Description
Training machine of the SecuriTech challenge. This image is a Debian Linux containing a website accessible on the port 8080. All the challenge can’t be enabled at the same time.
Game duration
180 min.
Description
Windows-XP-pro-01 is a Microsoft Windows XP SP2 desktop station.
Game duration
90 min.
Description
Virtual machine provided by nightrang3r. No hints.
Game duration
240 min.
Description
Virtual machine provided by pynStrom. No hints.
Game duration
240 min.
Description
Kioptrix’s second level.
Game duration
240 min.
Description
Kioptrix’s third level.
Game duration
180 min.
Description
Kioptrix’s fourth level.
Game duration
240 min.
Description
The first challenge provided by LAMPsec.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Root them->challenge177]"
The second challenge provided by LAMPsec.
Game duration
240 min.
Description
The third challenge provided by LAMPsec.
Game duration
240 min.
Description
Metasploitable is an Ubuntu 8.04 server install. A number of vulnerable packages are included, including an install of tomcat, distcc, tikiwiki, twiki, and a MySQL database server.
Game duration
60 min.
Description
Second metasploitable virtual machine provided by Offensive Security.
Game duration
60 min.
Description
Virtual machine provided by Bonsai Information Security exposing w3af’s test website. Learning platform where you’re guided.
Game duration
240 min.
Description
Virtual machine provided by g0tmi1k. No hints.
Game duration
240 min.
Description
Ubuntu-8.04-weak is a Ubuntu Linux 8.04 LAMP server.
Game duration
800 min.
Description
Ultimate LAMP is an Ubuntu 8.04 server install. A number of vulnerable packages are included, including an install of apache, postfix, and a MySQL database server.
Game duration
180 min.
Description
Attention : this CTF-ATD is linked to the challenge "[IPBX - call me maybe->challenge305]"
vm VoIP based on old asterisk version
Game duration
240 min.
Description
Virtual machine provided by RebootUser.
Game duration
180 min.
Description
The eighth challenge provided by LAMPsec.
Game duration
120 min.
Description
LAMPsec’s challenge #7
Game duration
240 min.
Description
The first realistic hackademic challenge (root this box) by mr.pr0n.
Game duration
120 min.
Description
Vulnerable VM with some focus on NoSQL.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v1->challenge447]"
Administrator
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v2->challenge645]"
Exploiting many CVE
Game duration
240 min.
Description
A Linux based VM to start with a simple botnet.
Game duration
240 min.
Description
A botnet to gain control !
Game duration
240 min.
Description
Just a simple botnet infected by Madness Pro to exploit.
Game duration
240 min.
Description
A virtual machine to compromise. By Reboot User.
Game duration
240 min.
Description
A virtual machine to exploit. By barrebas.
Game duration
120 min.
Description
A virtual machine for advanced users to exploit.
Game duration
350 min.
Description
A virtual machine designed by Telspace Systems.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bluebox - Pentest->challenge956]"
Pentest Microsoft environment starting from a webservice on the Internet until the total compromise of the Active Directory domain of the company.
Final goal: get an access to the web application http://srvstaff.bs.corp under the identity of Emmanuel Goldstein (CEO).
Game duration
240 min.
Description
This Virtual Machine contains both network logics and web logics. I have added new concept here and let’s see how many of you think more logically. 🙂
Game duration
240 min.
Description
This Virtual Machine is completely web based. I have added little new concept here and hope people will enjoy solving this.
Game duration
240 min.
Description
The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.
If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.
Game duration
240 min.
Description
The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.
The vulnerable SOAP service is available on http://Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.
If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.
Game duration
240 min.
Description
Root the machine to access /passwd
Game duration
300 min.
Description
A virtual machine to root. By sagi- (@ s4gi_)
Game duration
120 min.
Description
A virtual machine to root. By sagi- (@ s4gi_)
Game duration
120 min.
Description
brainpan1
Game duration
120 min.
Description
Root the machine in order to find your precious.
Game duration
300 min.
Description
Completing "flick" will require some sound thinking, good enumeration skills & time !
Game duration
240 min.
Description
Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live.
You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider.
The .apk may be installed on a phone (though I wont be offended if you don’t trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html).
Game duration
240 min.
Description
A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..
Game duration
240 min.
Description
This is a hard piece to root!
Game duration
300 min.
Description
This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them.
Game duration
240 min.
Description
Before you lies the mainframe of XERXES. Compromise the subsystems and gain root access.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SAP Pentest 000->challenge1338]" and "[SAP Pentest 007->challenge1334]"
The company BS-CORP decided to have an ERP to fulfils its potential.
However, they wondered whether the data are safe.
To verify this, you are mandated to perform a pentest on their new application.
Get the flag in the file /passwd to validate this CTF.
