The interesting function is
import function gives us an error
So it wants a base64 encoded pickle object and we need to read the flag. Let’s get a shell using a malicious pickle object.
cos system (S'/bin/sh' tR.
base64 encoding that gives us
and passing that to the program…