Virtual environnement to attack can be reached at : ctf04.root-me.org
Time remaining : 03:44:06
Informations
- Virtual environnement chosen : AppArmorJail1
- Description : Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"
When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...
Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:
#include <tunables/global>
profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/home/app-script-ch27/bash px -> bashprof1,
}
profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/bash>
network,
capability,
deny mount,
umount,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/ r,
/** mrwlk,
/bin/** ix,
/usr/bin/** ix,
/lib/x86_64-linux-gnu/ld-*.so mrUx,
deny /home/app-script-ch27/flag.txt r,
}- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Start the challenge Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- Dexiios (choice : AppArmorJail1, ready)
World Map
35 Available rooms
| Room | Virtual environnement chosen | State ↓↑ | Attackers count |
| ctf01 | Awky |
 Time remaining : 01:01:40 |
2 Bunoud, as9707299@gmail.com |
| ctf02 | Apprenti-Scraper |
Time remaining : 03:53:05 |
1 val |
| ctf03 | Awky |
Time remaining : 01:01:55 |
1 sonwever |
| ctf04 | AppArmorJail1 |
Time remaining : 03:44:06 |
1 Dexiios |
| ctf05 | Open My Vault |
Time remaining : 02:27:02 |
1 Aruzhan |
| ctf08 | Windows - krbtgt reuse |
Time remaining : 00:35:37 |
1 Horus |
| ctf09 | Ubuntu 8.04 weak |
Time remaining : 04:17:48 |
1 Abdirisak |
| ctf10 | End Droid |
Time remaining : 02:46:27 |
1 calamar62 |
| ctf11 | Docker - Sys-Admin’s Docker |
Time remaining : 01:37:09 |
1 fanch352 |
| ctf23 | BBQ Factory |
Time remaining : 04:10:08 |
1 siqox |
| ctf14 | Docker - I am groot |
Time remaining : 01:55:30 |
1 t1n0x |
| ctf15 | Docker - Sys-Admin’s Docker |
Time remaining : 03:13:47 |
2 agrippa, saSHA256 |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf32 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf25 |
|
0 | |
| ctf18 |
|
0 | |
| ctf24 |
|
0 | |
| ctf22 |
|
0 | |
| ctf21 |
|
0 | |
| ctf20 |
|
0 | |
| ctf19 |
|
0 | |
| ctf17 |
|
0 | |
| ctf16 |
|
0 | |
| ctf13 |
|
0 | |
| ctf12 |
|
0 | |
| ctf07 |
|
0 | |
| ctf06 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | LAMP security CTF5 | 1 | 3 March 2019 at 09:19 | - |
| - | Windows XP pro 01 | 0 | 3 March 2019 at 05:38 | - |
| - | SSH Agent Hijacking | 1 | 3 March 2019 at 12:24 | - |
| - | LAMP security CTF5 | 1 | 3 March 2019 at 10:51 | - |
| - | LAMP security CTF6 | 0 | 3 March 2019 at 03:27 | - |