Virtual environnement to attack can be reached at : ctf01.root-me.org

Time remaining : 03:55:25

Informations

Virtual environnement chosen : AppArmorJail1
Description :
Attention : this CTF-ATD is linked to the challenge "AppArmor Jail - Introduction"

When connecting to the administrator’s server, a restricted shell via an AppArmor policy prevents you from reading the flag even though you are the owner...

Find a way to read the flag at any cost and override the AppArmor policy in place which is configured as follows:

#include <tunables/global> profile docker_chall01 flags=(attach_disconnected,mediate_deleted) { #include <abstractions/base> network, capability, file, umount, signal (send,receive), deny mount, deny /sys/[^f]*/** wklx, deny /sys/f[^s]*/** wklx, deny /sys/fs/[^c]*/** wklx, deny /sys/fs/c[^g]*/** wklx, deny /sys/fs/cg[^r]*/** wklx, deny /sys/firmware/** rwklx, deny /sys/kernel/security/** rwklx, deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir) # deny write to files not in /proc/<number>/** or /proc/sys/** deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w, deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel) deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/ deny @{PROC}/sysrq-trigger rwklx, deny @{PROC}/kcore rwklx, /home/app-script-ch27/bash px -> bashprof1, } profile bashprof1 flags=(attach_disconnected,mediate_deleted) { #include <abstractions/base> #include <abstractions/bash> network, capability, deny mount, umount, signal (send,receive), deny /sys/[^f]*/** wklx, deny /sys/f[^s]*/** wklx, deny /sys/fs/[^c]*/** wklx, deny /sys/fs/c[^g]*/** wklx, deny /sys/fs/cg[^r]*/** wklx, deny /sys/firmware/** rwklx, deny /sys/kernel/security/** rwklx, deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir) # deny write to files not in /proc/<number>/** or /proc/sys/** deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9]*}/** w, deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel) deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/ deny @{PROC}/sysrq-trigger rwklx, deny @{PROC}/kcore rwklx, / r, /** mrwlk, /bin/** ix, /usr/bin/** ix, /lib/x86_64-linux-gnu/ld-*.so mrUx, deny /home/app-script-ch27/flag.txt r, }
- Start the CTF-ATD "AppArmorJail1"
- Connect via SSH to the machine on port 22222 (app-script-ch27:app-script-ch27)
- The challenge validation password is in the /home/app-script-ch27/flag.txt file
- The validation password of the CTF ATD is in the file /passwd
Start the challenge Game duration : 240 min
Validation flag is stored in the file /passwd
Only registered players for this game can attack the virtual environnement.
A tempo prevent game starting to early or too late.
Game will start when one player has choosen his virtual environnement and declared himself as ready.

Player's list

thrr (choice : AppArmorJail1, ready)

World Map

35 Available rooms

Room	Virtual environnement chosen	State	Attackers count
ctf01	AppArmorJail1	Time remaining : 03:55:25	1 thrr
ctf02			0
ctf03			0
ctf04			0
ctf05			0
ctf06			0
ctf07			0
ctf08			0
ctf09			0
ctf10			0
ctf11			0
ctf12			0
ctf13			0
ctf14			0
ctf15			0
ctf16			0
ctf17			0
ctf18			0
ctf19	SSRF Box	Time remaining : 01:23:43	1 hilariogao
ctf20			0
ctf21			0
ctf22			0
ctf23			0
ctf24			0
ctf25			0
ctf26			0
ctf27			0
ctf28			0
ctf29			0
ctf30			0
ctf31			0
ctf32			0
ctf33			0
ctf34			0
ctf35			0

CTF Results

Pseudo	Virtual Environnement	Attackers count	Time start	Environnement compromised in
-	Mr. Robot 1	1	26 February 2019 at 19:53	-
-	SSRF Box	3	26 February 2019 at 19:38	-
-	SamBox v1	1	26 February 2019 at 20:09	-
-	Metasploitable	2	26 February 2019 at 21:00	-
ROBIL	LAMP security CTF5	3	26 February 2019 at 18:46	1h51

Room 1 : Join the game

Informations

Player's list

World Map

35 Available rooms

CTF Results