 What's up everybody? My name is John Hammond and we're looking at a simple conversation from the miscellaneous category of HSATF. It says that someone on the internet wants to talk to you. Can you find out what they want? We have a Netcat connection here and some source code download called talk.py. So let's go ahead and just connect to this first. It says hello. Hey, can you help me out real quick? I need to know your age. What's your age? 12. So I'm in high school. Wow. Sometimes I wish I was 12. It was nice. Okay. That's all we get. That's all she wrote. Let's go ahead and download this talk.py and see what we can do with it here. It's in that HS directory. So let's get talk.py. It says from time sleep import blah blah blah sleep every one a couple of seconds. That's really annoying. I hate when there's like staggered output, especially on a Netcat service. Input. Okay. Sleep. Wow. And that's it. Prince out age. No format there. Vulnerability we can take advantage of. That's it. That's literally all it does. That looks totally fine to me. Right? So if we connect to it, let's say some stupid stuff. Let's say, okay, you need to know my age. Please subscribe. Oh, please subscribe is not defined. Okay, that's weird because this script says it's using Python three, which properly uses input. The Python two does not that'll like straight evaluate and it looks like that's what I tried to do when I entered a string there rather than rather than age. So can we do like more damage? Let's can we like import stuff? underscore underscore import and then the kind of like a function call with parentheses around to name it. Actually, oh, it's underscores around import the word. And then you can use the parentheses and enter a string for some you're trying to import. It says, wow, sometimes I was I wish I were the OS module from Python 2.7. Okay, okay. So we found out some cool stuff. We can import modules, and it's totally using Python two. So if we have this module, we can totally do things like have code execution, let's import a West and then from that module, let's just run system right because we can run commands, let's check out a less see what's in the current directory. Oh, totally in the root. And there's a flag dot text. Let's go ahead and cat that out right super simple. Help me out real quick. What's your age? My age is the flag, dude. System. Let's cat flag dot text. Crank. Yeah, please use Python three. Okay, that's cool. Sweet. So simple challenge, right? A little bit a little bit of fun. And you would submit that and you'd get good 170 points. Kind of a neat trick. I've seen that a bit before the between the Python three and Python two differences in the input function. Keep that in mind. Python two is going away, right? It's going to end to support the start of 2020 January 1 2020. I've heard threats like they're just going to straight up remove all the Python two documentation. And we're done. No more Python two. However, that's going to be a good thing. Python 3.9 is going to like try and clean up the global interpreter lock and stuff, right? All the stuff we've been running into for Katana. So, all right, that's the video, guys. Thanks for watching. If you liked this video, please do like, comment and subscribe. Love to see you in another video. Love to see you in the Discord channel. That's in the description. I'm really bad at these. It's getting late. Hope to see you on Patreon. Hope to see you on PayPal. Thanks, guys. See you. Okay.