Virtual environnement to attack can be reached at : ctf01.root-me.org
Time remaining : 02:09:14
Informations
- Virtual environnement chosen : AppArmorJail2
- Description : Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"
The administrator isn’t happy: you’ve managed to bypass his previous AppArmor policy. So he’s improved it so that you can no longer read his precious secrets.
He’s so sure of himself that he’s left the configuration to you in order to taunt you. Show him it was a bad idea!
- #include <tunables/global>
- profile docker_chall_medium flags=(attach_disconnected,mediate_deleted) {
- #include <abstractions/base>
- network,
- capability,
- file,
- umount,
- signal (send,receive),
- deny mount,
- deny /sys/[^f]*/** wklx,
- deny /sys/f[^s]*/** wklx,
- deny /sys/fs/[^c]*/** wklx,
- deny /sys/fs/c[^g]*/** wklx,
- deny /sys/fs/cg[^r]*/** wklx,
- deny /sys/firmware/** rwklx,
- deny /sys/kernel/security/** rwklx,
- deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
- # deny write to files not in /proc/<number>/** or /proc/sys/**
- deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
- deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
- deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
- deny @{PROC}/sysrq-trigger rwklx,
- deny @{PROC}/kcore rwklx,
- /usr/local/bin/sh px -> shprof2,
- deny /home/admin/** w,
- deny /home/admin/flag_here/flag.txt r,
- }
- profile shprof2 flags=(attach_disconnected,mediate_deleted) {
- #include <abstractions/base>
- #include <abstractions/bash>
- network,
- capability,
- mount,
- deny mount cgroup, # prevent container escape
- umount,
- file,
- signal (send,receive),
- deny /sys/[^f]*/** wklx,
- deny /sys/f[^s]*/** wklx,
- deny /sys/fs/[^c]*/** wklx,
- deny /sys/fs/c[^g]*/** wklx,
- deny /sys/fs/cg[^r]*/** wklx,
- deny /sys/firmware/** rwklx,
- deny /sys/kernel/security/** rwklx,
- deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)
- # deny write to files not in /proc/<number>/** or /proc/sys/**
- deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w,
- deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)
- deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/
- deny @{PROC}/sysrq-trigger rwklx,
- deny @{PROC}/kcore rwklx,
- /lib/x86_64-linux-gnu/ld-*.so mr,
- deny /home/admin/** w,
- deny /home/admin/flag_here/flag.txt r,
- }
- Start the "AppArmorJail2" CTF-ATD
- Connect via SSH to machine port 22222 (admin:admin)
- The challenge validation password is in the file /home/admin/flag_here/flag.txt
Do not hesitate to change the password of the admin user so that you are the only one on the machine to carry out your operations. Game duration : 180 min
- Validation flag is stored in the file /passwd
- Only registered players for this game can attack the virtual environnement.
- A tempo prevent game starting to early or too late.
- Game will start when one player has choosen his virtual environnement and declared himself as ready.
Player's list
- Max1Truc (choice : AppArmorJail2, ready)
World Map
CTF Results
Pseudo | Virtual Environnement | Attackers count | Time start | Environnement compromised in |
whitecr0wz | Kioptrix level 3 | 1 | 4 March 2019 at 05:22 | 0h25 |
cysboy | Hopital Bozobe | 1 | 4 March 2019 at 09:08 | 0h19 |
- | Kioptrix level 4 | 0 | 4 March 2019 at 05:09 | - |
whitecr0wz | Kioptrix level 4 | 2 | 4 March 2019 at 05:00 | 0h05 |
- | Imagick | 1 | 4 March 2019 at 03:28 | - |