[Original writeup.](https://github.com/StroppaFR/CTF-Writeups/blob/master/2019/Evlz-CTF-2019/Jail.md)

When connecting, we are inside a shell script that executes our commands. We can get out with **bash**.

From there we can't see the standard output stream but we can see the standard error stream so we can simply redirect with **1>&2** and find the flag.

bash-4.3$ /bin/ls 1>&2
Desktop Documents Music Pictures Videos bin flag.txt programs
bash-4.3$ /bin/ls /bin 1>&2
bash ec.sh echo ls sh
bash-4.3$ /bin/ls /usr/bin 1>&2
awk chattr chsh ssh vim wc
bash-4.3$ /usr/bin/vim flag.txt 1>&2

> Pass: evlz{0ut_0f_ech0}ctf