Assignment 3 - Binary Reversing, Pwnage and ROPing
Assignment 3 is due 4/25/18 on or before 11:59:59pm EDT.
Description
For this homework assignment you will be granted access to three different VMs. Each VM will have their own set of login credentials. Each server will have several binary challenges to solve. To solve each challenge you must recover a “flag”. All flags will have the following format: flag{abc}. Submit this flag to the web submission server discussed on piazza for points towards your homework grade.
Part 1 - Reverse Engineering
In this Reverse Engineering assignment, the desired flag is encrypted or obfuscated within each of the programs or in an encrypted message. Your goal is to reverse engineer each program to circumvent, manipulate, or decrypt to obtain the flag. These challenges are best done locally on your own computer and it is HIGHLY recommended that you download these programs to your local machine. A hint to solving some of these challenges is to use the environment. It is best practice to always have a fresh copy of the target program just in case you happen to corrupt/destroy it. We will not provide you with another copy if you destroy your only copy. This exercise is worth a total of 105 points with 5 points of extra credit.
| Level | Points |
|---|---|
| Level1 | 20 |
| Level2 | 20 |
| Level3 | 20 |
| Level4 | 20 |
| Level5 | 20 |
| Level6 | 5 |
Part 2 - Binary Exploitation
In this Binary Exploitation assignment, your goal is to steal the contents of flag.txt located next to each respective challenge, by obtaining a privileged shell. Obtaining this privileged shell is done first by identifying the vulnerability, then developing a working exploit. Once you have a working exploit that has provided a privileged shell, simply execute cat flag.txt to obtain the flag. Submit this flag for points. This exercise is worth a total of 125 points with 25 points of extra credit.
| Level | Points |
|---|---|
| Level1 | 20 |
| Level2 | 20 |
| Level3 | 20 |
| Level4 | 20 |
| Level5 | 20 |
| Level6 | 5 |
| Level7 | 5 |
| Level8 | 5 |
| Level9 | 5 |
| Level10 | 5 |
Part 3 - ROPing
Roping, Return-oriented programming, exercise is another Binary Exploitation exercise which you will be conducting a smash the stack exploit on four very similar programs but, the stack is not executable. Each level will have a slight twist that increases the difficulty, preventing you from developing a working exploit. In each of the challenge folders there is a program called server, this program will host the vulnerable program on a network port to provide an easier interface. To use server type the following command ./server <port> followed by nc localhost <port>. Your exploit may need to use network sockets to interact with the vulnerable program.
Once you have a working exploit that has provided a privileged shell, very similar to the Binary Exploitation challenges, simply execute cat flag.txt to obtain the flag. Submit this flag for points. This exercise is worth a total of 40 points with 40 points being extra credit.
| Level | Points |
|---|---|
| Level1 | 10 |
| Level2 | 10 |
| Level3 | 10 |
| Level4 | 10 |
Tools
You will need to sharpen your Linux hacking toolbelt. You will probably need to become familiar with the following tools to understand the binaries that you want to break:
- objdump
- gdb
- radare2
- ltrace
- strace
- etc…
Evaluation
You will be awarded points based on how many levels are solved. The total number of points that can be obtained from this assignment is 270 points with 70 points being extra credit.
Submission Instructions
You will need to submit all source code written for this assignment, and a README. Your README file must contain your name, Unity ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment.
For this submission we are going to use GitHub Classroom. Your submission will be a git repository. If you are not familiar with git here is a quick guide.