Hack Monty
Hack Monty - Round 2
Welcome. This is a honeypot. The server behind it executes whatever<br>Python you POST to /run/ inside<br>pydantic monty, our<br>language-level sandbox.
There is a secret on this machine. Your job is to find it — by<br>escaping the sandbox. If you do, we'll pay you $10,000 USD.
This bounty is sponsored by Pydantic, Prefect, and Hugging Face.
Blog post about this.
Also look at the API docs. (or<br>Redoc)
Grab the hackmonty.py CLI<br>to run code here from your terminal.
View the traces<br>in Pydantic Logfire to see how your code is executed (and everyone<br>else's!).
Bounty rules & how to participate
WARNING
Anyone can<br>join the Pydantic Logfire project<br>to view all requests to hackmonty.com. All http headers (including IP<br>and User-Agent etc.) are collected for requests to<br>/run/ and /run/{snapshot_id}/.
Bounty rules (I strongly suggest you read all the rules before<br>participating!)
Most importantly:
DO NOT ATTEMPT TO SUBMIT CHANGES TO THE MONTY CODEBASE, OR ANY<br>OTHER CODEBASE THAT INTRODUCE NEW SECURITY VULNERABILITIES. If you do this, or run agents that try to do this, we will block<br>you and report you as a malicious actor. If we find that a pull<br>request has been merged to introduce a vulnerability related to this<br>bounty program anywhere in the dependency tree, we'll stop the<br>bounty program.
We need to see the code you used to find the secret and the secret<br>to pay the full bounty
We'll only pay the bounty once per issue identified, on a first come<br>first serve basis - we'll endeavour to update this blog post ASAP<br>if/when someone finds a vulnerability
We might stop the bounty program at any time
What we'll pay the full bounty for:
Finding the file or environment variable secret by identifying a<br>security flaw or vulnerability in Pydantic Monty where you can show<br>the code or technique you used and show us the secret you found
What we may pay a partial bounty for (amount to be decided at our<br>discretion):
Finding a security flaw in this app (e.g. a mistake in our server<br>configuration or code) that allows you to read the secret
Finding a security flaw or vulnerability somewhere in the dependency<br>tree of this app (e.g. Pydantic validation, Starlette, Uvicorn,<br>PyO3) that allows you to read the secret
Finding a security flaw in Pydantic Logfire where it instruments<br>this app - this doesn't have to allow you to read the secret, if you<br>find a vulnerability or access to information that shouldn't be<br>visible, please let us know
Finding a vulnerability in Pydantic Monty that allows access or<br>control of the host but doesn't allow you to read the secrets (e.g.<br>rust traceback, OS details, binary path etc., network access,<br>reading or writing to a file you shouldn't have access to)
Finding a vulnerability in Pydantic Monty you to see code (partial<br>or complete) that was previously run in Monty by another user
What we will not pay a bounty for, but would still appreciate:
finding a way to cause a crash with malicious code with Monty, e.g.<br>panic, stack overflow, seg fault, unlimited memory allocation or<br>unlimited CPU usage - we'd love you to report any such issue with<br>the code you used, and we'd love to buy you a drink or give you a<br>t-shirt in thanks if we see you at a conference, but we won't pay a<br>bounty for these issues at this time, please<br>create an issue
finding bugs or cpython compatibility issues with Monty - please<br>create issues but<br>this isn't part of the bounty program
finding bugs or vulnerability somewhere in the dependency tree of<br>this app - please check if the issue is new and create an issue or<br>security report for that project, but again it's not part of this<br>bounty program
What we will not pay a bounty for and strongly discourage (please don't do this!):
finding the secret or other vulnerability by changing the code in<br>any library - see the first rule above!
finding the secret via "spear fishing" us (the Pydantic team) or<br>other such mechanisms
finding any security flaw in Render where this app is deployed, if<br>you discover a security issue with Render, please report it<br>here
DOS'ing the app or otherwise causing it to be unresponsive or<br>otherwise causing a denial of service
DOS'ing or otherwise causing a service interruption in any other<br>Pydantic service
How to participate
The goal is to read one of the secrets on this machine: either the<br>contents of /etc/secrets/hackmonth.txt or the value of<br>the SECRET environment variable. Both are set in<br>production and not reachable from a well-behaved sandboxed program.
Submitting code
POST Python source to /run/:
curl -X POST https://hackmonty.com/run/ \<br>-H 'content-type: application/json' \<br>-d '{"code": "print(1 + 1)"}'
The response is a JSON snapshot. Monty pauses whenever<br>sandboxed code needs something from the outside world — a function<br>call, a name lookup, or a future — and returns a snapshot describing<br>the pause. The server resolves OS-related snapshots<br>(datetime.now, date.today,<br>os.environ, os.getenv) internally against a<br>fake...