Assignment 4 (100 points) — Pwnage
Assignment 4 is due 12/9/17 on or before 11:59:59pm MST. No late submissions will be accepted for this assignment.
Description
Your goal is to break a series of challenges using the full range of your hacking skills, including everything we have covered in class.
Everyone in the class will be sent a username and password.
You will use your username and password to SSH into the server located
at hackme.cse465f17.adamdoupe.com
(using
ssh <username>@hackme.cse465f17.adamdoupe.com
).
Every challenge is at /var/challenge/<X>
where <X>
is
the name of the challenge.
Once you break a challenge, you will want to execute the program
l33t
, which will mark that you broke the level. If you do not
execute l33t
, then you won’t have broken the level.
You can see how you (and the rest of the students) are doing on
assignment 4 by executing the command score
.
Tools
You will need to sharpen your Linux hacking toolbelt. You might need to become familiar with the following tools to understand the programs that you want to break:
- objdump
- gdb
- ltrace
- strace …
Evaluation
You will be awarded points based on how many levels you broke. Each level is worth 15 points, with the maximum amount of points that you can achieve is 120 (out of 100).
Submission Instructions
You will need to submit all source code written for this assignment, and a README. Your README file must contain your name, ASU ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment.
Submit your homework on the course submisison site.
Bug Bounty
If you manage to get root on the server, you will get 50 additional points.