running Room 12 : Join the game

Virtual environnement to attack can be reached at : ctf12.root-me.org
Time remaining : 00:31:45

Informations

  • Virtual environnement chosen : AppArmorJail1
  • Description : 
    Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"

    When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...

    Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:

    #include <tunables/global>

    profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       network,
       capability,
       file,
       umount,
       signal (send,receive),
       deny mount,

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       /home/app-script-ch27/bash px -> bashprof1,
     
    }
    profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       #include <abstractions/bash>
       
       network,
       capability,
       deny mount,
       umount,
       signal (send,receive),

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       / r,
       /** mrwlk,
       /bin/** ix,
       /usr/bin/** ix,
       /lib/x86_64-linux-gnu/ld-*.so mrUx,
       deny /home/app-script-ch27/flag.txt r,
    }
    • Start the CTF-ATD "AppArmorJail1"
    • Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
    • The challenge validation password is in the /home/app-script-ch27/flag.txt file
    • The validation password of the CTF ATD is in the file /passwd

    Start the challenge Game duration : 240 min

  • Validation flag is stored in the file /passwd
  • Only registered players for this game can attack the virtual environnement.
  • A tempo prevent game starting to early or too late.
  • Game will start when one player has choosen his virtual environnement and declared himself as ready.

Player's list

World Map


0x0 35 Available rooms

Room Virtual environnement chosen State Attackers count
ctf01 Windows - ZeroLogon running
Time remaining : 01:38:13 		1
dexter
ctf02 Relative Path Overwrite running
Time remaining : 01:00:29 		1
mxcezl
ctf03 OpenClassrooms - DVWA running
Time remaining : 01:04:44 		2
MrAurel, koulchiBikheir
ctf04 Apprenti-Scraper running
Time remaining : 03:22:22 		1
DarkPanda
ctf05 Shared Objects Hijacking running
Time remaining : 00:01:39 		1
Camel
ctf06 waiting 0
ctf07 AppArmorJail2 running
Time remaining : 02:41:16 		1
archi
ctf08 End Droid running
Time remaining : 00:18:06 		3
spyranto, Aytya, blossom
ctf09 I’m a Bl4ck H4t running
Time remaining : 00:22:20 		1
o71
ctf10 Docker - Sys-Admin’s Docker running
Time remaining : 00:29:34 		1
Small Vastianu
ctf11 waiting 0
ctf12 AppArmorJail1 running
Time remaining : 00:31:45 		1
Ronino1313
ctf13 waiting 0
ctf14 Basic pentesting 1 running
Time remaining : 00:36:27 		1
Mario
ctf15 waiting 0
ctf16 Websocket - 0 protection running
Time remaining : 00:37:19 		1
isslam
ctf17 waiting 0
ctf18 waiting 0
ctf19 waiting 0
ctf20 waiting 0
ctf21 waiting 0
ctf22 waiting 0
ctf23 waiting 0
ctf24 waiting 0
ctf25 waiting 0
ctf26 waiting 0
ctf27 waiting 0
ctf28 waiting 0
ctf29 waiting 0
ctf30 waiting 0
ctf31 waiting 0
ctf32 waiting 0
ctf33 waiting 0
ctf34 waiting 0
ctf35 waiting 0

CTF Results CTF Results

Pseudo Virtual Environnement Attackers count Time start Environnement compromised in
- Ubuntu 8.04 weak 1 3 March 2019 at 23:30 -
- VulnVoIP 0 3 March 2019 at 23:12 -
- Metasploitable 1 3 March 2019 at 22:38 -
- SamBox v2 0 3 March 2019 at 22:09 -
- SAP Pentest 0 3 March 2019 at 22:02 -