Assignment 3 - Binary Pwnage Core
Assignment 3 is due 10/27/17 on or before 11:59:59pm EDT.
Description
Your goal is to break a series of x86 binaries using the full range of your hacking skills.
Everyone in the class was sent a user account name and password for the previous homework. You are going to use the same username and password to login to the server via ssh. The details of how to connect are posted on Piazza.
Every challenge can be found under the directory /var/challenge/level<X> where <X> is replaced by the level numbers. Your account has already access to level1, so you have access it from this path: /var/challenge/level1
From there, once you break the binary (usually called the level number, 1 in the case of the first level), you want to execute the program l33t. Each binary runs with elevated privileges, so exploiting the binary in this context means to execute arbitrary code with elevated privileges. Running l33t with elevated privileges will upgrade you to the next level.
Note that you will need to log out, then back into the server to see the upgraded level. Otherwise, you could use exec su -l $USER or newgrp levX, where levX is the level you just hacked.
The score program will output the current scores of all users on the system.
You cannot attempt level3 until you break level2, and similarly for all levels. This means that you should start early so that you have time to work on difficult/challenging levels.
Tools
You will need to sharpen your Linux hacking toolbelt. You will probably need to become familiar with the following tools to understand the binaries that you want to break:
- objdump
- gdb
- ltrace
- strace
- etc…
Evaluation
You will be awarded points based on how many levels are broken. There are 5 levels in total and 2 bonus levels. Levels 1-5 are worth 20 points each and levels 6 and 7 are worth 10 points each. However, who needs points when you see your hacker alias in all its glory on the scoreboard?
Submission Instructions
You will need to submit all source code written for this assignment, and a README. Your README file must contain your name, Unity ID, and a description of how you broke each level. The description is important and will affect how we grade your assignment.
For this submission we are going to use GitHub Classroom. Your submission will be a git repository. If you are not familiar with git here is a quick guide.