Introduction to Information Assurance - F19

CSE 365

Assignment 2

Assignment 2 is due 9/23/19 on or before 11:59:59pm MST.

Part 1 — Bandit (35 points)

For a future homework assignment you will be hacking on a Linux server. The goal of this assignment is to familiarize yourself with accessing a Linux environment via SSH, along with developing skills on command line interaction and wargames.

First, register for a wechall account. You will need to submit your wechall username so that we can track your progress on the levels. After registering, you will need to link OverTheWire.org to your wechall account by doing the following:

  1. Click “Account” on the top of wechall.net
  2. Clink on the “Linked Sites” button
  3. On the “Select a site” dropdown, select “OverTheWire.org”
  4. Then click the “Link Site” button

Now, OverTheWire.org should show up in your list of linked sites, and we will be able to track your progress on Bandit from your user profile.

Then, the goal is to solve the 10 levels (in other words reach level 11) on the overthewire.org Bandit challenges.

Before you start, be sure to read how to register your bandit progress with wechall and do so. This way, your bandit progress will be captured on wechall, which we will use to grade your progress.

Also, keep track in your README how you solved each level.

Note that Bandit is an open system, and the goal of this assignment is to practice and develop your own skills, so be honorable and do not read walkthroughs.

Submission Instructions

You will need to submit a README. Your README file should contain your name, ASU ID, wechall username, and a description of how your broke each level.

Part 2 — DOS this house (65 points)

You’ve been tasked with evaluating the security of smart house lock systems. The client is considering ten different vendors, and the client is particularly considered about Denial of Service attacks.

Show them how insecure smart house lock systems can be.

Samples

Download the samples from the submission system.

Extract the samples

1

tar -xzvf samples.tar.gz

You should now be able to see all the samples:

1

ls -la samples

You should see 10 directors with the 10 samples (a–j):

1
2
3
4
5
6
7
8
9
10

sample_a
sample_b
sample_c
sample_d
sample_e
sample_f
sample_g
sample_h
sample_i
sample_j

Inside every directory is a Makefile, secure_house executable, and the C or C++ source code of the application.

Your goal is to generate input to the application that will cause it to crash. By crash, we mean usually a segmentation fault or otherwise crash or halt execution.

Every sample will be run as the following:

1

./secure_house selina foobar

Goal

Your goal is, for each sample, to create a text file that, when used as the standard input of the sample, causes it to crash.

Here’s an example. You should recreate this on your local machine to ensure that you can crash this program.

Consider the following sample.c program:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#include <stdio.h>
#include <string.h>

int main(int argc, char** argv)
{
   char line[1024];
   char* test = NULL;
   scanf("%1023s", line);
   if (strcmp(line, "crash") == 0)
   {
    // null pointer dereference
    char n = *test;
    printf("you'll never see me\n");
   }
   else
   {
    printf("%s\n", line);
   }
   return 0;
}

Compile the program

1

gcc -o sample_test sample.c

Now, if you create a file in the same directory called test, you can crash the program if test is the following:

1

crash

Test that you can crash the program

1
2

$ ./sample_test < test
Segmentation fault (core dumped)

Grading

For now, consider the entire of part 2 as 100 points (even though it will be scaled down to the overall of 65 points for Assignment 2).

Each sample is worth 15 points, and you can receive a maximum of 105 (out of 100) on this part.

So, if you solve 5 samples, your points on part 2 will be 5*15=75.

If you solve all 10 samples, your points on part 2 will be 105.

Submission Instructions

You will need to submit the file that crashes the sample.

Note that the file that you submit is limited to 1,500 bytes. The submission server will reject files that are larger.

Submission Site

Create an account to submit your assignment for all parts on the course submission site.