Software Security - S17

CSE 545

Assignment 2

Assignment 2 is due 3/1/17 on or before 11:59:59pm MST.

Part 1 — Bandit (20 points)

For the next homework assignment, you will be hacking on a Linux server. The goal of this assignment is to familiarize yourself with accessing a Linux environment via SSH, along with developing skills on command line interaction and wargames.

First, register for a wechall account. You will need to submit your wechall username so that we can track your progress on the levels. After registering, you will need to link OverTheWire.org to your wechall account by doing the following:

  1. Click “Account” on the top of wechall.net
  2. Clink on the “Linked Sites” button
  3. On the “Select a site” dropdown, select “OverTheWire.org”
  4. Then click the “Link Site” button

Now, OverTheWire.org should show up in your list of linked sites, and we will be able to track your progress on Bandit from your user profile.

Then, the goal is to reach level 20 on the overthewire.org Bandit challenges.

Before you start, be sure to read how to register your bandit progress with wechall and do so. This way, your bandit progress will be captured on wechall, which we will use to grade your progress.

Also, keep track in your README how you solved each level.

Note that Bandit is an open system, and the goal of this assignment is to practice and develop your own skills, so be honorable and do not read walkthroughs.

Submission Instructions

You will need to submit a README. Your README file should contain your name, ASU ID, wechall username, and a description of how your broke each level.

Part 2 — Pentest Brand New Startup (40 points)

A hot new start-up has created a new web service to allow companies to securely execute trusted code.

They’re using part of their huge A-series investment to help them evaluate their new web service.

Word on the street is that they’re using a new-fangled encryption program called chksum.

The start-up has created a file called secret.txt in the working directory. If you can read the contents of this file, then you have successfully broken the service.

The link to the start-up will be distributed on the course mailing list.

Submission Instructions

You will need to submit the secret, files that you used to break the service, and a README. Your README file must contain your name, ASU ID, and a precise description of how you broke the system.

Part 3 — Crack the Password (40 points)

Being able to read assembly code is incredibly important to analyzing binary code for vulnerabilities.

Your challenge is to figure out the correct password that this binary re_check_passwd expects.

Use your knowledge of assembly, and tools such as file, objdump, readelf, and others.

Submission Instructions

You will need to submit the password, any files that you used to crack the password, and a README. Your README file must contain your name, ASU ID, and a precise description of how you cracked the password.

Submission Site

Create an account to submit your homework on the course submisison site.

Please don’t forget your password.