running Room 10 : Join the game

Virtual environnement to attack can be reached at : ctf10.root-me.org
Time remaining : 03:04:37

Informations

  • Virtual environnement chosen : AppArmorJail1
  • Description : 
    Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"

    When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...

    Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:

    #include <tunables/global>

    profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       network,
       capability,
       file,
       umount,
       signal (send,receive),
       deny mount,

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       /home/app-script-ch27/bash px -> bashprof1,
     
    }
    profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       #include <abstractions/bash>
       
       network,
       capability,
       deny mount,
       umount,
       signal (send,receive),

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       / r,
       /** mrwlk,
       /bin/** ix,
       /usr/bin/** ix,
       /lib/x86_64-linux-gnu/ld-*.so mrUx,
       deny /home/app-script-ch27/flag.txt r,
    }
    • Start the CTF-ATD "AppArmorJail1"
    • Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
    • The challenge validation password is in the /home/app-script-ch27/flag.txt file
    • The validation password of the CTF ATD is in the file /passwd

    Start the challenge Game duration : 240 min

  • Validation flag is stored in the file /passwd
  • Only registered players for this game can attack the virtual environnement.
  • A tempo prevent game starting to early or too late.
  • Game will start when one player has choosen his virtual environnement and declared himself as ready.

Player's list

World Map


0x0 35 Available rooms

Room Virtual environnement chosen State Attackers count
ctf01 BBQ Factory running
Time remaining : 09:29:24 		1
Vivien
ctf02 root-me-spip running
Time remaining : 00:12:17 		1
z1pline
ctf03 Well-Known running
Time remaining : 00:22:27 		1
lark
ctf04 k8s running
Time remaining : 03:41:12 		1
LostSpaceMan
ctf05 Windows - Group Policy Preferences Passwords running
Time remaining : 01:54:56 		1
Calistro
ctf06 Relative Path Overwrite running
Time remaining : 01:18:26 		1
OulaOulaOula
ctf07 OpenClassrooms_SkillProgram_AD1 running
Time remaining : 00:41:38 		1
Laetitia Leguen
ctf08 Windows - krbtgt reuse running
Time remaining : 00:48:41 		2
zancrows, Usern4me
ctf09 Docker - Sys-Admin’s Docker running
Time remaining : 03:57:27 		1
Nagoya
ctf10 AppArmorJail1 running
Time remaining : 03:04:37 		1
V5november
ctf11 waiting 0
ctf12 waiting 0
ctf13 waiting 0
ctf14 waiting 0
ctf15 Websocket - 0 protection running
Time remaining : 02:49:21 		1
Medrupaloscil
ctf16 waiting 0
ctf17 waiting 0
ctf18 waiting 0
ctf19 waiting 0
ctf20 waiting 0
ctf21 waiting 0
ctf22 waiting 0
ctf23 waiting 0
ctf24 waiting 0
ctf25 waiting 0
ctf26 waiting 0
ctf27 waiting 0
ctf28 waiting 0
ctf29 waiting 0
ctf30 waiting 0
ctf31 waiting 0
ctf32 waiting 0
ctf33 waiting 0
ctf34 waiting 0
ctf35 waiting 0

CTF Results CTF Results

Pseudo Virtual Environnement Attackers count Time start Environnement compromised in
- Mr. Robot 1 1 3 March 2019 at 11:17 -
- Acid: Reloaded 0 2 March 2019 at 22:42 -
- Rootkit Cold Case 0 2 March 2019 at 23:55 -
- Vulnix 0 2 March 2019 at 22:16 -
- Awky 1 3 March 2019 at 13:36 -