Level: Extreme
Description:
*READ THE RULES OF ENGAGEMENT THOROUGHLY BEFORE ATTEMPTING**
What was that thing that happened this semester that destroyed pretty much everything? Oh yeah, Log4j. It was a pretty big deal, so try your hand at it!
The flag will be located in `/root`
http://byuctf.xyz:40015
**Rules of Engagement**:
- The *only* asset within scope of this challenge is the domain `byuctf.xyz` on port 40015. Note that *.ctfd.io and *.byu.edu are NOT in scope. Do not attempt to compromise any other servers or break into or scan any other ports for this challenge.
- Automated scanning tools are **not** allowed for this challenge.
- Since the goal is to gain root access, the bug bounty program (details [here](https://byu.ctfd.io/ctf-bug-bounty)) does *not* apply. In addition, we understand that participants may have the ability to break the challenge for other participants since they will have full sudo access. We ask that you **avoid** this behavior to not ruin the learning experience for everyone.
- If we find out you have intentionally broken the challenge to prevent others from getting a flag, you will be immediately banned from the competition and removed from the scoreboard - no questions asked.
- If you break something, change a configuration, remove a service, or believe this has happened (intentionally or otherwise) on the part of someone else, please reach out to Justin Applegate on Slack or at justink.applegate@gmail.com with screenshots and details.
- This challenge runs in a Docker container. To ensure that the challenge's integrity is somewhat constant, we will be rebooting this container at the beginning of each hour (ie 5:00pm on the dot, 6:00pm on the dot, etc.). If you are suddenly kicked out for an unknown reason, this is likely why.
- If you are unsure about ANYTHING, ask Justin!
Exploit log4j by spinning up your own LDAP server (using something like https://github.com/kozmer/log4j-shell-poc/blob/main/poc.py), and either connect to a reverse shell, or exfiltrate the data some other way.
Flag - byuctf{n0w_y0u_kn0w_l0g4j_y@y!}
This challenge is a log4j PoC that runs an HTTP webserver on port 40015. All the proper files are included in here. The command to build the docker container is (when located inside of this directory):
git clone https://github.com/kozmer/log4j-shell-poc && cp Dockerfile log4j-shell-poc/Dockerfile && cd log4j-shell-poc && sudo docker build -t disaster .
The command to start the challenge is:
sudo docker run -p 40015:8080 --detach --name disaster disaster:latest
The command to stop the challenge (since CTRL+C won't work) is:
sudo docker stop disaster
To have the challenge reboot every hour, run crontab -e
as root and insert the line 0 * * * * /path/to/reboot_disaster.sh
.