The challenges "SAP Pentest 007" and "SAP Pentest 000" on RootMe give you more goals.
Game duration
240 min.
Description
Based on the show "Mr. Robot". Your goal is to retrieve the 3 hidden flags. You can validate the CTF-ATD with the last flag.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bluebox 2 - Pentest->challenge1523]"
The JZ company and its subsudiary corporation BS ask you a pentest to see how far can dig a skilled hacker on Internet. Only the ctfxx.root-me.org fqdn is provided.
The CTF-ATD validation password is on DC1 in C:\passwd
Some useful informations about the company JZ:
– The Active Directory implies a strong password policy. Bruteforcing the Windows Administrator account is pointless.
Don’t forget :
– It’s a CTF made of several machines;
– Only one of these machines is accessible through Internet.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v3->challenge1539]"
Your goal is simple: compromise the virtual environment "SamBox v3".
This environment consists of 2 servers of which only 1 is accessible from the Internet.
The validation password is in the /root directory of the 2nd server.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Imagick->challenge1554]"
A new site offers some tools for image processing, the site is still in development but some tools are already online!
Game duration
120 min.
Description
I’ve tried to mix things up a little on this one, and have used the feedback from #vulnhub to make this VM a little more challenging (I hope).
Since you’re not a Teuchter, I’ll offer some hints to you:
Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way.
To consider this VM complete, you need to have obtained:
– Troll Flag: where you normally look for them
– Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.
– Flag 2: It will include a final challenge to confirm you hit the jackpot.
– Have root everywhere (this will make sense once you’re in the VM)
– User passwords
– 2 VNC passwords
Best of luck! If you get stuck, eat some EXTRABACON
NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack.
Game duration
240 min.
Description
Virtual machine created for the Hackfest 2016.
Game duration
240 min.
Description
Virtual machine created for the Hackfest 2016.
Game duration
240 min.
Description
A machine that will challenge your skills (web, dev exploit, cracking,..).
Game duration
240 min.
Description
The challenges consist of varying vulnerabilities and anti-debugger tricks in binaries, such as:
- Stack-based Buffer Overflows
- Format String Vulnerabilities
- Heap-based Buffer Overflows
- Detection of tracing
- Insecure validation of credentials
- and more… don’t want to give you all the good details eh?
SSH access :
- User: n00b
- Password: n00b
Note: ASLR must be disabled, log in as level17:madpwnage, and run “echo 0 > /proc/sys/kernel/randomize_va_space”. Also, challenge 3, is only a DoS challenge. This is the beta, so there are still glitches.
Full description : https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/
Game duration
240 min.
Description
Welcome to Droopy. This is a beginner’s boot2root/CTF VM.
There’s 2 hints I would offer you:
- Grab a copy of the rockyou wordlist.
- It’s fun to read other people’s email.
Game duration
240 min.
Description
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.
Username: level0
Password: warmup
Game duration
240 min.
Description
Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea?
Hint: Enumerate, enumerate, and enumerate!
Game duration
240 min.
Description
Hack it, reach root and capture the flag.
Enumeration is the key.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bash/Awk - netstat parsing->challenge1681]"
After some network troubles, our administrator has written a script that monitors the processes that have a SYN Backlog full. For the moment, this script just write the relevant information on stdout.
- Log into SSH on the machine (user / password) and get root permissions by exploiting a vulnerability in the script.
- The challenge validation password is in the file /srv/syn_backlog/passwd.
- The CTF-ATD validation password is in the file /passwd.
Game duration
120 min.
Description
Welcome to Quaoar
This is a vulnerable machine created for the Hackfest 2016 CTF : http://hackfest.ca/
Goal: This machine is intended to be doable by someone who is interested in learning computer security. Get a shell and get root to get the flag in the file /passwd.
Game duration
240 min.
Description
Fuku (pronounced "far queue") CTF is designed to fuck with people.
There are a few flag.txt files to grab. The final one is in the /passwd file. However, the ultimate goal is to get a root shell.
Scenario
"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."
Hints
Some scripting will probably be needed to find a useful port.
If the machine seems to go down after a while, it probably hasn’t. This CTF isn’t called Fuku for nothing!
Author: Robert Winkel
Game duration
240 min.
Description
There are a few flag.txt files around to grab. /passwd is your ultimate goal.
Hints:
This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.
Author: Robert Winkel
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[ARM FTP Box->challenge1689]"
My company asked me to develop a small FTP server for an IOT project. I found one on Github that should do the trick. Why reinvent the wheel?
If you can, find vulnerabilities on the FTP service and exploit them to get a shell on the machine, then find the way to get root privileges.
- The FTP service is running on the TCP/2121 port.
- Challenge validation password is in the /passwd-challenge file.
