Virtual environnement to attack can be reached at : ctf01.root-me.org
Time remaining : 01:31:22
Informations
- Virtual environnement chosen : AppArmorJail1
- Description : Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"
When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...
Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:
#include <tunables/global>
profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/home/app-script-ch27/bash px -> bashprof1,
}
profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
#include <abstractions/bash>
network,
capability,
deny mount,
umount,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc/<number>/** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/ r,
/** mrwlk,
/bin/** ix,
/usr/bin/** ix,
/lib/x86_64-linux-gnu/ld-*.so mrUx,
deny /home/app-script-ch27/flag.txt r,
}- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Start the challenge Game duration : 240 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- Max1Truc (choice : AppArmorJail1, ready)
- aliago (choice : AppArmorJail1, ready)
World Map
35 Available rooms
| Room | Virtual environnement chosen | State | Attackers count |
| ctf01 | AppArmorJail1 |
 Time remaining : 01:31:22 |
2 Max1Truc, aliago |
| ctf02 | OpenClassrooms - DVWA |
Time remaining : 03:17:10 |
1 ultron_10 |
| ctf03 | SSRF Box |
Time remaining : 03:25:28 |
1 Asuma54 |
| ctf04 | LAMP security CTF7 |
Time remaining : 02:20:18 |
1 MartinRootMe |
| ctf05 | Apprenti-Scraper |
Time remaining : 03:29:52 |
1 archi |
| ctf06 |
|
0 | |
| ctf07 |
|
0 | |
| ctf08 | Windows - krbtgt reuse |
Time remaining : 00:32:05 |
1 DarkInfern010 |
| ctf09 |
|
0 | |
| ctf10 |
|
0 | |
| ctf11 |
|
0 | |
| ctf12 | LAMP security CTF5 |
Time remaining : 00:38:58 |
1 berlinator |
| ctf13 |
|
0 | |
| ctf14 |
|
0 | |
| ctf15 |
|
0 | |
| ctf16 |
|
0 | |
| ctf17 |
|
0 | |
| ctf18 |
|
0 | |
| ctf19 |
|
0 | |
| ctf20 |
|
0 | |
| ctf21 |
|
0 | |
| ctf22 |
|
0 | |
| ctf23 |
|
0 | |
| ctf24 |
|
0 | |
| ctf25 |
|
0 | |
| ctf26 |
|
0 | |
| ctf27 |
|
0 | |
| ctf28 |
|
0 | |
| ctf29 |
|
0 | |
| ctf30 |
|
0 | |
| ctf31 |
|
0 | |
| ctf32 |
|
0 | |
| ctf33 |
|
0 | |
| ctf34 |
|
0 | |
| ctf35 |
|
0 |
CTF Results
| Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
| - | SamBox v3 | 1 | 26 February 2019 at 20:59 | - |
| bUst4gr0 | Ultimate LAMP | 1 | 26 February 2019 at 18:44 | 1h51 |
| - | brainpan1 | 0 | 26 February 2019 at 18:41 | - |
| - | Ultimate LAMP | 2 | 26 February 2019 at 17:47 | - |
| - | VulnVoIP | 1 | 26 February 2019 at 19:43 | - |