A screenshot of Google CTF website with the challenge Treebox visible. The challenge is worth 50 points, and has the following description: I think I finnaly got Python sandboxing right.While writing an article on how "Hello World" actually works in Python (written with j00ru and Adam Sawicki, and published in 100th issue of the Polish Programista magazine; we'll publish the English translation on our blogs around September/October 2022) I've played a bit with Python's ast module (as in Abstract Syntax Tree) and decided it would make a cool CTF challenge if I would make some restrictions on AST level and have folks try to bypass it.

This wasn't of course the first challenge using AST on a CTF, though I did think to check only after I've already implemented it. Thankfully other challenges use different restrictions, so there was no collisions. Here are some of them though (leave a comment in case I've missed some):

Eventually the challenge was published at Google CTF 2022 in the Sandbox category under the name of Treebox and was solved 268 times, making it the easiest (or most popular? ;>) challenge of the CTF.

Screenshot of the console. The first line contains the command line to connect to the challenge: nc -v treebox.2022.ctfcompetition.com 1337. Then the connection is shown to be established and the challenge asks for the player's code, and the a delimiter in form of two dashes and the word END all caps. The example code written is: print('Your code goes here') followed by the delimiter. Last line contains an error: Banned statement ast Call.

The challenge is likely still online when you're reading this blog post (if it's not, let me know) and you need only netcat to enjoy it. Just follow the link above, download the source code and have fun!

There are only 3 AST-level restrictions in Treebox:

  • you can't call a function,
  • you can't use import,
  • and you can't use import from.

What was wonderful about the way players solved it, was that every solution was unique in some way. There were of course clusters of solutions converging around this or that feature, but at the end of the day the solutions were pretty different.

By the way...
On 22nd Nov'24 we're running a webinar called "CVEs of SSH" – it's free, but requires sign up: https://hexarcana.ch/workshops/cves-of-ssh (Dan from HexArcana is the speaker).

Since the solutions contain spoilers, I've posted them in a separate note in case readers would like to try their luck first.

Warning SPOILERS: Treebox solutions (it's at the bottom of this set of notes)

Whether you try the challenge first or now, if you enjoy Python I greatly recommend looking at the solutions. They are extremely clever in some cases, and fun in every case.

Have fun!

Add a comment:

Nick:
URL (optional):
Math captcha: 7 ∗ 6 + 10 =