Virtual environnement to attack can be reached at : ctf12.root-me.org
Time remaining : 02:17:02
Informations
- Virtual environnement chosen : root-me-spip
- Description : Attention : this CTF-ATD is linked to the challenge "Root Me, for real"
At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.
The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag ! Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- darkveiderg (choice : root-me-spip, ready)
World Map
CTF Results
Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
- | Hopital Bozobe | 0 | 3 March 2019 at 23:15 | - |
- | Exploit KB Vulnerable Web App | 0 | 3 March 2019 at 21:47 | - |
- | SamBox v1 | 1 | 3 March 2019 at 21:38 | - |
- | Metasploitable | 2 | 3 March 2019 at 21:32 | - |
∇ | SSH Agent Hijacking | 1 | 3 March 2019 at 21:30 | 0h33 |