Software Security - S17

CSE 545

Assignment 3—Binary Pwnage

Assignment 3 is due 4/1/17 on or before 11:59:59pm MST.

Description

Your goal is to break a series of x86 binaries using the full range of your hacking skills.

Everyone in the class will be sent a user account name and password, along with IP address and port. You have a local account on this server that starts at group level1.

Every challenge is at /var/challenge/level<X> where <X> is replaced by the level numbers. So, at the start, you have access to /var/challenge/level1.

From there, once you break the binary (usually called the level number, 1 in the case of the first level), you want to execute the provided program l33t. This will upgrade you to the next level. Note that you will need to log out, then back into the server to see the upgraded level. Otherwise, you could use one of these tricks.

The score program will output the current scores of all users on the system.

Note that you cannot attempt level3 until you break level2, and similarly for all levels. This means that you should start early so that you have time to work on difficult/challenging levels.

Tools

You will need to sharpen your Linux hacking toolbelt. You will probably need to become familiar with the following tools to understand the binaries that you want to break:

  • objdump
  • gdb
  • ltrace
  • strace …

Evaluation

You will be awarded points based on how many levels are broken. Levels 1–10 are worth 10 points each, and levels 11–? are worth a token .5 points each. However, who needs points when you see your hacker alias in all its glory on the scoreboard?

Submission Instructions

You will need to submit all source code written for this assignment, and a README. Your README file must contain your name, ASU ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment.

Submit your homework on the course submisison site.