Virtual environnement to attack can be reached at : ctf05.root-me.org
Time remaining : 03:12:38
Informations
- Virtual environnement chosen : root-me-spip
- Description : Attention : this CTF-ATD is linked to the challenge "Root Me, for real"
At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.
The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag ! Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- LecCorentin (choice : root-me-spip, ready)
World Map
35 Available rooms
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | SSH Agent Hijacking | 1 | 3 March 2019 at 00:13 | - |
| - | SAP Pentest | 1 | 2 March 2019 at 23:57 | - |
| - | Mr. Robot 1 | 0 | 3 March 2019 at 01:34 | - |
| shark729 | SSH Agent Hijacking | 2 | 2 March 2019 at 23:55 | 0h11 |
| - | SSH Agent Hijacking | 1 | 3 March 2019 at 13:54 | - |