The challenge

From xrobau, 1 Year ago, written in Plain Text, viewed 3 times.
URL https://pastebin.freepbx.org/view/647df49d Embed
Download Paste or View Raw
  1. Here is the challenge!
  2.  
  3. JohnMH asserts that he can break out of any docker or systemd-nspawn system. I assert that this is not possible.
  4.  
  5. The only way to resolve this is a battle of the nerds.
  6.  
  7. I, xrobau, have built a VM on 203.4.241.198 running RHEL7.  That VM is running Docker-ce 18.03, and that docker is running an ubuntu:16.04 container.
  8.  
  9. This container is built using the following dockerfile:
  10.  
  11. FROM ubuntu:16.04
  12.  
  13. RUN apt-get update && apt-get install -y openssh-server
  14. RUN mkdir /var/run/sshd
  15. RUN echo 'root:screencast' | chpasswd
  16. RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
  17.  
  18. # SSH login fix. Otherwise user is kicked off after login
  19. RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
  20.  
  21. ENV NOTVISIBLE "in users profile"
  22. RUN echo "export VISIBLE=now" >> /etc/profile
  23.  
  24. EXPOSE 22
  25. CMD ["/usr/sbin/sshd", "-D"]
  26.  
  27. That machine is available on port 2222 of 203.4.241.198 with a root password that has been messaged to JohnMH.
  28.  
  29. PROOF OF COMPROMISE:
  30.  
  31. The following commands have been run on the host:
  32.  
  33. [root@tiny ~]# dd if=/dev/urandom bs=1024 count=1 | base64 > /flag.txt
  34. 1+0 records in
  35. 1+0 records out
  36. 1024 bytes (1.0 kB) copied, 7.4468e-05 s, 13.8 MB/s
  37. [root@tiny ~]# md5sum /flag.txt
  38. 999b332f90b850ab4da0ad62fd6e777b  /flag.txt
  39. [root@tiny ~]# chmod 000 /flag.txt
  40. [root@tiny ~]#
  41.  
  42.  
  43. All JohnMH needs to do is produce a sha256sum of that file.

Reply to "The challenge"

Here you can reply to the paste above