A fellow hacker is challenging you to exploit a simple python script.
To exploit it live, you have to create your Warchall account
and try your luck there.
To see what it is about you can also view the source here
Note: It is not required to trigger a race condition, but it should work as well.
Note: You have to use the binary "pytong" not the pytong.py. It is a wrapper which is needed for SETREGID and finally gives the solution.
`ed python code for pytong.py
SOLUTION = "/home/level/12/solution.txt"
# Your main objective is to return True
def main(filepath): # We want to prevent some noobish solutions
if any(ipattern in filepath for ipattern in ('proc', 'uptime', 'tmp', 'random', 'full', 'zero', 'null')):
raise ValueError('nononono: hacking is not allowed')
# You have to give me an valid file! if not os.path.exists(filepath):
raise ValueError('sorry file "%s" does not exists' % filepath)
# We are opening the file here and store the content in 'jjk'
print('opening %s' % filepath) with open(filepath) as gizmore:
jjk = gizmore.read()
# The file was closed, does it still exists? if not os.path.exists(filepath):
# The file does not exists anymore, you have found a solution
print('You are l33t')
else: # Ok, we will reopen the file and store its content in 'kwisatz'
with open(filepath) as spaceone:
kwisatz = spaceone.read()
# Does the content differs from old content? if jjk != kwisatz:
# content differs so return True
print('You are a winner')
if __name__ == "__main__":
if len(sys.argv) < 2: print('wrong argcount')
# Objective: return True here! success = main(sys.argv)
except (ValueError, OSError, IOError) as exc:
print('%s' % (exc,))
with open(SOLUTION) as fd:
© 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 and 2020 by space