumeration. Attackers typically run whoami, id, uname -a, and then read /etc/passwd to understand privilege level and available users. The same obfuscation techniques used in this challenge apply to those commands as well, demonstrating how a single bypass technique enables full system access.

Flag

Any payload that spawns /bin/sh via the obfuscated os import works; the concatenation trick keeps the blacklist asleep.