Information Assurance - S20

CSE 365

Assignment 6 — Pwnage

Assignment 6 is due 5/1/20 on or before 11:59:59pm MST. No late submissions will be accepted for this assignment.


Your goal is to break a series of challenges using the full range of your hacking skills, including everything we have covered in class.

Submit anything on GradeScope to the assignment “Pwnage Account” and your username/password will be provided to you to SSH into the server located at (using ssh <username>

Every challenge is at /var/challenge/<X> where <X> is the name of the challenge.

Once you break a challenge, you will want to execute the program l33t, which will mark that you broke the level. If you do not execute l33t, then you won’t have broken the level.

You can see how you (and the rest of the students) are doing on assignment 6 by executing the command score.


You will need to sharpen your Linux hacking toolbelt. You might need to become familiar with the following tools to understand the programs that you want to break:

  • objdump
  • gdb
  • ltrace
  • strace
  • wireshark
  • scp (to copy files from the server to your local machine) …


You will be awarded points based on how many levels you broke. Each level is worth 1214 points, maximum of 105110 points from levels.

Extra Credit

If you finish 5 levels by 4/24/20 before 11:59:59pm MST, you’ll get an additional 10 points on assignment 6. So, the maximum total points you can recieve on assignment 6 is 120/100.

Submission Instructions

Submit on GradeScope to the assignment “Pwnage” all source code written for this assignment, and a README. Your README file must contain your name, ASU ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment.

Bug Bounty

If you manage to get root on the server, you will get 50 additional points.