- The CTF-ATD validation password is in the /passwd file.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Highway to shell->challenge1775]"
After being hacked several times on their windows infrastructures, BS Corp decides to create his own SOC.
The team worked to migrate some services under linux environement.Show them that it is not enough !
- Highway to shell challenge flag is located in /root folder
- CTF AD password is located in /passwd file
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Server Side Request Forgery->challenge1783]"
Your goal is simple: compromise the virtual environment "SSRF Box".
The validation password of challenge (Realist) is in the /root directory.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bozobe Hospital->challenge1785]"
Your goal is simple: compromise the virtual environment "Bozobe Hospistal".
Game duration
240 min.
Description
We found this Linux machine that was running in 2003. At the time, we suspected an infection but we had never managed to find the origin.
Show us your skills by analyzing the running machine. Your goal is to recover the password of the stolen user and the PID of the malicious process.
This machine is associated with the "Forensic / Cold case" challenge.
Game duration
120 min.
Description
You have just arrived on the team and your sysadmin colleague refuses to give you root rights because "it’s too early".
You tell him that you will find the way to elevate your privileges to get the root account of the machine. Your colleague laughs and tells you that he will regularly go to the server to wish you good luck!
Credentials : admin / admin
Game duration
60 min.
Description
This is my very first public Boot2Root, It’s intended to be more of a fun game than a serious hacking challenge. Hopefully anyone interested enough to give it a try will enjoy the story with this one.
It is based on the StarWars storyline and is designed to Troll you in a fun way.
Just be warned, it’s littered with more than a few “Red Herrings” ;D
There are 6 flags to collect. Each in the format of flag1ZXhhbXBsZSBmbGFnCg== Beat the Empire and steal the plans for the Death Star before its too late.
I Hope You Enjoy It.
Game duration
240 min.
Description
This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally.
This VM is specifically intended for newcomers to penetration testing. If you’re a beginner, you should hopefully find the difficulty of the VM to be just right.
Your goal is to remotely attack the VM and gain root privileges. Once you’ve finished, try to find other vectors you might have missed!
Game duration
120 min.
Description
Get the flag
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[BBQ Factory - Back To The Grill->challenge2049]" and "[BBQ Factory - First Flirt->challenge2047]"
King Heenok is convinced of the security of his online sales platform, convince the contrary by retrieving the contents of the flags files placed at the root of the different servers.
Game duration
600 min.
Description
Boot2root machine for educational purposes
Our first boot2root machine, execute /flag to complete the game.
Try your skills against an environment protected by IDS and sandboxes!
“Our product Rashomon IPS is so good, even we use it!” they claim.
Game duration
240 min.
Description
The Milburg Highschool Server has just been attacked, the IT staff have taken down their windows server and are now setting up a linux server running Debian. Could there a few weak points in the new unfinished server?
Your Goal is to get the flag in /
Hints: Remember to look for hidden info/files
Game duration
240 min.
Description
Boot2root challenges aim to create a safe environment where you can perform real-world penetration testing on an (intentionally) vulnerable target.
This workshop will provide you with a custom-made VM where the goal is to obtain root level access on it.
This is a great chance for people who want to get into pentesting but don’t know where to start.
Game duration
240 min.
Description
Three years have passed since Bulldog Industries suffered several data breaches. In that time they have recovered and re-branded as Bulldog.social, an up and coming social media company. Can you take on this new challenge and get root on their production web server?
This is a Standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you!
Difficulty: Intermediate, there are some things you may have never seen before. Think everything through very carefully :)
Game duration
240 min.
Description
Bulldog Industries recently had its website defaced and owned by the malicious German Shepherd Hack Team. Could this mean there are more vulnerabilities to exploit? Why don’t you find out? :)
This is a standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you!
Difficulty: Beginner/Intermediate, if you get stuck, try to figure out all the different ways you can interact with the system. That’s my only hint ;)
Made by Nick Frichette (frichetten.com) Twitter: @frichette_n
Game duration
240 min.
Description
Chainrulz: 1.0.1 is a vulnerable machine hosted on VulnHub and was created by Askar for “Jordan’s top hacker 2018 CTF” competition. It tells the story of Frank, a web developer, who loves to follow patterns. It’s quite an enjoyable box, that requires a few tricks and some strong enumeration skills to complete.
Game duration
240 min.
Description
Covfefe is my Debian 9 based B2R VM, originally created as a CTF for SecTalks_BNE. It has three flags.
Game duration
240 min.
Description
This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made. That being said, it will depend on you how hard it is :D It’s filled with a few little things to make the player smile.
Again there are a few “Red Herrings”, and enumeration is key.
There are 7 flags to collect, designed to get progressively more difficult to obtain
Game duration
240 min.
Description
These four virtual machines were created by members of the VulnHub CTF Team for DefCon Toronto’s first offline CTF.
