Melroy Tellis' Blog

Problem Statement We didn't have time to setup and test a proper jail, so this text editor will have to do for now. Can you break free? Tools Used Vim Bourne shell (sh) Description This is a web-based challenge; when you click the 'Start Challenge' button, it will spin up a unique instance of the challenge for you. You would then be able to navigate to the challenge page with your browser. Once you open the challenge page, your screen would resemble the screenshot below: As you can see, this is the text editor Vim being exposed by a web terminal. There is a well known feature of Vim where it allows a user to execute arbitrary Unix commands. To execute a command, enter :!<command> , e.g. to execute the ls command, enter :!ls . You can leverage this feature to spin up a command shell. To do so, type :!/bin/sh into the editor. Now, you will get a command shell as shown below: Now, you can examine the current working directory to obtain clues for ...