This code was inspired from a challenge I completed at CSAW:
http://pastebin.com/FPTgiFNs
Although it looks suspicious, the data variable is just the zipped file contents of the sandbox which it creates whenever it starts.
The replace statements randomize the names of variables and modules that would make solving the challenge much easier.
Code such as this is vulnerable by design and would have to be run in a virtual machine. I have working solutions that will execute shell commands and read files if that is required.
The code provided in the paste will first create a vulnerable python shell file in /tmp, then start a server on port 10000 which accepts connections and allows users to interact with the sandbox.
The challenge would be to escape the sandbox and read a file with the level password in it.
If there are any questions about the code or suggestions to improve it I would be happy to respond.
