running Room 2 : Join the game

Virtual environnement to attack can be reached at : ctf02.root-me.org
Time remaining : 03:10:17

Informations

  • Virtual environnement chosen : AppArmorJail1
  • Description : 
    Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"

    When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...

    Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:

    #include <tunables/global>

    profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       network,
       capability,
       file,
       umount,
       signal (send,receive),
       deny mount,

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       /home/app-script-ch27/bash px -> bashprof1,
     
    }
    profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       #include <abstractions/bash>
       
       network,
       capability,
       deny mount,
       umount,
       signal (send,receive),

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       / r,
       /** mrwlk,
       /bin/** ix,
       /usr/bin/** ix,
       /lib/x86_64-linux-gnu/ld-*.so mrUx,
       deny /home/app-script-ch27/flag.txt r,
    }
    • Start the CTF-ATD "AppArmorJail1"
    • Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
    • The challenge validation password is in the /home/app-script-ch27/flag.txt file
    • The validation password of the CTF ATD is in the file /passwd

    Start the challenge Game duration : 240 min

  • Validation flag is stored in the file /passwd
  • Only registered players for this game can attack the virtual environnement.
  • A tempo prevent game starting to early or too late.
  • Game will start when one player has choosen his virtual environnement and declared himself as ready.

Player's list

World Map


0x0 35 Available rooms

Room Virtual environnement chosen State Attackers count
ctf01 Apprenti-Scraper running
Time remaining : 03:59:14 		1
9illes
ctf02 AppArmorJail1 running
Time remaining : 03:10:17 		1
CDA1968
ctf03 Open My Vault running
Time remaining : 01:55:51 		1
shynk
ctf04 Docker - I am groot running
Time remaining : 01:37:23 		1
lelong42
ctf05 OpenClassrooms - DVWA running
Time remaining : 03:20:53 		1
Farouk PRO
ctf06 Windows - krbtgt reuse running
Time remaining : 00:28:28 		1
luCuDuorT
ctf07 A bittersweet shellfony running
Time remaining : 02:58:31 		1
0xSpectra
ctf08 Windows - KerbeRoast running
Time remaining : 01:04:09 		3
gaeb, f4ku, aketo
ctf09 OpenClassrooms_SkillProgram_AD1 running
Time remaining : 00:21:06 		1
future12
ctf10 waiting 0
ctf11 waiting 0
ctf12 waiting 0
ctf13 waiting 0
ctf14 waiting 0
ctf15 waiting 0
ctf16 waiting 0
ctf17 waiting 0
ctf18 waiting 0
ctf19 waiting 0
ctf20 waiting 0
ctf21 waiting 0
ctf22 waiting 0
ctf23 waiting 0
ctf24 waiting 0
ctf25 waiting 0
ctf26 waiting 0
ctf27 waiting 0
ctf28 waiting 0
ctf29 waiting 0
ctf30 C for C-cure running
Time remaining : 01:27:57 		1
cezame
ctf31 waiting 0
ctf32 waiting 0
ctf33 waiting 0
ctf34 waiting 0
ctf35 waiting 0

CTF Results CTF Results

Pseudo Virtual Environnement Attackers count Time start Environnement compromised in
- Awky 1 4 March 2019 at 11:41 -
- Hopital Bozobe 0 4 March 2019 at 10:10 -
- /dev/random : Pipe 1 4 March 2019 at 09:51 -
- Metasploitable 1 4 March 2019 at 11:32 -
- Metasploitable 2 2 4 March 2019 at 09:07 -