Challenge author
Eric Hennenfent (SIGPwny)
Write-up author
Vanilla (Batman's Kitchen)

This service looks like it might have some vulnerabilities. Think you can get the flag?


This Python script implements a variant of a popular esoteric programming language. However, its print operation works differently, doing a poor job of emulating printf. It filters out "machine" from the printed string (wait for why), substitutes in the faux-printf result, and sends the result to str.format. Armin Ronacher had something to say about str.format recently. Seeing this, you know why "machine" was filtered; it would give us access to a bunch of stuff, including the flag. Too bad for it, it substitutes after it checks for machine, so we come up with some monstrosity like "ma%sine" where "%s" is replaced by "ch" and then the filtering is entirely bypassed, and we get flag.