Assignment 4 (100 points) — HACK ALL THE THINGS
Assignment 4 is an optional assignment that will replace your lowest score on one of the other assignments. It is due 5/1/17 on or before 11:59:59pm MST. No late submissions will be accepted for Assignment 4.
Assignment 4 is composed of 10 different levels each worth 15 points (the maximum number of points you can receive on this assignment is 100, no extra credit).
You must work on Assignment 4 alone (the life of a hacker is tough and lonely). However, the hacker’s life is also competitive, so see where you rank on the scoreboard.
You’ve been hired by a well-known software company to do a pentest of their web infrastructure. They pay well (in a mysterious currency known only as points), however, they will only pay if you find a vulnerability!
They’ve created a special server for you to perform your pentest. You’ll need to login with the same hacker alias/password that you use for the submission site.
No automated tools. The company is paying for your brain, not an automated tool’s brain.
No DOS or brute force attacks. None of the vulnerabilities require brute forcing, so don’t do that, you could affect your fellow security researchers.
To prove that you found a vulnerability,
submit the password on the submission site. To make
it a bit easier to identify, passwords that you need to steal always
start with the prefix
FLG (similar to the PCTF). Of course, each
level has a different password.
No extra credit on this assignment.
If you manage to get root on the server, you will get 50 additional points.