Assignment 2
Assignment 2 is due 9/23/19 on or before 11:59:59pm MST.
Part 1 — Bandit (35 points)
For a future homework assignment you will be hacking on a Linux server. The goal of this assignment is to familiarize yourself with accessing a Linux environment via SSH, along with developing skills on command line interaction and wargames.
First, register for a wechall account. You will need to submit your wechall username so that we can track your progress on the levels. After registering, you will need to link OverTheWire.org to your wechall account by doing the following:
- Click “Account” on the top of wechall.net
- Clink on the “Linked Sites” button
- On the “Select a site” dropdown, select “OverTheWire.org”
- Then click the “Link Site” button
Now, OverTheWire.org should show up in your list of linked sites, and we will be able to track your progress on Bandit from your user profile.
Then, the goal is to solve the 10 levels (in other words reach level 11) on the overthewire.org Bandit challenges.
Before you start, be sure to read how to register your bandit progress with wechall and do so. This way, your bandit progress will be captured on wechall, which we will use to grade your progress.
Also, keep track in your README how you solved each level.
Note that Bandit is an open system, and the goal of this assignment is to practice and develop your own skills, so be honorable and do not read walkthroughs.
Submission Instructions
You will need to submit a README. Your README file should contain your name, ASU ID, wechall username, and a description of how your broke each level.
Part 2 — DOS this house (65 points)
You’ve been tasked with evaluating the security of smart house lock systems. The client is considering ten different vendors, and the client is particularly considered about Denial of Service attacks.
Show them how insecure smart house lock systems can be.
Samples
Download the samples from the submission system.
Extract the samples
1
|
|
You should now be able to see all the samples:
1
|
|
You should see 10 directors with the 10 samples (a–j):
1 2 3 4 5 6 7 8 9 10 |
|
Inside every directory is a Makefile
, secure_house
executable, and
the C or C++ source code of the application.
Your goal is to generate input to the application that will cause it to crash. By crash, we mean usually a segmentation fault or otherwise crash or halt execution.
Every sample will be run as the following:
1
|
|
Goal
Your goal is, for each sample, to create a text file that, when used as the standard input of the sample, causes it to crash.
Here’s an example. You should recreate this on your local machine to ensure that you can crash this program.
Consider the following sample.c
program:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
|
Compile the program
1
|
|
Now, if you create a file in the same directory called test
, you can crash the program if test
is the following:
1
|
|
Test that you can crash the program
1 2 |
|
Grading
For now, consider the entire of part 2 as 100 points (even though it will be scaled down to the overall of 65 points for Assignment 2).
Each sample is worth 15 points, and you can receive a maximum of 105 (out of 100) on this part.
So, if you solve 5 samples, your points on part 2 will be 5*15=75
.
If you solve all 10 samples, your points on part 2 will be 105
.
Submission Instructions
You will need to submit the file that crashes the sample.
Note that the file that you submit is limited to 1,500 bytes. The submission server will reject files that are larger.
Submission Site
Create an account to submit your assignment for all parts on the course submission site.