AppArmorJail2

Дата

Валидации

0 Компромиссы 0%

Примечание  Рейтинг

1
2
3
4
5
0 Голосовать

Описание

Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"

The administrator isn’t happy: you’ve managed to bypass his previous AppArmor policy. So he’s improved it so that you can no longer read his precious secrets.

He’s so sure of himself that he’s left the configuration to you in order to taunt you. Show him it was a bad idea!

  1. #include <tunables/global>
  2.  
  3. profile docker_chall_medium flags=(attach_disconnected,mediate_deleted) {
  4. #include <abstractions/base>
  5. network,
  6. capability,
  7. file,
  8. umount,
  9. signal (send,receive),
  10. deny mount,
  11.  
  12. deny /sys/[^f]*/** wklx,
  13. deny /sys/f[^s]*/** wklx,
  14. deny /sys/fs/[^c]*/** wklx,
  15. deny /sys/fs/c[^g]*/** wklx,
  16. deny /sys/fs/cg[^r]*/** wklx,
  17. deny /sys/firmware/** rwklx,
  18. deny /sys/kernel/security/** rwklx,
  19.  
  20. deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
  21. # deny write to files not in /proc/<number>/** or /proc/sys/**
  22. deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
  23. deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
  24. deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
  25. deny @{PROC}/sysrq-trigger rwklx,
  26. deny @{PROC}/kcore rwklx,
  27.  
  28. /usr/local/bin/sh px -> shprof2,
  29. deny /home/admin/** w,
  30. deny /home/admin/flag_here/flag.txt r,
  31. }
  32.  
  33. profile shprof2 flags=(attach_disconnected,mediate_deleted) {
  34. #include <abstractions/base>
  35. #include <abstractions/bash>
  36.  
  37. network,
  38. capability,
  39. mount,
  40. deny mount cgroup, # prevent container escape
  41. umount,
  42. file,
  43. signal (send,receive),
  44.  
  45. deny /sys/[^f]*/** wklx,
  46. deny /sys/f[^s]*/** wklx,
  47. deny /sys/fs/[^c]*/** wklx,
  48. deny /sys/fs/c[^g]*/** wklx,
  49. deny /sys/fs/cg[^r]*/** wklx,
  50. deny /sys/firmware/** rwklx,
  51. deny /sys/kernel/security/** rwklx,
  52.  
  53. deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
  54. # deny write to files not in /proc/<number>/** or /proc/sys/**
  55. deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
  56. deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
  57. deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
  58. deny @{PROC}/sysrq-trigger rwklx,
  59. deny @{PROC}/kcore rwklx,
  60.  
  61. /lib/x86_64-linux-gnu/ld-*.so mr,
  62. deny /home/admin/** w,
  63. deny /home/admin/flag_here/flag.txt r,
  64. }

Скачать

  • Start the "AppArmorJail2" CTF-ATD
  • Connect via SSH to machine port 22222 (admin:admin)
  • The challenge validation password is in the file /home/admin/flag_here/flag.txt

Do not hesitate to change the password of the admin user so that you are the only one on the machine to carry out your operations.

Время компромисса

3 часы

Операционная система

 linux

запустить эту виртуальную среду

 173 Виртуальные среды

Результаты Имя Валидации Трудность  Трудность Автор Примечание  Рейтинг
pas_valide Challenge SecuriTech 1% 13
pas_valide Windows XP pro 01 5% 490 g0uZ
pas_valide Exploit KB Vulnerable Web App 12% 305
pas_valide Holynix v1 24% 292
pas_valide Kioptrix level 2 25% 962
pas_valide Kioptrix level 3 33% 569
pas_valide Kioptrix level 4 35% 459
pas_valide LAMP security CTF4 35% 2687
pas_valide LAMP security CTF5 26% 3826
pas_valide LAMP security CTF6 18% 599
pas_valide Metasploitable 12% 1698
pas_valide Metasploitable 2 40% 8344
pas_valide Moth 21% 107
pas_valide pWnOS 32% 394
pas_valide Ubuntu 8.04 weak 5% 205 g0uZ
pas_valide Ultimate LAMP 18% 147
pas_valide VulnVoIP 17% 826
pas_valide VulnVPN 12% 59
pas_valide LAMP security CTF8 14% 288
pas_valide LAMP security CTF7 39% 879
pas_valide Hackademic RTB1 19% 362
pas_valide No Exploiting Me 14% 54
pas_valide SamBox v1 7% 714 sambecks
pas_valide SamBox v2 13% 951 sambecks
pas_valide RA1NXing Bots 8% 16
pas_valide Murdering Dexter 16% 49
pas_valide LoBOTomy 4% 9
pas_valide Vulnix 2% 12
pas_valide Xerxes 3% 18
pas_valide Infernal Hades 6% 15
pas_valide SkyTower 24% 212
pas_valide Bluebox - Microsoft Pentest 4% 408
pas_valide Acid: Reloaded 18% 174
pas_valide Acid: Server 12% 212
pas_valide CsharpVulnJson 6% 14 notfound404
pas_valide CsharpVulnSoap 11% 8
pas_valide /dev/random : Pipe 5% 233
pas_valide /dev/random : Relativity 7% 96
pas_valide /dev/random : Sleepy 4% 44
pas_valide brainpan1 4% 82
pas_valide LordoftheRoot 25% 227
pas_valide Flick 1 8% 64
pas_valide Flick 2 10% 10
pas_valide FristiLeaks 1.3 29% 214
pas_valide The Purge 5% 14
pas_valide SickOs: 1.1 13% 90
pas_valide Xerxes: 2.0.1 13% 20
pas_valide brainpan2 9% 22
pas_valide brainpan3 6% 6
pas_valide SAP Pentest 7% 284 iggy