Assignment 5 - Web Attacks Core
Assignment 5 is due 11/26/17 on or before 11:59:59pm EDT.
Description
Your goal is to break a series of web challenges using the full range of your hacking skills.
Every challenge is at http://hw.kapravelos.com:PORT where PORT is in the range 48086-48090. The first level is directly accessible at http://hw.kapravelos.com:48086, but for the following levels, aside from increasing the port, you need to use the hash of the secret from the previous level as the requested path to get access. You can hash the secret of each level like this: echo -n "secret" | md5sum .
Once you break the level and discover the secret you want to verify it on our submission page (announced on piazza). You need to use your university ID number to get the points and you need to provide a description of how you broke the level and what the vulnerability was.
On the submission page you can also find a scroreboard that will display the current scores of all users on the system.
Note that you cannot attempt level03 until you break level02, and similarly for all levels. This means that you should start early so that you have time to work on difficult/challenging levels.
Tools
You will need to sharpen your web hacking toolbelt. You will probably need to become familiar with the following tools to understand the web applications that you want to break:
- Burp Suite
- Chrome Dev Tools
- Postman
- etc…
Using automated tools that scan for web vulnerabilities against the server is prohibited.
Evaluation
You will be awarded points based on how many levels are broken. All levels are worth 20 points each. However, who needs points when you see your hacker alias in all its glory on the scoreboard?
Submission Instructions
You will need to submit a description for each level of how it was attacked and what the vulnerability was. The description is important and will affect how we grade your assignment. The submission page will be posted on piazza.