They have been tested with VirtualBox, and will obtain an IP address via DHCP upon bootup. Difficulty ranges from beginner to intermediate.
- DC416 Basement by @barrebas
- DC416 Baffle by @superkojiman
- DC416 Dick Dastardly by @_RastaMouse
- DC416 Fortress by @superkojiman
Each machine has a landing page on port 80 which describes the number of flags it has, along with any additional rules or hints.
Enjoy!
Game duration
240 min.
Description
These four virtual machines were created by members of the VulnHub CTF Team for DefCon Toronto’s first offline CTF.
They have been tested with VirtualBox, and will obtain an IP address via DHCP upon bootup. Difficulty ranges from beginner to intermediate.
- DC416 Basement by @barrebas
- DC416 Baffle by @superkojiman
- DC416 Dick Dastardly by @_RastaMouse
- DC416 Fortress by @superkojiman
Each machine has a landing page on port 80 which describes the number of flags it has, along with any additional rules or hints.
Enjoy!
Game duration
240 min.
Description
These four virtual machines were created by members of the VulnHub CTF Team for DefCon Toronto’s first offline CTF.
They have been tested with VirtualBox, and will obtain an IP address via DHCP upon bootup. Difficulty ranges from beginner to intermediate.
- DC416 Basement by @barrebas
- DC416 Baffle by @superkojiman
- DC416 Dick Dastardly by @_RastaMouse
- DC416 Fortress by @superkojiman
Each machine has a landing page on port 80 which describes the number of flags it has, along with any additional rules or hints.
Enjoy!
Game duration
240 min.
Description
Many times while conducting a pentest, I need to script something up to make my life easier or to quickly test an attack idea or vector. Recently I came across an interesting command injection vector on a web application sitting on a client’s internet-facing estate. There was a page, running in Java, that allowed me to type arbitrary commands into a form, and have it execute them. While developer-provided webshells are always nice, there were a few caveats. The page was expecting directory listing style output, which was then parsed and reformatted. If the output didn’t match this parsing, no output to me. Additionally, there was no egress. ICMP, and all TCP/UDP ports including DNS were blocked outbound.
I was still able to leverage the command injection to compromise not just the server, but the entire infrastructure it was running on. After the dust settled, the critical report was made, and the vulnerability was closed, I thought the entire attack path was kind of fun, and decided to share how I went about it.
Game duration
240 min.
Description
Mr. Derp and Uncle Stinky are two system administrators who are starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their own system which is almost ready to go live...
This is a boot2root Ubuntu based virtual machine. It was designed to model some of the earlier machines I encountered during my OSCP labs also with a few minor curve-balls but nothing too fancy. Stick to your classic hacking methodology and enumerate all the things!
Your goal is to remotely attack the VM and find all 4 flags eventually leading you to full root access. Don’t forget to #tryharder
Example: flag1(AB0BFD73DAAEC7912DCDCA1BA0BA3D05). Do not waste time decrypting the hash in the flag as it has no value in the challenge other than an identifier.
Game duration
240 min.
Description
Welcome to "IMF", my first Boot2Root virtual machine. IMF is a intelligence agency that you must hack to get all flags and ultimately root. The flags start off easy and get harder as you progress. Each flag contains a hint to the next flag. I hope you enjoy this VM and learn something.
Game duration
240 min.
Description
There are five flags on this machine. Try to find them. It takes 1.5 hour on average to find all flags.
Game duration
240 min.
Description
Kevgir has designed by canyoupwnme team for training, hacking practices and exploiting. Kevgir has lots of vulnerable services and web applications for testing. We are happy to announced that.
Have fun!
Default username:pass => user:resu
- Bruteforce Attacks
- Web Application Vulnerabilities
- Hacking with Redis
- Hacking with Tomcat, Jenkins
- Hacking with Misconfigurations
- Hacking with CMS Exploits
- Local Privilege Escalation
- And other vulnerabilities.
Game duration
240 min.
Description
Here at in.security we wanted to develop a Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will help you to perfect your local privilege escalation skills, techniques and toolsets. There are a number challenges which range from fairly easy to intermediate level and we’re excited to see the methods you use to solve them!
To get started you can log onto the host with the credentials: bob/secret
Game duration
240 min.
Description
You’ve received intelligence of a new Villain investing heavily into Space and Laser Technologies. Although the Villian is unknown we know the motives are ominous and apocalyptic.
Hack into the Moonraker system and discover who’s behind these menacing plans once and for all. Find and destroy the Villain before it’s too late!
Learning Objectives: Client-side Attacks, NoSQL, RESTful, NodeJS, Linux Enumeration and Google-fu.
Good luck and have fun!
Game duration
240 min.
Description
Welcome to The Owl Nest Owls are lovely but hates you :) and maybe after this one, you will hate them too.
