1 files changed, 0 insertions, 41 deletions

diff --git a/chall/notes b/chall/notes
deleted file mode 100644
index c6410c5..0000000
--- a/chall/notes
+++ /dev/null
@@ -1,41 +0,0 @@
-Setup a quick docker container with python2 and ply installed to test..
-
-Check out the source code..
-
-First thing we want to find is how the tokens are turned
-into python, since we ideally just want to write python.
-
-We find that tokens of type INLINE are directly injected.
-
-Looking at INLINE tokens we find some which are useful
-for calling functions:
-
-    "ARGZ": ("INLINE", "_lol_sys.argv"),
-    "THINGZ": ("INLINE", "()"),  # invisible tuple didn't sound right
-    "THING": ("INLINE", "()"),   # sometimes it's better in singular form
-    "MY": ("INLINE", "self."),
-    "MYSELF": ("INLINE", "(self)"),
-
-Looks like the sys module was imported as _lol_sys.
-The other tokens allow us to call functions.
-
-Varibles are injected directly too.. this allows us to call
-builtins by specifying the builtin name, followed by THING.
-
-Since we just want to run python code directly we'd
-like to call `eval` with a string. Strings are
-injected directly after some escape character checks.
-
-In the inline tokens we saw there is one that allows
-us to pass an argument.. MYSELF. For that we need
-to define self.. Lets do that as a simple variable
-instead of the normal definition of self.
-
-We find we can define self using CAN HAS..
-We can print the result of the eval using VISIBLE..
-
-Thus our payload becomes:
-
-   self CAN HAS '<PYTHON-CODE>'
-   VISIBLE eval MYSELF
-