Software Security - S18

CSE 545

Assignment 3—Binary Pwnage

Assignment 3 is due in two parts.

Part 1 is due 3/13/18 on or before 11:59:59pm MST.

Part 2 is due 3/25/18 on or before 11:59:59pm MST.


Your goal is to break a series of x86 binaries using the full range of your hacking skills.

Your username and password, along with the server IP address and port, are displayed on the assignment page on the submission server. You have a local account on this server that starts at group level1.

Every challenge is at /var/challenge/level<X> where <X> is replaced by the level numbers. So, at the start, you have access to /var/challenge/level1.

From there, once you break the binary (usually called the level number, 1 in the case of the first level), you want to execute the provided program l33t (located at /usr/local/bin/l33t). This will upgrade you to the next level. Note that you will need to log out, then back into the server to see the upgraded level. Otherwise, you could use one of these tricks.

The score program will output the current scores of all users on the system.

Note that you cannot attempt level3 until you break level2, and similarly for all levels. This means that you should start early so that you have time to work on difficult/challenging levels.


You will need to sharpen your Linux hacking toolbelt. You will probably need to become familiar with the following tools to understand the binaries that you want to break:

  • objdump
  • gdb
  • ltrace
  • strace
  • pwntools …


You will be awarded points based on how many levels are broken.

Each level is worth 10 points each based on the due date (100 points total), and levels 11–? will remove a late penalty from Part 1 OR are worth a (token) .5 points each (but not both). Who needs points when you see your hacker alias in all its glory on top of the scoreboard?

Levels 1–5 are considered Part 1 of the assignment, and solving them before the Part 1 deadline will result in 100% of the points, solving them after the Part 1 deadline will result in 25% of the points.

How do you know if you have solved Levels 1–5? Because you will be on level6 when you run score before the Part 1 deadline.

Submission Instructions

You will need to submit all source code that you wrote for this assignment, and a README by the Part 2 deadline. You do not need to submit anything before the Part 1 deadline (if you are level6 when you run score before the Part 1 deadline you are good).

Your README file must contain your name, ASU ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment (and will prevent any possible academic integrity violations by demonstrating that you know how to solve the level).

Submit your homework on the course submission site.