CTF challenge help

I am testing a CTF challenge on Vercel. The challenge is made with Flask and required subprocess.
Is this something that can be done on Vercel? Sorry if its a noobie question.
The challenge gets deployed but the commands are not executed.
The relevant code is this:

if command_part:
            try:
                if platform.system() == 'Windows':
                    command_part = command_part.replace('ls', 'dir').replace('cat', 'type')
                output = subprocess.check_output(shlex.split(command_part), shell=(platform.system() == 'Windows'), stderr=subprocess.STDOUT, text=True).strip()
                if "is not recognized as an internal or external command" in output:
                    message = f'"{text_part}" reported to admin.\n\n"{command_part}" command not allowed.'
                else:
                    message = f'"{text_part}" reported to admin.\n\n{output}'
            except subprocess.CalledProcessError as e:
                output = e.output.strip()
                if "is not recognized as an internal or external command" in output:
                    message = f'"{text_part}" reported to admin.\n\n"{command_part}" command not allowed.'
                else:
                    message = f'"{text_part}" reported to admin.\n\n{output}'
        else:
            message = f'"{text_part}" reported to admin.'

Hi, @hyperskillz404-gmail!

Deploying a Flask-based CTF challenge that uses subprocess to execute system commands is not feasible on Vercel because of our serverless architecture and security restrictions.

Vercel’s serverless functions run in a sandboxed Linux environment that doesn’t support executing arbitrary system commands or using subprocess. This limitation is intentional for security reasons, preventing potential risks associated with running user-supplied commands.

For CTF challenges requiring system-level access, it’s recommended to use traditional hosting platforms, containerization technologies like Docker, or redesign the challenge to work within serverless constraints.

While Vercel excels for many web applications, it’s not suitable for applications needing direct system access or command execution capabilities.

Is there any other framework I can use to deploy this challenge other than Flask or is it simply not possible in any way?
Thanks for your quick response !

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.