Virtual environnement to attack can be reached at : ctf01.root-me.org
Time remaining : 03:48:04
Informations
- Virtual environnement chosen : AppArmorJail1
- Description : Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"
When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...
Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:
#include <tunables/global>
profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/home/app-script-ch27/bash px -> bashprof1,
}
profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/bash>
network,
capability,
deny mount,
umount,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/ r,
/** mrwlk,
/bin/** ix,
/usr/bin/** ix,
/lib/x86_64-linux-gnu/ld-*.so mrUx,
deny /home/app-script-ch27/flag.txt r,
}- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Start the challenge Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- Fest (choice : AppArmorJail1, ready)
World Map
35 Available rooms
| Room | Virtual environnement chosen | State | Attackers count |
| ctf01 | AppArmorJail1 |
 Time remaining : 03:48:04 |
1 Fest |
| ctf02 | Challenge SecuriTech |
|
1 Neoned Is Here |
| ctf03 | Kioptrix level 4 |
Time remaining : 00:45:36 |
2 Winty, hurrhnn |
| ctf04 | Kioptrix level 3 |
Time remaining : 00:54:36 |
1 AdrianS4957Y |
| ctf05 | Well-Known |
Time remaining : 03:23:17 |
1 Driss69 |
| ctf06 |
|
0 | |
| ctf07 | Matrix terminal |
Time remaining : 03:57:17 |
1 julien |
| ctf08 |
|
0 | |
| ctf09 |
|
0 | |
| ctf10 |
|
0 | |
| ctf11 |
|
0 | |
| ctf12 |
|
0 | |
| ctf13 |
|
0 | |
| ctf14 |
|
0 | |
| ctf15 |
|
0 | |
| ctf16 |
|
0 | |
| ctf17 |
|
0 | |
| ctf18 |
|
0 | |
| ctf19 |
|
0 | |
| ctf20 |
|
0 | |
| ctf21 |
|
0 | |
| ctf22 |
|
0 | |
| ctf23 |
|
0 | |
| ctf24 |
|
0 | |
| ctf25 |
|
0 | |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf32 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | LAMP security CTF5 | 2 | 2 March 2019 at 21:40 | - |
| - | LAMP security CTF5 | 2 | 2 March 2019 at 21:37 | - |
| - | ARM FTP box | 2 | 2 March 2019 at 22:01 | - |
| DydyG | LAMP security CTF6 | 1 | 2 March 2019 at 21:21 | 1h04 |
| DydyG | LAMP security CTF4 | 1 | 2 March 2019 at 20:43 | 0h35 |