marco

teaching » 2010 » Network Security » Homework 3

Menu:

• home
• publications
• teaching
• service
• projects
• blog

Homework 3

The deadline for this homework assignment is Monday, March 14, 11:59pm GMT.

Note: read and understand the instructions carefully! Failing to comply with the instructions may prevent you to complete correctly the assignment.

In this assignment, you will have to solve a number of “challenges”. Each challenge requires you to exploit one or more web application vulnerabilities.

Control panel and challenges

First, you will have to log into the control panel, using the nickname that you chose for homework 1 and the password that you received on February 4. The control panel is a simple application that allows you to see what challenges are open, submit solutions to each challenge, and check the current scoreboard.

Read carefully the title and the description of each challenge: they explain what you have to do to solve the challenge and may provides useful hints. In general, each challenge requires that you exploit a web application to find some information (e.g., a secret message). The challenge description also contain a link to the challenge page, where you can start working on exploiting the challenge.

When you think you have exploited the web application and found the solution to the challenge, submit it to the submission page on the control panel. You have unlimited tries (but, please, no brute forcing!) and you will immediately receive a confirmation of whether your solution was correct. Each solved challenge gives you a number of points (in general, more difficult challenges award more points).

Important points:

• The control panel web site is used to manage the challenges: it is not one of the applications to attack.
• The control panel is accessible only from machine on the School's network.
• Challenges are hosted on the blockade host. Access to blockade is only allowed from bastion, and all outgoing traffic from blockade is filtered (except that directed to bastion).
• I may add new challenges from time to time: check the control panel frequently.

Submission instructions

Before the assignment deadline, you will also have to submit through BOSS one file containing, for each challenge that you successfully solved, a brief description of the technique that you used to solve the challenge.

Misc

Accessing the control panel

To access the control panel on cca-0713 from outside of the School's network, you can use ssh's dynamic port forwarding:

1. Open a SOCKS5 proxy (USERNAME is the username on the School's network):

   $ ssh -D localhost:8888 tw.cs.bham.ac.uk -l USERNAME

2. Configure your browser to connect to the Internet through a SOCKS proxy running on localhost:8888
3. Now you should be able to connect to https://cca-0713.cs.bham.ac.uk:8888/

Accessing the challenges

To access the challenges on blockade, you first need to connect to bastion from a machine inside the School's network. If you're connecting from outside of the School's network, you can combine ssh's chaining and its dynamic port forwarding feature as follows:

1. Put the following lines in your ~/.ssh/config file (USERNAME is the username on the School's network):

   Host tw.cs.bham.ac.uk
   User USERNAME
   
   Host bastion.cs.bham.ac.uk
   User USERNAME
   ProxyCommand ssh -q tw.cs.bham.ac.uk /usr/bin/nc %h 22

2. Then connect to bastion opening a SOCKS5 proxy (USERNAME is the username on the School's network):

   $ ssh -D localhost:8889 bastion.cs.bham.ac.uk

3. Configure your browser to connect to the Internet through a SOCKS proxy running on localhost:8889
4. Now you should be able to connect to, for example, http://blockade.cs.bham.ac.uk/~challenge1/