Virtual environnement to attack can be reached at : ctf05.root-me.org
Time remaining : 03:34:17
Informations
- Virtual environnement chosen : root-me-spip
- Description : Attention : this CTF-ATD is linked to the challenge "Root Me, for real"
At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.
The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag ! Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- LecCorentin (choice : root-me-spip, ready)
World Map
35 Available rooms
| Room | Virtual environnement chosen | State | Attackers count |
| ctf01 | LAMP security CTF5 |
 Time remaining : 02:49:14 |
1 Strat0S |
| ctf02 |
|
0 | |
| ctf03 | Sambox v4 |
Time remaining : 00:42:17 |
2 cpt_mustard, zipherle |
| ctf04 | Relative Path Overwrite |
Time remaining : 01:01:51 |
1 Drost |
| ctf05 | root-me-spip |
Time remaining : 03:34:17 |
1 LecCorentin |
| ctf06 | Apprenti-Scraper |
Time remaining : 03:14:49 |
1 AZAOWEN |
| ctf07 | SSRF Box |
Time remaining : 03:57:20 |
1 zecter310 |
| ctf08 | Websocket - 0 protection |
Time remaining : 01:02:20 |
1 Duc |
| ctf09 | ARM FTP box |
Time remaining : 02:23:52 |
1 cezame |
| ctf10 | Docker - Sys-Admin’s Docker |
Time remaining : 03:23:02 |
1 Id3m |
| ctf11 |
|
0 | |
| ctf12 | Shared Objects Hijacking |
Time remaining : 00:17:55 |
1 Incinscible |
| ctf13 |
|
0 | |
| ctf14 |
|
0 | |
| ctf15 |
|
0 | |
| ctf16 |
|
0 | |
| ctf17 |
|
0 | |
| ctf18 |
|
0 | |
| ctf19 |
|
0 | |
| ctf20 |
|
0 | |
| ctf21 |
|
0 | |
| ctf22 |
|
0 | |
| ctf23 |
|
0 | |
| ctf24 |
|
0 | |
| ctf25 |
|
0 | |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf32 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | SSH Agent Hijacking | 1 | 3 March 2019 at 12:26 | - |
| - | BSCorp - Unix | 1 | 3 March 2019 at 13:24 | - |
| - | LAMP security CTF5 | 0 | 3 March 2019 at 01:12 | - |
| - | FristiLeaks 1.3 | 0 | 3 March 2019 at 02:10 | - |
| dali | SamBox v2 | 1 | 3 March 2019 at 00:39 | 0h57 |