Tagged "sandbox escape"

Google CTF 2022: Treebox

This is the write-up for Treebox, one of the easier Sandbox Escape challenges from Google CTF 2022.

The challenge statement says, “I think I finally got Python sandboxing right.”, and we’re provided with a hostname/port pair and (conveniently) the source code of the sandbox. The flag is in a file called flag in the current working directory of the sandbox process.