0CTF 2025 chsys Writeup: FreeBSD Jail Escape using Directory Sabotage

Challenge Overview Category: Pwn / Jail Escape The challenge provides a remote FreeBSD environment where we interact with a specialized shell called env_manager running inside a Jail. The goal is to read the flag located at /flag on the host system. ...