running Room 1 : Join the game

Virtual environnement to attack can be reached at : ctf01.root-me.org
Time remaining : 03:19:47

Informations

  • Virtual environnement chosen : AppArmorJail1
  • Description : 
    Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"

    When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...

    Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:

    #include <tunables/global>

    profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       network,
       capability,
       file,
       umount,
       signal (send,receive),
       deny mount,

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       /home/app-script-ch27/bash px -> bashprof1,
     
    }
    profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
       #include <abstractions/base>
       #include <abstractions/bash>
       
       network,
       capability,
       deny mount,
       umount,
       signal (send,receive),

       deny /sys/[^f]*/** wklx,
       deny /sys/f[^s]*/** wklx,
       deny /sys/fs/[^c]*/** wklx,
       deny /sys/fs/c[^g]*/** wklx,
       deny /sys/fs/cg[^r]*/** wklx,
       deny /sys/firmware/** rwklx,
       deny /sys/kernel/security/** rwklx,

       deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)
       # deny write to files not in /proc/<number>/** or /proc/sys/**
       deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
       deny @{PROC}/sys/[^k]** w,  # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
       deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w,  # deny everything except shm* in /proc/sys/kernel/
       deny @{PROC}/sysrq-trigger rwklx,
       deny @{PROC}/kcore rwklx,

       / r,
       /** mrwlk,
       /bin/** ix,
       /usr/bin/** ix,
       /lib/x86_64-linux-gnu/ld-*.so mrUx,
       deny /home/app-script-ch27/flag.txt r,
    }
    • Start the CTF-ATD "AppArmorJail1"
    • Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
    • The challenge validation password is in the /home/app-script-ch27/flag.txt file
    • The validation password of the CTF ATD is in the file /passwd

    Start the challenge Game duration : 240 min

  • Validation flag is stored in the file /passwd
  • Only registered players for this game can attack the virtual environnement.
  • A tempo prevent game starting to early or too late.
  • Game will start when one player has choosen his virtual environnement and declared himself as ready.

Player's list

World Map


0x0 35 Available rooms

Room Virtual environnement chosen State Attackers count
ctf01 AppArmorJail1 running
Time remaining : 03:19:47 		1
alex
ctf02 AppArmorJail2 running
Time remaining : 00:15:35 		1
archi
ctf03 waiting 0
ctf04 /dev/random : Pipe running
Time remaining : 02:55:56 		1
Gabi.py
ctf05 waiting 0
ctf06 SSRF Box running
Time remaining : 00:49:31 		1
hilariogao
ctf07 djangocatz running
Time remaining : 02:06:17 		1
AndreiIsTryngToHack
ctf08 Apprenti-Scraper running
Time remaining : 02:12:03 		1
Incinscible
ctf09 waiting 0
ctf10 OpenClassrooms_SkillProgram_AD1 running
Time remaining : 00:04:20 		1
future12
ctf11 Windows - KerbeRoast running
Time remaining : 00:50:29 		1
bigboylinx
ctf12 waiting 0
ctf13 End Droid running
Time remaining : 03:12:07 		1
Hecate
ctf14 waiting 0
ctf15 waiting 0
ctf16 waiting 0
ctf17 waiting 0
ctf18 waiting 0
ctf19 waiting 0
ctf20 waiting 0
ctf21 waiting 0
ctf22 waiting 0
ctf23 waiting 0
ctf24 waiting 0
ctf25 waiting 0
ctf26 waiting 0
ctf27 waiting 0
ctf28 waiting 0
ctf29 waiting 0
ctf30 waiting 0
ctf31 waiting 0
ctf32 waiting 0
ctf33 waiting 0
ctf34 waiting 0
ctf35 waiting 0

CTF Results CTF Results

Pseudo Virtual Environnement Attackers count Time start Environnement compromised in
- Mr. Robot 1 1 3 March 2019 at 11:17 -
- Acid: Reloaded 0 2 March 2019 at 22:42 -
- Rootkit Cold Case 0 2 March 2019 at 23:55 -
- Vulnix 0 2 March 2019 at 22:16 -
- Awky 1 3 March 2019 at 13:36 -