marco

teaching » 2012 » secure programming » homework 1

Menu:

• home
• publications
• teaching
• service
• projects
• blog

Homework 1

The deadline for this homework assignment is Sunday, February 3 Tuesday, February 5 2013, at 11:59pm UTC.

Note: read and understand the submission instructions carefully! Failing to comply with the instructions will prevent the grading software to process your assignment.

Part I

Generate a GnuPG public/private key pair (if you don't have one already) for yourself. Have three people in the class sign your key (read the GnuPG manual to find out how this is done). Publish the public key (in ASCII armor format) on a publicly-available web page: it must be possible to download the key using a command line tool, such as wget or curl, and to import it into gpg's keyring by running gpg --import.

Create a file named account.txt that contains your username as recorded in the gpg key, followed by a new line, followed by your student ID, followed by a new line, followed by the URL pointing to the page with your public key, followed by a new line, followed by a hacker nickname of your choice. Your hacker nickname must contain only alphanumeric characters, start with a letter, and be at most 16 characters long. You will use this nickname as your identifier in some of the following assignments, so choose carefully (but be creative…)

Make a cleartext signature of the account.txt file using your secret key. The resulting file must be named account.txt.asc and should be similar to this example. Submit the final file through BOSS the School's submission system.

After the submission has been validated, you will receive a password at the email specified in the gpg key. You will use this password in Part-II (and in other assignments).

Pre-submission checks:

• Is the submission file named account.txt.asc?
• Is the file in the required format?
• Is it signed with your key?
• Is your key signed by 3 other people in the class?

Part II

First, download and import in VirtualBox the challenge VM containing the challenges. The image MD5 is 9538cfeadc0c3fa3bdf9d10db84849e3. This is a VM image containing a number of vulnerable applications for you to exploit. If you are not familiar with running VirtualBox, you may find these instructions useful. After booting the image, it should be reachable at 192.168.56.101 (but you could get a different IP depending on your VirtualBox status).

Second, you will have to log into the control panel, using the nickname that you chose in Part I and the password that you received from me. The control panel is a simple application that allows you to see what challenges are available on the challenge VM, submit solutions to each challenge, and check the current scoreboard.

Read carefully the title and the description of each challenge: they explain how you can access the challenge, what you have to do to solve it, and (sometimes) useful hints. In general, each challenge requires that you exploit a vulnerability to find some information that is not otherwise available (e.g., a secret message).

When you think you have successfully exploited an application and found the solution to the challenge, submit it to the submission page on the control panel. You have unlimited tries (but, please, no brute forcing!) and you will immediately receive a confirmation of whether your solution was correct. Each solved challenge gives you a number of points (in general, more difficult challenges award more points).

Before the assignment deadline, you will also have to submit through the School's submission system one file named solutions.zip containing, for each challenge that you successfully solved, a program named exploit that successfully performs the exploit. Optionally, you can also include in the zip archive a file named README containing a short discussion of additional information, such as interesting findings, alternative exploit techniques, etc. I may give bonus points for the content of README.

More precisely, the zip file must be structured as follows:

solutions/
         README
         challenge1/
                   exploit
         challenge2/
                   exploit
         challenge3/
                   Makefile
                   exploit.c
                   ...
         challenge4/
                   exploit
         challenge5/
                   exploit

Each exploit program must accept one parameter specifying the IP of the machine hosting the challenges. The program must exploit the corresponding vulnerability and its output must contain the secret message. If you need to compile some source file to obtain the exploit executable, provide a Makefile that does that.
The exploit program can be written in any readily-available language, e.g., C, C++, python, ruby, scala, Java.

At the end, I should be able to successfully run the exploit program by running the following commands:

$ test -f Makefile && make
$ ./exploit <IP_OF_MY_TEST_VM>
SECRET