______ _____ ______    ___    __   ___   ___              
 |  ____/ ____|  ____|  / _ \  / /  / _ \ / _ \             
 | |__ | |    | |__    | (_) |/ /_ | | | | (_) |            
 |  __|| |    |  __|    \__, | '_ \| | | |\__, |            
 | |___| |____| |____     / /| (_) | |_| |  / /             
 |______\_____|______|   /_/  \___/ \___/  /_/        _  __ 
     /\           (_)                                | |/_ |
    /  \   ___ ___ _  __ _ _ __  _ __ ___   ___ _ __ | |_| |
   / /\ \ / __/ __| |/ _` | '_ \| '_ ` _ \ / _ \ '_ \| __| |
  / ____ \\__ \__ \ | (_| | | | | | | | | |  __/ | | | |_| |
 /_/    \_\___/___/_|\__, |_| |_|_| |_| |_|\___|_| |_|\__|_|
                      __/ |                                 
                     |___/                  

Assignment 1

Overview

In this assignment you will complete a Capture-the-flag (CTF) style challenge. You will be presented with a linux virtual machine and will be required to solve a set of programming puzzles inspired by the pwnable.kr challenges.

Instructions

Requirements

  • A modern computer with about 500Mb of free disk space. The VM is based on tinycore Linux, and the compressed image is only about 80Mb to download.
  • The VirtualBox virtual machine player. (Note: You can use any VM player that supports .ova VMs, however the instructions below are specific to VirtualBox and may differ slightly if you decide to use a different player such as VMWare).
  • *Update*: For anyone having issues importing and running the VM, you may need to install the Virtual Box extension pack.
  • The assignment1-VM.ova virtual machine image available for download in OWL -> ECE 9609 -> Resources

Directions

  • Import the virtual machine image into your virtual machine player.
    • File -> Import appliance -> assignment1-VM.ova -> Continue -> Import
  • Start the VM: tinycore -> Start
  • Login to an account and capture the flag

The VM is currently configured to use 768Mb of ram, but this is probably more than it requires.

  • You can adjust RAM usage in: System -> Base Memory

The VM is currently configured to use a host-only network adapter, which provides network access between your host OS and the VM only. Your VM does not need actual/full-on internet access for you to complete the challenges. You can discover the machine’s IP address by typing:

ifconfig | grep inet

You can use the IP address to download/upload files using utilities like scp.

Questions

There are 4 questions/challenges (and 4 flags):

  1. Question 1
    • Challenge name: Hidden
    • Username: q1
    • Password: guest
    • Flag location: /home/q1/flag1
    • Instructions: Locate and run a file owned by user flag1
  2. Question 2
    • Challenge name: Hardcode
    • Username: q2
    • Password: guest
    • Flag location: /home/q2/flag2
    • Instructions: Run the hardcode binary. Enter the correct password.
  3. Question 3
    • Challenge name: Password
    • Username: q3
    • Password: guest
    • Flag location: /home/q3/flag3
    • Instructions: Get the program to execute the system() command in password.c
  4. Question 4
    • Challenge name: Username
    • Username: q4
    • Password: guest
    • Flag location: /home/q4/flag4
    • Instructions: Get the program to execute the system() command in username.c`

Tips

There are a few basic skills that you will need to know to complete the challenges:

  • How to compile and run a C program
  • How to use the gdb debugger
  • How to execute a Python program from the command line
    $ python -c "<program>"
    
  • How to upload and download files using scp
  • How to view and interpret file permissions and ownership
  • How to use command-line text editor like vi or vim

Other tips:

  • You can create working files in the /tmp directory
  • The VM is non-persistent. Any changes (e.g., uploaded file, etc) are not saved by the OS after shutdown
  • You can scroll up and down in the terminal window using <SHIFT> + <Pg Up> and <SHIFT> + <Pg Dn>.

What to submit

Type your responses in the response text box located in OWL -> ECE 9609/9069 -> Assignments -> Assignment 1.

For each of the four challenges, answer the following questions:

  • (a) What is the contents of the flag file?
  • (b) What command(s) did you run to capture the flag?
  • (c) In one paragraph explain how/why your exploit works
  • (d) In a couple of sentences suggest how the vulnerability can be fixed

TIP: Be sure to save your response frequently while working. Good luck!