Notes from the author: I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players :) Even if the machine was tested, maybe there are shortcuts to reach the flag.. hopefully not :)
Expect some curve balls :)
Was used at ESC 2014 CTF
Game duration
240 min.
Description
Raven 2 is an intermediate level boot2root VM. There are four flags to capture. After multiple breaches, Raven Security has taken extra steps to harden their web server to prevent hackers from getting in. Can you still breach Raven?
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v4->challenge2014]"
You are mandated to conduct a redteam assessment of a company. From the company’s parking garage you managed to capture Wi-Fi traffic, but alas it’s proven impossible to crack the WPA key. The next logical step is to attack the company through the internet.
Your objective is to obtain total control of all servers so that you may collect individual flags for each of them.
The flag to validate is made as following "flag server1 content+flag server2 content+flag server3 content+flag server4 content" without the "+".
The CTFATD validation file « passwd » is in the directory « C :\Documents and Settings\Administrator> ».
Note :
The downloadable archive is to be decrypted using the contents of the "2nd-part-flag.txt" as a password. By using this archive you should then be able to understand the joined PCAP file.
Download the files before launching the CTF :
Also, don’t forget that :
- this CTF has several machines to pwn
- only one of those is connected to the internet
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Django unchained->challenge2023]"
A web developper has migrated his app to Django but he didn’t respect Django’s best practices.
You have to find out what he has done wrong!
Game duration
240 min.
Description
Get the flag
Game duration
240 min.
Description
Get the flag
Game duration
240 min.
Description
BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flag and one r00t flag. Each Flag leads to another Flag and flag format is flagblahblah.
VM Difficulty Level: Beginner/Intermediate
Game duration
240 min.
Description
Hack it, reach root and capture the flag.
Enumeration is the key.
Game duration
240 min.
Description
bee-box is a custom Linux VM pre-installed with bWAPP.
With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It’s even possible to hack the bee-box to get root access...
Game duration
240 min.
Description
We’ve packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 :)
All the best!
- Username: securitytube
- Password: 123321
Game duration
240 min.
Description
DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.
It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.
Game duration
60 min.
Description
This machine hopes to inspire BRAVERY in you; this machine may surprise you from the outside. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made more nefarious than the original.
Game duration
240 min.
Description
This machine reminds us of a DEVELOPMENT environment: misconfigurations rule the roost. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made slightly more nefarious than the original.
Note: Some users report the box may seem to be "unstable" with aggressive scanning. The homepage gives a clue why.
Game duration
240 min.
Description
This is my first boot2root - CTF VM. I hope you enjoy it.
Level: I think the level of this boot2root challange is hard or intermediate.
Try harder!: If you are confused or frustrated don’t forget that enumeration is the key!
Game duration
240 min.
Description
Difficulty level to get limited shell: Intermediate or advanced
Difficulty level for privilege escalation: No idea
Game duration
240 min.
Description
Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege.
Game duration
240 min.
Description
Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.
Game duration
240 min.
Description
Gittysburg is an intermediate level boot2root vulnerable VM. There are four flags to capture. Will you be able to git root?
CAUTION: after booting, wait at least 10 minutes, until all the services start correctly.
Game duration
240 min.
Description
This was used in HackDay Albania’s 2016 CTF.
The level is beginner to intermediate .
Game duration
240 min.
Description
Your job is to escalate to root, and find the flag.
Game duration
240 min.
Description
A Boot2Root machine with hints of CTF.
In total there are 3 flags and you will be required to use some CTF skills to solve it.
Game duration
240 min.
Description
Would you like to keep hacking in your own lab?
Try this brand new vulnerable machine! "Lampião 1".
Get root!
Level: Easy
Game duration
240 min.
Description
Difficulty: Beginner - Intermediate
Boot2root created out of frustration from failing my first OSCP exam attempt.
Game duration
240 min.
Description
Your job is to escalate to root, and find the flag.
Game duration
240 min.
Description
A Python developer has put a website online. Your goal is to compromise the different users of the server and gain root privileges.
There are 4 flags to retrieve, they are in md5 format.
- Flag 1: "Persistence is the path to success." - Charlie Chaplin
- Flag 2: "You can always escape from a prison. But freedom?" - Jean-Christophe Grangé
- Flag 3: "The future is a door, the past is the key." - Victor Hugo
- Flag 4: "There is no less blame for concealing a truth than for falsifying a lie." - Etienne Pasquier
Game duration
240 min.
Description
Your job is to escalate to root, and find the flag.
Game duration
240 min.
Description
Christophe is creating a web page for his resistance. Will he succeed?
Flags - /root/flag.txt - /home/christophe/flag.txt
Difficulty: Intermediate
Should not be as easy as to just run a MSF module to get root right away, if so please let me know.
