By Ezra Edelman

In python 2.7, which the program is written for (seen by the lack of parenthesis around for the print statements) input() is easily exploited. The way input() works is it evaluate the user's input as a statement in python. To find the file name input eval(compile('import os;os.system(\"ls\")', '<string>', 'exec')) into the terminal. Then enter eval(compile('import os;os.system(\"cat flagfilename1345\")', '<string>', 'exec'))

The reason this works is that you are creating a python code object with compile(), then running the code with eval(). I used compile() to allow me to run multiple lines of code, which is usually not possible with eval(); exec() could be used, but does not usually give an output, making things difficult.

Of course, there could be other ways to do this, one being to just input __import__("os").system("/bin/sh") so you can get shell.

Python 2.7.13 documentation of input, eval and compile found here: https://docs.python.org/2/library/functions.html