UPON-2021の屋子

[Week1]calc_jail_beginner_level2.5(JAIL)

#the length is be limited less than 13
#it seems banned some payload 
#banned some unintend sol
#Can u escape it?Good luck!

def filter(s):
    BLACKLIST = ["exec","input","eval"]
    for i in BLACKLIST:
        if i in s:
            print(f'{i!r} has been banned for security reasons')
            exit(0)

WELCOME = '''
  _                _                           _       _ _ _                _ ___    _____ 
 | |              (_)                         (_)     (_) | |              | |__ \  | ____|
 | |__   ___  __ _ _ _ __  _ __   ___ _ __     _  __ _ _| | | _____   _____| |  ) | | |__  
 | '_ \ / _ \/ _` | | '_ \| '_ \ / _ \ '__|   | |/ _` | | | |/ _ \ \ / / _ \ | / /  |___ \ 
 | |_) |  __/ (_| | | | | | | | |  __/ |      | | (_| | | | |  __/\ V /  __/ |/ /_ _ ___) |
 |_.__/ \___|\__, |_|_| |_|_| |_|\___|_|      | |\__,_|_|_|_|\___| \_/ \___|_|____(_)____/ 
              __/ |                          _/ |                                          
             |___/                          |__/                                                                                                            
'''

print(WELCOME)

print("Welcome to the python jail")
print("Let's have an beginner jail of calc")
print("Enter your expression and I will evaluate it for you.")
input_data = input("> ")
filter(input_data)
if len(input_data)>13:
    print("Oh hacker!")
    exit(0)
print('Answer: {}'.format(eval(input_data)))

Unicode 欺骗
https://www.tr0y.wang/2019/05/06/Python%E6%B2%99%E7%AE%B1%E9%80%83%E9%80%B8%E7%BB%8F%E9%AA%8C%E6%80%BB%E7%BB%93/#%E6%9E%81%E7%AB%AF%E9%99%90%E5%88%B6
好棒的博客

[WEEK2]calc_jail_beginner_level5(JAIL)

#It\'s an challenge for jaillevel5 let\'s read your flag!\nimport load_flag\n\nflag = load_flag.get_flag()\n\ndef main():\n    WELCOME = \'\'\'\n  _                _                           _       _ _ _                _ _____ \n | |              (_)                         (_)     (_) | |              | | ____|\n | |__   ___  __ _ _ _ __  _ __   ___ _ __     _  __ _ _| | | _____   _____| | |__  \n | \'_ \\ / _ \\/ _` | | \'_ \\| \'_ \\ / _ \\ \'__|   | |/ _` | | | |/ _ \\ \\ / / _ \\ |___ \\ \n | |_) |  __/ (_| | | | | | | | |  __/ |      | | (_| | | | |  __/\\ V /  __/ |___) |\n |_.__/ \\___|\\__, |_|_| |_|_| |_|\\___|_|      | |\\__,_|_|_|_|\\___| \\_/ \\___|_|____/ \n              __/ |                          _/ |                                   \n             |___/                          |__/                                                                                                                                                                     \n\'\'\'\n    print(WELCOME)\n    print("It\'s so easy challenge!")\n    print("Seems flag into the dir()")\n    repl()\n\n\ndef repl():\n    my_global_dict = dict()\n    my_global_dict[\'my_flag\'] = flag\n    input_code = input("> ")\n    complie_code = compile(input_code, \'<string>\', \'single\')\n    exec(complie_code, my_global_dict)\n\nif __name__ == \'__main__\':\n    main()