0CTF 2025 chsys Writeup: FreeBSD Jail Escape using Directory Sabotage

Dec 22, 2025 · 5 min read · Challenge Overview Category: Pwn / Jail Escape The challenge provides a remote FreeBSD environment where we interact with a specialized shell called env_manager running inside a Jail. The goal is to read the flag located at /flag on the host system. ...