Challenge Summary

Nobita was given a simple task: update the company’s internal network drive. It stored important files that everyone needed. He didn’t understand much about networks, but he wanted to prove he could handle it.  
  
Without checking the instructions, he pressed a few buttons and messed the network up. The shared ftp drive disappeared. Within minutes, employees started complaining.  
  
Gian and Suneo, who relied on the files, stormed into the IT room. “What did you do?” they demanded. Nobita panicked and called Dekisugi.  
  
Help Dekisugi fix the network!  

Challenge by hampter & NotAProton.
This challenge was part of ApoorvCTF 2025 (ApoorvCTF 3.0).

Provided Source Code

The provided zip file has two relevant files, Dockerfile and chall.py.

Dockerfile contains:

FROM python:3.12-slim

WORKDIR /challenge

COPY chall.py /challenge/chall.py
COPY flag.txt /flag.txt

RUN chmod +x /challenge/chall.py


CMD ["python", "/challenge/chall.py"]

This tells us the flag file will be at /flag.txt and how the Python code is being executed.

chall.py has this Python code:

#!/usr/bin/env python3

print("           _            _       _             ")
print("          | |          | |     | |            ")
print("  ___ __ _| | ___ _   _| | __ _| |_ ___  _ __ ")
print(" / __/ _` | |/ __| | | | |/ _` | __/ _ \| '__|")
print("| (_| (_| | | (__| |_| | | (_| | || (_) | |   ")
print(" \___\__,_|_|\___|\__,_|_|\__,_|\__\___/|_|   ")

def calc(op):
	try : 	
		res = eval(op)
	except :
		return print("Wrong operation")
	return print(f"{op} --> {res}")

def main():
	while True :
		inp = input(">> ")
		calc(inp)

if __name__ == '__main__':
	main()

The code will run eval(input) on any input and show the result if a result is returned, or “Wrong operation” on anything else.
eval() expects a string but input() provides one from what we enter.
We want to read the /flag.txt file with Python since the script is running directly in Python and not in an interactive shell like Bash or Z Shell.