Tags: command_injection sandbox chroot seccomp 

Rating: 4.5

Escaping a chroot, seccomp, namespace sandbox by abusing syscall numbers and uid namespace uid of 0.
Finally abusing command injection to read the flag:

[http://blog.rpis.ec/2017/04/bctf-2017-boj.html](http://blog.rpis.ec/2017/04/bctf-2017-boj.html)

Original writeup (http://blog.rpis.ec/2017/04/bctf-2017-boj.html).