Game duration
240 min.
Description
Eric is trying to reach out on the Internet, but is he following best practice?
Flags - /root/flag.txt - /home/eric/flag.txt
Difficulty: Beginner
Game duration
240 min.
Description
Introduction
Lately, I’ve been enjoying creating hacking challenges for the security community. This new challenge encapsulates a company, entitled – The Ether, who has proclaimed an elixir that considerably alters human welfare. The CDC has become suspicious of this group due to the nature of the product they are developing.
The Goal
The goal is to find out what The Ether is up to. You will be required to break into their server, root the machine, and retrieve the flag. The flag will contain more information about The Ether’s ominous operations regarding this medicine.
Any Hints?
This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, I say this to keep you on track. This challenge is designed test you on multiple areas and it’s not for the feint of heart!
Last Words
Whatever you do, do not give up! Exhaust all of your options! Looking forward to have OSCPs take this challenge. As always, good luck, have fun, God bless, and may the s0urce be with you.
Game duration
240 min.
Description
Typhoon VM contains several vulnerabilities and configuration errors. Typhoon can be used to test vulnerabilities in network services, configuration errors, vulnerable web applications, password cracking attacks, privilege escalation attacks, post exploitation steps, information gathering and DNS attacks. Prisma trainings involve practical use of Typhoon.
Game duration
240 min.
Description
Replay is a sequel to Bob my first CTF. What sort of terrible redneck netsec engineering has Bob done now?
Your Goal is to get root and read /flag.txt
Note: There are three difficulties Hard: No Changelog.txt, no hex editor Mid: Read Changelog.txt, no hex editor Easy: Anything goes
Game duration
240 min.
Description
A self-claimed shell guru tried to list some good bash habits, but blatantly failed. He wrote this script as a privileged user and made mistakes. Find the bug(s) and get the flags :
- Challenge "Bash considered harmful" flag in /root/flag
- CTF-ATD flag in /passwd
Credentials : sysadmin / sysadmin
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bash - System Disaster->challenge2224]"
A self-claimed shell guru tried to list some good bash habits, but blatantly
failed. He made mistakes and you can call this script as root...
Find the bug(s) and get the flags.
- Challenge "System disaster" flag in /home/sysadmin/.passwd
- CTF-ATD flag in /passwd
Credentials : sysadmin / sysadmin
Game duration
120 min.
Description
Connect to the machine in SSH as level1:level1 and collect the different keys.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[In Your Kubernetass->challenge2211]"
The BullshitCorp conglomerate does its best to stay trending and relevant: they’re unveiling their new BSaaS offer to pursue the digital globalization of service-oriented markets and to orchestrate next-generation architectures and deliverables, all based on a Kubernetes cluster and a bunch of long-bearded DevSecOps hipsters fresh out of school.
But this new system is hard to configure properly. Root their infrastructure and have them go back to their reliable 20th century tech.
Rules of engagement:
– only one of the virtual machines of the cluster is exposed to the internet
– the validation passwords are stored on the master node
Game duration
240 min.
Description
DC-4 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
Unlike the previous DC releases, this one is designed primarily for beginners/intermediates. There is only one flag, but technically, multiple entry points and just like last time, no clues.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward.
Game duration
240 min.
Description
DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
This isn’t an overly difficult challenge so should be great for beginners.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward.
Hint:
OK, this isn’t really a clue as such, but more of some "we don’t want to spend five years waiting for a certain process to finish" kind of advice for those who just want to get on with the job.
cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. 😉
Game duration
240 min.
Description
DC-7 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
While this isn’t an overly technical challenge, it isn’t exactly easy.
While it’s kind of a logical progression from an earlier DC release (I won’t tell you which one), there are some new concepts involved, but you will need to figure those out for yourself. 🙂 If you need to resort to brute forcing or dictionary attacks, you probably won’t succeed.
What you will need to do, is to think "outside" of the box.
Waaaaaay "outside" of the box. 🙂
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward.
Game duration
240 min.
Description
DC-9 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Well-Known->challenge2262]"
Audit this server before it goes into production.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[A bittersweet shellfony->challenge2377]"
My audio website was hacked. I know i have to fix an xss, but there is no admin interface and i haven’t clicked in any malicious link!
Please reproduce the way hackers got inside and tell me how they have done it!
Game duration
240 min.
Description
Root this VM.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SSHocker->challenge2822]"
Goal 1 : Have fun ^.^
Goal 2 : Be root in the host, ASAP !! :)
Goal 3 : Get the flag at /flag.txt
sshpass -p sshocker sshocker@$CHALLENGE
# What you need to know..
root@sshocker:~# grep sshocker /etc/passwd
sshocker:x:1000:1000:sshocker:/home/sshocker:/sshocker.sh
cat /sshocker.sh
#!/bin/bash
docker run --rm -it ubuntu bash -il
Download
A shell can be obtained in 2 commands,
Root can be obtained with one more command,
How many commands will you need?
