Hello Rootkitty

pwn kernel x86/x64 FCSC 2020 solved on

star star

Description

A machine has been infected with the rootkit Hello Rootkitty, which prevents certain files from being read. Your mission is to help the victim recover the content of the affected files. Once you are connected to SSH (credentials: ctf:ctf), run ./wrapper to start the challenge.

A more complex variant of this challenge is available here: Hello Rootkitty (Harder).

Files

  • docker-compose.yml
  • bzImage
    2.52 MiB – 088a65479baaaee72ff805ce8662f874356ff0521e8ed52d8d756c6e873d06a7
  • initramfs.example.cpio
    3.01 MiB – bd539b9877bdbf6fedc1f896be1b639591f43737d817d274a8e1372d2d4604d1
  • ecsc.ko
    5.35 KiB – 60a0420e6e041a5064900044171cad04334a7aa926a9ec6dc945a64735453fd0

Author

Cryptanalyse

Challenge Instructions

  1. First, download docker-compose.yml:
    curl https://hackropole.fr/challenges/fcsc2020-pwn-hello-rootkitty/docker-compose.public.yml -o docker-compose.yml
  2. Launch the challenge by executing in the same folder:
    docker compose up
  3. Then, in another console, access the challenge with SSH:
    ssh -p 2222 ctf@localhost
⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2023-11-07
voydstack
πŸ‡«πŸ‡·
TeamFrance
2024-10-30
redoste
πŸ‡«πŸ‡·
TeamFrance