Level 4

Challenge details

Solution

Below shows the source code of the challenge. We can see that len(inp)>13 code was used, telling us that any input that contains more that 13 characters are prohibited. So our objective for this challenge is pretty clear, we'll need some short payloads.

The first thing that came into my mind was breakpoint(). But it turned out that this is not working. Again, I was randomly inputting some codes to the server.

More trial and error were done. Like for real, I was just brute forcing any short codes :)

Ended up consulting an old friend of mind once again, Google. If you remember, I clicked on the first link for the previous challenge. Now, let's go with the second link.

Sweet! Found something interesting. The input() function is being wrapped in eval() function. The best part? It contains only 13 characters.

The payload was slightly modified so that it matches our flag location. Voila, flag!

Flag

GCTF2023{L3v31_f0ur_K33p_g0inggggg}