Python Jails

Hanto Dojo.

A collection of challenges about breaking out of Python jails.

Welcome to the Python jails! Can you guess the sum of two numbers without knowing the numbers?

Unfortunately, I never learned how to convert strings to integers in Python, so I'll be using eval instead!

A quick reminder: setuid Python scripts in the /challenge folder should be run as /challenge/run.py, not as python /challenge/run.py.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This program does not print out the flag when you win.

It will only tell you how long the flag is, just to taunt you.

I am confident that there is no way for the program to leak the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

I thought of this idea of putting win and lose in separate functions.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This program doesn't print out your answer anymore.

How will you see the fruits of your efforts this time?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

There is no flag variable this time.

I can't think of a way a user could read the flag themselves.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Today I learned: Some Python functions are too overpowered!

Can't open a file without open, right?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Underscores are my worst enemy!

I found a way to get the length of the flag without opening it.

Surely os is safe?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Some modules are just too dangerous to import.

Surely you can't just import a module yourself?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Everything in Python is too dangerous.

I'm deleting everything except the things I need.

No, I still refuse to learn how to convert strings to integers myself.

There is no way a nefarious user can access anything after I delete it, right?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

No floats allowed in this treehouse.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank		Hacker	Badges		Score