Software Security - F17

CSE 465

Assignment 4 (100 points) — Pwnage

Assignment 4 is due 12/9/17 on or before 11:59:59pm MST. No late submissions will be accepted for this assignment.


Your goal is to break a series of challenges using the full range of your hacking skills, including everything we have covered in class.

Everyone in the class will be sent a username and password. You will use your username and password to SSH into the server located at (using ssh <username>

Every challenge is at /var/challenge/<X> where <X> is the name of the challenge.

Once you break a challenge, you will want to execute the program l33t, which will mark that you broke the level. If you do not execute l33t, then you won’t have broken the level.

You can see how you (and the rest of the students) are doing on assignment 4 by executing the command score.


You will need to sharpen your Linux hacking toolbelt. You might need to become familiar with the following tools to understand the programs that you want to break:

  • objdump
  • gdb
  • ltrace
  • strace …


You will be awarded points based on how many levels you broke. Each level is worth 15 points, with the maximum amount of points that you can achieve is 120 (out of 100).

Submission Instructions

You will need to submit all source code written for this assignment, and a README. Your README file must contain your name, ASU ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment.

Submit your homework on the course submisison site.

Bug Bounty

If you manage to get root on the server, you will get 50 additional points.