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Texode->challenge2817]"
Texode Company is a startup of amateur developers and fan of new technologies.
They have set up a dedicated application area accessible to everyone from the index of their site in order to simplify recruitment within their company.
Naive as they are, they have also set up a dedicated area to creating reminders of expenses for their administrative part.. but they tell you that this part is obviously protected and inaccessible from others it’s up to you to try to learn more.
Stand out from other candidates by showing this startup that you will manage to identify vulnerabilities in their code and then will succeed to exploit them in order to obtain root privileges on their server and get you recruited !
The validation password of challenge (Realist) is in the /root directory.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Breaking Root-Me like it’s 2020->challenge2823]"
Hey, I’m glad you paid your yearly membership of 15€!
Here’s your backend access for root-me.org, use it with caution! ;)
goodguy@contrib.fr:StronkP4ZZ:)
Flag is located at /flag.txt
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Nodeful->challenge2895]"
Your job is to escalate to root, and find the flag.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Texode Back->challenge2889]"
Your job is to escalate to root, and find the flag.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Getting root Over it !->challenge2967]"
We opened the alpha-test of our new game "Getting root Over it!"! Use this early access to your advantage and take control of the game server.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[DjangocatZ->challenge3004]"
I’m a good dev and I like security, so I use django because it is secure.
It is secure even with shitty code, right? Riiiiiight?
PS: If you see an error message related to "DisallowedHost", this is part of the challenge and is the expected behavior.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Docker - I am groot->challenge3681]"
One of the sysadmins deploys a docker machine as root and with privileges, he tells you that it doesn’t matter because as long as it’s in the container, it’s safe :)
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Root Me, for real->challenge3720]"
At the end of 2021, we were able to authenticate with administrative privileges on the Root-Me backoffice using, among other things, a 0day vulnerability in the SQL engine of SPIP 4.0.0.
The vulnerability has been corrected in version 4.0.1 of the software. This challenge is a simple SPIP site in vulnerable version. Find the bug in your turn, exploit it, and pass root to recover the flag !
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Web Socket - 0 protection->challenge2973]"
A new company is offering a chat service with a bot, which is in alpha at the moment.
This company only gives access to three features, but a friend of yours working there told you that there is more when you manage to authenticate as an admin.
Find the secrets behind this bot !
Game duration
180 min.
Description
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Docker - Talk through me->challenge3683]"
Now that you have shown the system administrator that his containers are not secure, he asks you to connect to test the security of his new container while he deploys a second one.
Game duration
240 min.
Description
An intern has set up a new site for your company. He neglected some basic system administration rules. Exploit every configuration error until you get the administration rights on the machine.
Game duration
240 min.
Description
This environment makes available the vulnerable web application DVWA, by the OWASP. It is offered by Root Me and OpenClassrooms as part of the OpenClassrooms course Réalisez un test d’intrusion Web.
It allows you to carry out several tests explained during the course at your own pace in order to get to grips with the tools, the method and the results obtained: robustness of flow encryption, XSS, SQL injection, path traversal, etc.
Once the fundamentals are mastered, you can practice on the realistic application Juice Shop, thanks to the OpenClassrooms - Juice Shop environment.
Game duration
240 min.
Description
This environment makes available the vulnerable web application Juice Shop, developed by OWASP. It is offered by Root Me and OpenClassrooms as part of the OpenClassrooms course Réalisez un test d’intrusion Web.
It allows you to carry out several tests explained during the course at your own pace, particularly on access control. You can also use it to practice identifying vulnerabilities within a realistic application, once the course is over for example.
If you are looking for a more guided environment at first, OpenClassrooms - DVWA is for you.
Game duration
240 min.
Description
This environment provides a Windows domain controller, containing a number of weaknesses and information to exploit. It is offered by Root-Me and OpenClassrooms as part of the OpenClassrooms course Ensure the security of your Active Directory and your Windows domains. It allows you to carry out several tests explained in the course at your own pace in order to appropriate the tools, the method and the results obtained.
Game duration
240 min.
Description
description_en
Game duration
120 min.
Description
description_en
Game duration
120 min.
Description
description_en
Game duration
120 min.
Description
A scraping service invites you to test your skills by responding an answer to 100 questions in a row to get a gift !
For each question, you will need to provide the requested part of the DOM.
There is no need to root the box.
Ports :
– TCP : 4444
– Web : 8000
Game duration
240 min.
Description
You have been hired to pentest the Matrix management terminal. Prove to all the collaborators that it is not secure at all.
Your credentials : guest:guest
Game duration
240 min.
