Virtual environnement to attack can be reached at : ctf04.root-me.org
Time remaining : 03:19:33
Informations
- Virtual environnement chosen : AppArmorJail1
- Description : Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"
When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...
Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:
#include <tunables/global>
profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/home/app-script-ch27/bash px -> bashprof1,
}
profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/bash>
network,
capability,
deny mount,
umount,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/ r,
/** mrwlk,
/bin/** ix,
/usr/bin/** ix,
/lib/x86_64-linux-gnu/ld-*.so mrUx,
deny /home/app-script-ch27/flag.txt r,
}- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Start the challenge Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- Eliot (choice : AppArmorJail1, ready)
World Map
35 Available rooms
| Room | Virtual environnement chosen | State | Attackers count |
| ctf01 | I’m a Bl4ck H4t |
 Time remaining : 03:06:19 |
1 ZeroDay |
| ctf02 | Relative Path Overwrite |
Time remaining : 00:07:03 |
2 oursesprit, snow_raph |
| ctf03 | OpenClassrooms_SkillProgram_AD1 |
Time remaining : 00:14:46 |
1 Dimitri Dendelé |
| ctf04 | AppArmorJail1 |
Time remaining : 03:19:32 |
1 Eliot |
| ctf05 | LAMP security CTF5 |
Time remaining : 00:18:42 |
1 berlinator |
| ctf06 | SSRF Box |
Time remaining : 00:24:02 |
1 BlackTurtle |
| ctf07 | SSH Agent Hijacking |
Time remaining : 00:12:01 |
1 fredm |
| ctf08 | Well-Known |
Time remaining : 01:14:58 |
1 lark |
| ctf09 | Bluebox 2 - Pentest |
|
1 mld |
| ctf10 | Matrix terminal |
Time remaining : 03:39:16 |
1 qaz |
| ctf11 | CTFair |
Time remaining : 03:03:12 |
1 Tim... |
| ctf12 | End Droid |
Time remaining : 03:21:56 |
2 JeanC@T, AzmiJO |
| ctf13 |
|
0 | |
| ctf14 |
|
0 | |
| ctf15 |
|
0 | |
| ctf16 |
|
0 | |
| ctf17 |
|
0 | |
| ctf18 |
|
0 | |
| ctf19 |
|
0 | |
| ctf20 |
|
0 | |
| ctf21 |
|
0 | |
| ctf22 |
|
0 | |
| ctf23 | Shared Objects Hijacking |
Time remaining : 01:28:26 |
1 Incinscible |
| ctf24 |
|
0 | |
| ctf25 |
|
0 | |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf32 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | Awky | 3 | 3 March 2019 at 21:28 | - |
| - | Mr. Robot 1 | 1 | 3 March 2019 at 20:59 | - |
| - | LordoftheRoot | 0 | 3 March 2019 at 20:56 | - |
| - | Metasploitable | 1 | 4 March 2019 at 08:03 | - |
| RadekG | SSH Agent Hijacking | 1 | 3 March 2019 at 20:57 | 0h12 |