Assignment 3—Binary Pwnage
Assignment 3 is due in two parts.
Part 1 is due 3/13/18 on or before 11:59:59pm MST.
Part 2 is due 3/25/18 on or before 11:59:59pm MST.
Description
Your goal is to break a series of x86 binaries using the full range of your hacking skills.
Your username and password, along with the server IP address and port, are displayed on the assignment page on the submission server.
You have a local account on this server that starts at group level1.
Every challenge is at /var/challenge/level<X> where <X> is
replaced by the level numbers. So, at the start, you have access to
/var/challenge/level1.
From there, once you break the binary (usually called the level
number, 1 in the case of the first level), you want to execute the
provided program l33t (located at /usr/local/bin/l33t). This will
upgrade you to the next level. Note that you will need to log out,
then back into the server to see the upgraded level. Otherwise, you
could use
one of these tricks.
The score program will output the current scores of all users on the
system.
Note that you cannot attempt level3 until you break level2, and similarly for all levels. This means that you should start early so that you have time to work on difficult/challenging levels.
Tools
You will need to sharpen your Linux hacking toolbelt. You will probably need to become familiar with the following tools to understand the binaries that you want to break:
- objdump
- gdb
- ltrace
- strace
- pwntools …
Evaluation
You will be awarded points based on how many levels are broken.
Each level is worth 10 points each based on the due date (100 points total), and levels 11–? will remove a late penalty from Part 1 OR are worth a (token) .5 points each (but not both). Who needs points when you see your hacker alias in all its glory on top of the scoreboard?
Levels 1–5 are considered Part 1 of the assignment, and solving them before the Part 1 deadline will result in 100% of the points, solving them after the Part 1 deadline will result in 25% of the points.
How do you know if you have solved Levels 1–5? Because you will be on
level6 when you run score before the Part 1 deadline.
Submission Instructions
You will need to submit all source code that you wrote for this
assignment, and a README by the Part 2 deadline. You do not need to
submit anything before the Part 1 deadline (if you are level6 when
you run score before the Part 1 deadline you are good).
Your README file must contain your name, ASU ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment (and will prevent any possible academic integrity violations by demonstrating that you know how to solve the level).