Software Security - S16

CSE 545

Assignment 1

Assignment 1 is due 2/10/16 on or before 11:59:59pm MST.

Part 1 (10 points)

Sign up for the course mailing list. Please provide your ASURITE ID number when you register so that we can give you credit for signing up.

Part 2 — Host Discovery (45 points)

The Morris worm spread in part because it was able to discover other hosts that were trusted in an attempt to propagate. In this part, we will create a similar functionality for the world of SSH.

Your goal is to create, in any language, an implementation of the Morris worm’s host discovery functionality.

Your program, when run, will output a list of all host names known and possibly trusted by the current host.

Your program will be a single executable, called discovery.

Interface

You must implement the following command-line interface for your program:

./discovery

The output of discovery is each of the host names discovered by your program, one per line. The order does not matter. Note that a host name is not an IP address.

Your program must look for hosts in the following locations:

Your program must handle permissions correctly and not crash.

Implementation

Your program must work on Ubuntu 14.04 64-bit with the default packages installed. Here is a list of installed packages. You’ll probably need to set up a virtual machine to do the development.

If you wish to use packages that are not installed on Ubuntu 14.04 64-bit by default, please submit a file entitled packages, with a list of the Ubuntu 14.04 64-bit packages that you would like installed before calling make. Each line of packages must be a valid package name, one package per line. The submission system will automatically install all the dependencies that the package lists.

For example, if you were going to write your assignment in Haskell, you could install the GHC compiler with the following packages file:

ghc
ghc-dynamic

Submission Instructions

You will need to submit your source code, along with a Makefile and README. The Makefile must create an executable called discovery when the command make is ran. Your README file should contain your name, ASU ID, and a description of how your program works.

The TA compiled some resources on how to write a Makefile:

Part 3 — Backdoor “Web Server” (45 points)

A critical part of establishing persistence on a system is to leave a “backdoor” that allows the hacker access to the system at a later date, without exploiting the same vulnerabilities (they may be fixed in the meantime). In this assignment, you’ll explore writing a backdoor that pretends to be a web server. A web server makes a great pretense for a backdoor, because web traffic is so prevalent it does not raise red flags and ports 80 and 443 are frequently permitted through firewalls.

Your goal is to create, in any language, a minimal HTTP 1.1 server, based on RFC 2616 from scratch, without using any HTTP libraries (note that using URL parsing libraries are allowed).

For an example, in Python, urllib2 and urllib are not allowed (because they handle the HTTP communication for you), but urlparse is allowed. If you have any questions, just ask.

The name of your backdoor program will be normal_web_server

Interface

You must implement the following command-line interface for your server:

./normal_web_server <port>

Your server should listen for incoming connections to the given port, and respond to most requests with a valid HTTP 1.1 response with the 404 HTTP response code.

It is important that your server support valid HTTP 1.1 requests from HTTP clients (otherwise your backdoor will be detected), and your server should not cause the client to hang or otherwise malfunction.

The backdoor functionality is that when your server receives a GET request for a URL in the form of /exec/<command>, then your server should take <command> and execute it using the equivalent of the system Linuxsys call and the HTTP response will be the stdout of the executed command. The HTTP status code of the response should be 200. Note that there are no limitations to the characters in <command>, in other words it should capture the rest of the requested URL from the / after /exec to the end of the URL.

For instance, an HTTP GET of /exec/ls will return an HTTP response with the body of the output of the execution of the ls command on the server. An HTTP GET of /exec/ls -la will return an HTTP response with the body of the output of the

When the server is killed (Control-C via command prompt or the SIGINT signal is sent to the program), the server should release the port and safely terminate.

Implementation

Your program must work on Ubuntu 14.04 64-bit with the default packages installed. Here is a list of installed packages. You’ll probably need to set up a virtual machine to do the development.

If you wish to use packages that are not installed on Ubuntu 14.04 64-bit by default, please submit a file entitled packages, with a list of the Ubuntu 14.04 64-bit packages that you would like installed before calling make. Each line of packages must be a valid package name, one package per line. The submission system will automatically install all the dependencies that the package lists.

For example, if you were going to write your assignment in Haskell, you could install the GHC compiler with the following packages file:

ghc
ghc-dynamic

Network Server Programming Resources

These are some resources that the TA found to help your in writing a networked server application:

Submission Instructions

You will need to submit your source code, along with a Makefile and README. The Makefile must create your executable, called normal_web_server, when the command make is ran. Your README file should contain your name, ASU ID, and a description of how your program works.

Extra Credit

Implement gzip encoding in Part 3 so that if the client supports gzip encoding, then the server sends the result of the command with gzip encoding.

Submission Site

Create an account to submit your homework on the course submisison site.

Please don’t forget your password.