Description
The DevOps of your SI reports that the Ansible master has been running strange playbooks on machines. You tell him that it was not a good idea to install Ansible on the same machine as the website, but that you will investigate. In prevention, he says he has put the site in maintenance and removed SSH keys on the nodes, but that he has not touched the logs.
Game duration
240 min.
Description
description_en
Game duration
120 min.
Description
OpenClassrooms_SkillProgram_AD1
Game duration
75 min.
Description
Game duration
240 min.
Description
description_en
Game duration
120 min.
Description
Airbus sponsored this challenge for the CTF "Root Me If You Can 2022".
A intern at the end of his internship tried to copy sensitive files of your company on his USB key, fortunately we found some traces of his conquest that we were able to copy in an archive provided. Moreover, there is a rumor that he exfiltrated data to a server belonging to him. Manage to track him down and get root rights to his server before he does any more damage.
Game duration
240 min.
Description
description_en
Game duration
120 min.
Description
description_en
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[AppArmor Jail - Introduction ->challenge4227]"
When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...
Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:
#include
profile docker_chall01 flags=(attach_disconnected,mediate_deleted) {
#include
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc//** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/home/app-script-ch27/bash px -> bashprof1,
}
profile bashprof1 flags=(attach_disconnected,mediate_deleted) {
#include
#include
network,
capability,
deny mount,
umount,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc//** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/ r,
/** mrwlk,
/bin/** ix,
/usr/bin/** ix,
/lib/x86_64-linux-gnu/ld-*.so mrUx,
deny /home/app-script-ch27/flag.txt r,
}
- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[ARP Spoofing Active Listening->challenge4260]"
Your friend assures you that you cannot retrieve confidential information that passes through his network. He is so confident that he gives you access to his LAN via a host that you control.
The flag is the concatenation of the response to a network query, along with the database password, in the following form: reponse:db_password.
- Start the CTF-ATD "ARP Spoofing EcouteActive"
- Log in with SSH on the machine port 22222 (root:root)
- There is no validation of the virtual environment with a /passwd
Do not hesitate to change the password of the root user in order to be alone on the machine to perform your manipulations.
Game duration
60 min.
Description
description_en
Game duration
240 min.
Description
Warning : this CTF-ATD is linked to the challenge "End Droid".
A small group of students wanted to change old habits and choose an old Android phone as a server to host their project management application.
Will you be able to recover the secret communications it contains ?
The file containing the challenge validation flag (Realistic) is in an unknown directory.
The file containing the machine validation flag is in the /data/media/0/ directory.
Game duration
240 min.
Description
Warning : this CTF-ATD is linked to the challenge "[Relative Path Overwrite->challenge4362]".
A new file storage site has been launched. It aims to be light, secure and free, enabling anyone to store and access their files quickly. However, it seems that the developer made a small mistake in developing it. Can you spot it?
- The web server is accessible on port 8080
WARNING: The bot doesn’t have access to the internet and files are cleared very regularly
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[AppArmor Jail - Introduction ->challenge4419]"
The administrator isn’t happy: you’ve managed to bypass his previous AppArmor policy. So he’s improved it so that you can no longer read his precious secrets.
He’s so sure of himself that he’s left the configuration to you in order to taunt you. Show him it was a bad idea!
#include
profile docker_chall_medium flags=(attach_disconnected,mediate_deleted) {
#include
network,
capability,
file,
umount,
signal (send,receive),
deny mount,
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc//** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/usr/local/bin/sh px -> shprof2,
deny /home/admin/** w,
deny /home/admin/flag_here/flag.txt r,
}
profile shprof2 flags=(attach_disconnected,mediate_deleted) {
#include
#include
network,
capability,
mount,
deny mount cgroup, # prevent container escape
umount,
file,
signal (send,receive),
deny /sys/[^f]*/** wklx,
deny /sys/f[^s]*/** wklx,
deny /sys/fs/[^c]*/** wklx,
deny /sys/fs/c[^g]*/** wklx,
deny /sys/fs/cg[^r]*/** wklx,
deny /sys/firmware/** rwklx,
deny /sys/kernel/security/** rwklx,
deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
# deny write to files not in /proc//** or /proc/sys/**
deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
deny @{PROC}/sysrq-trigger rwklx,
deny @{PROC}/kcore rwklx,
/lib/x86_64-linux-gnu/ld-*.so mr,
deny /home/admin/** w,
deny /home/admin/flag_here/flag.txt r,
}
- Start the "AppArmorJail2" CTF-ATD
- Connect via SSH to machine port 22222 (admin:admin)
- The challenge validation password is in the file /home/admin/flag_here/flag.txt
Do not hesitate to change the password of the admin user so that you are the only one on the machine to carry out your operations.
Game duration
180 min.
Description
description_en
Game duration
240 min.
35 Available rooms
CTF Results