Virtual environnement to attack can be reached at : ctf05.root-me.org
Time remaining : 03:07:31
Informations
- Virtual environnement chosen : root-me-spip
- Description : Attention : this CTF-ATD is linked to the challenge "Root Me, for real"
At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.
The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag ! Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- LecCorentin (choice : root-me-spip, ready)
World Map
35 Available rooms
| Room | Virtual environnement chosen | State | Attackers count |
| ctf01 | LAMP security CTF5 |
 Time remaining : 02:22:28 |
2 Strat0S, FR13NDS |
| ctf02 |
|
0 | |
| ctf03 | Sambox v4 |
Time remaining : 00:15:31 |
1 cpt_mustard |
| ctf04 | Relative Path Overwrite |
Time remaining : 00:35:05 |
1 Drost |
| ctf05 | root-me-spip |
Time remaining : 03:07:31 |
1 LecCorentin |
| ctf06 | Apprenti-Scraper |
Time remaining : 02:48:03 |
1 AZAOWEN |
| ctf07 | SSRF Box |
Time remaining : 03:30:34 |
1 zecter310 |
| ctf08 | Websocket - 0 protection |
Time remaining : 00:35:34 |
1 Duc |
| ctf09 | ARM FTP box |
Time remaining : 01:57:06 |
1 cezame |
| ctf10 | Docker - Sys-Admin’s Docker |
Time remaining : 03:58:06 |
1 Id3m |
| ctf11 | Shared Objects Hijacking |
Time remaining : 01:49:22 |
1 Incinscible |
| ctf12 | Awky |
Time remaining : 01:54:02 |
1 Scarecrow |
| ctf13 | Docker - I am groot |
Time remaining : 03:55:18 |
1 Altair |
| ctf14 |
|
0 | |
| ctf15 |
|
0 | |
| ctf16 |
|
0 | |
| ctf17 |
|
0 | |
| ctf18 |
|
0 | |
| ctf19 |
|
0 | |
| ctf20 |
|
0 | |
| ctf21 |
|
0 | |
| ctf22 |
|
0 | |
| ctf23 |
|
0 | |
| ctf24 |
|
0 | |
| ctf25 |
|
0 | |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf32 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | LAMP security CTF5 | 1 | 2 March 2019 at 22:05 | - |
| - | Metasploitable | 1 | 3 March 2019 at 11:29 | - |
| Ib.cobar | SSRF Box | 2 | 2 March 2019 at 22:04 | 0h50 |
| HomardBoy | LAMP security CTF5 | 2 | 2 March 2019 at 22:00 | 0h03 |
| - | Challenge SecuriTech | 1 | 3 March 2019 at 11:11 | - |