Menu:

Feed

RSS feed icon

Homework 2

The deadline for this homework assignment is Wednesday, February 20 2013, at 11:59pm UTC.

Note: read and understand the submission instructions carefully! Failing to comply with the instructions will prevent the grading software to process your assignment.

Memory corruption vulnerabilities

First, download and import in VirtualBox the challenge VM containing the challenges. The image MD5 is 1fd3965f78b036b4b71af45799f22308. This is a VM image containing a number of vulnerable applications for you to exploit. After booting the image, it should be reachable at 192.168.56.101 (but you could get a different IP depending on your VirtualBox status). You can login in the appliance using the credentials secprog/secprog.

Second, you will have to log into the control panel, using your nickname and password. Read carefully the title and the description of each challenge: they explain how you can access the challenge, what you have to do to solve it, and (sometimes) useful hints. In general, each challenge requires that you exploit a memory corruption vulnerability (stack-based or heap-based overflow) to find some information that is not otherwise available (e.g., a secret message).

When you have successfully exploited an application and found the solution to the challenge, submit it to the submission page on the control panel. You have unlimited tries (but, please, no brute forcing!) and you will immediately receive a confirmation of whether your solution was correct. Each solved challenge gives you a number of points (in general, more difficult challenges award more points).

Notice that you are free to do any modification to your VM if that helps you solving the challenge (e.g., adding debugging statements to the original program, running the program inside gdb, etc.). However, the exploit you submit MUST work against a plain version of the VM.

Before the assignment deadline, you will also have to submit through the School's submission system one file named solutions.zip containing, for each challenge that you successfully solved, a program named exploit that successfully performs the exploit. Optionally, you can also include in the zip archive a file named README containing a short discussion of additional information, such as interesting findings, alternative exploit techniques, etc. I may give bonus points for the content of README.

More precisely, the zip file must be structured as follows: 

solutions/
         README
         challenge6/
                   exploit
         challenge7/
                   exploit
         challenge8/
                   Makefile
                   exploit.c
                   ...
         challenge9/
                   exploit
Each exploit program must accept one parameter specifying the IP of the machine hosting the challenges. The program must exploit the corresponding vulnerability and its output must contain the secret message. If you need to compile some source file to obtain the exploit executable, provide a Makefile that does that.
The exploit program can be written in any readily-available language, e.g., C, C++, python, ruby, scala, Java.

At the end, I should be able to successfully run the exploit program by running the following commands: 

$ test -f Makefile && make
$ ./exploit <IP_OF_MY_TEST_VM>
SECRET

Solutions

Here are my exploits. Notice that there are multiple ways of exploiting and solving the challenges; here I focused on explaining the actual exploit technique.