Virtual environnement to attack can be reached at : ctf09.root-me.org
Time remaining : 02:51:49
Informations
- Virtual environnement chosen : root-me-spip
- Description : Attention : this CTF-ATD is linked to the challenge "Root Me, for real"
At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.
The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag ! Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- xerta (choice : root-me-spip, ready)
World Map
CTF Results
Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
- | LAMP security CTF5 | 2 | 2 March 2019 at 21:40 | - |
- | LAMP security CTF5 | 2 | 2 March 2019 at 21:37 | - |
- | ARM FTP box | 2 | 2 March 2019 at 22:01 | - |
DydyG | LAMP security CTF6 | 1 | 2 March 2019 at 21:21 | 1h04 |
DydyG | LAMP security CTF4 | 1 | 2 March 2019 at 20:43 | 0h35 |