Virtual environnement to attack can be reached at : ctf08.root-me.org
Time remaining : 00:17:32
Informations
- Virtual environnement chosen : AppArmorJail1
- Description : Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"
When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...
Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:
#include <tunables/global>
profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/home/app-script-ch27/bash px -> bashprof1,
}
profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/bash>
network,
capability,
deny mount,
umount,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/ r,
/** mrwlk,
/bin/** ix,
/usr/bin/** ix,
/lib/x86_64-linux-gnu/ld-*.so mrUx,
deny /home/app-script-ch27/flag.txt r,
}- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Start the challenge Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- 0xFFFFFFFFFF (choice : AppArmorJail1, ready)
- JIJI (choice : AppArmorJail1, ready)
World Map
35 Available rooms
| Room ↓↑ | Virtual environnement chosen | State | Attackers count |
| ctf01 | OpenClassrooms - DVWA |
 Time remaining : 03:05:35 |
5 jonasam, Esma, Matt6875, Aimé, BigSmoke |
| ctf02 | Mr. Robot 1 |
Time remaining : 00:33:55 |
2 chaosad, Celier |
| ctf03 | Well-Known |
Time remaining : 00:48:26 |
1 Haze |
| ctf04 | Relative Path Overwrite |
Time remaining : 01:52:03 |
1 0x93 |
| ctf05 |
|
0 | |
| ctf06 |
|
0 | |
| ctf07 |
|
0 | |
| ctf08 | AppArmorJail1 |
Time remaining : 00:17:32 |
2 0xFFFFFFFFFF, JIJI |
| ctf09 |
|
0 | |
| ctf10 |
|
0 | |
| ctf11 | Bee-box v1 |
Time remaining : 02:57:41 |
1 te0chew |
| ctf12 | Well-Known |
Time remaining : 02:34:10 |
1 lark |
| ctf13 | End Droid |
Time remaining : 02:48:06 |
2 Esad, Hack2m |
| ctf14 | BBQ Factory |
Time remaining : 02:20:00 |
1 Vivien |
| ctf15 |
|
0 | |
| ctf16 |
|
0 | |
| ctf17 |
|
0 | |
| ctf18 | Windows XP pro 01 |
Time remaining : 00:21:47 |
1 gmsec |
| ctf19 |
|
0 | |
| ctf20 |
|
0 | |
| ctf21 |
|
0 | |
| ctf22 |
|
0 | |
| ctf23 | Windows - krbtgt reuse |
Time remaining : 01:19:19 |
2 wadesky, siqox |
| ctf24 |
|
0 | |
| ctf25 |
|
0 | |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf32 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | Awky | 1 | 4 March 2019 at 11:41 | - |
| - | Hopital Bozobe | 0 | 4 March 2019 at 10:10 | - |
| - | /dev/random : Pipe | 1 | 4 March 2019 at 09:51 | - |
| - | Metasploitable | 1 | 4 March 2019 at 11:32 | - |
| - | Metasploitable 2 | 2 | 4 March 2019 at 09:07 | - |