ctf-misc

The fragment serves as an instructional write-up outlining jailbreak techniques, restricted-shell evasion, and post-shell reconnaissance. While not executable, its actionable payload concepts and flows pose significant risk if misused in software supply chains. Treat as high-risk advisory material; ensure sanitization, sandboxing, and strict access controls to prevent integration into runtime code paths. Recommend deprecating or separating such content from library packages and implementing policy-based governance for executable code paths.

该技能不像凭据窃取型恶意内容，也无明显供应链或外传路径；但它明确向 AI 代理提供沙箱逃逸、提权、DNS 利用等进攻性安全能力，和普通开发辅助目的不成比例。整体应判为 SUSPICIOUS：非确认恶意，但对代理授予了高风险攻防能力。

This document is an offensive cheat-sheet describing multiple robust ways to break out of Python sandboxes and achieve arbitrary code execution, shells, and file exfiltration (explicit examples like reading /flag.txt). It contains many high-risk techniques (decorator-based call bypass, __loader__/__globals__ traversal, syscall invocations, environment variable RCE, network exfiltration). It is not benign application logic; if incorporated verbatim into a package or used by an attacker against a service that evaluates untrusted code, these techniques would enable severe compromise. Recommended action: treat content as malicious guidance for sandbox escape—do not run untrusted input through eval/exec, ensure restricted execution environments do not expose __loader__ or real builtins, and audit any code that programmatically evaluates user input.