_                                    ______  
   /\            (_)                              _   (_____ \ 
  /  \   ___  ___ _  ____ ____  ____   ____ ____ | |_   ____) )
 / /\ \ /___)/___) |/ _  |  _ \|    \ / _  )  _ \|  _) /_____/ 
| |__| |___ |___ | ( ( | | | | | | | ( (/ /| | | | |__ _______ 
|______(___/(___/|_|\_|| |_| |_|_|_|_|\____)_| |_|\___|_______)
                   (_____|                                     
 _______ ______ _______ ____   __   ______  ____               
(_______) _____|_______) __ \ / /  / __   |/ __ \              
 _____ | /      _____ ( (__) ) /_ | | //| ( (__) )             
|  ___)| |     |  ___) \__  / __ \| |// | |\__  /              
| |____| \_____| |_____  / ( (__) )  /__| |  / /               
|_______)______)_______)/_/ \____/ \_____/  /_/              

Assignment 2

Overview

In this assignment you will complete a Capture-the-flag (CTF) style challenge. You will be presented with a linux virtual machine and will be required to solve a

Instructions

Log in to the virtual machine with Username: user and Password: user. Proceed to recover the root password via a stack buffer overflow.

Requirements

  • A modern computer with about 500Mb of free disk space. The VM is based on tinycore Linux, and the compressed image is only about 80Mb to download.
  • The VirtualBox virtual machine player. (Note: You can use any VM player that supports .ova VMs, however the instructions below are specific to VirtualBox and may differ slightly if you decide to use a different player such as VMWare).
  • You may need to install the Virtual Box extension pack.
  • The assignment2-VM.ova virtual machine image available for download in OWL -> ECE 9609 -> Resources

Directions

  • Import the virtual machine image into your virtual machine player.
    • File -> Import appliance -> assignment2-VM.ova -> Continue -> Import
  • Start the VM: tinycore -> Start
  • Login to an account and recover the root password

The VM is currently configured to use a host-only network adapter, which provides network access between your host OS and the VM only. Your VM does not need actual/full-on internet access for you to complete the challenges. You can discover the machine’s IP address by typing:

ifconfig | grep inet

You can use the IP address to download/upload files using utilities like scp.

Tips

  • Stack buffer overflows can be tricky to exploit for a beginner. See this excellent tutorial video for more information.
  • The administrator chose a weak password. Try this password list of the 10,000 most common passwords.

What to submit

Submit a single PDF of your solutions in OWL -> ECE 9609/9069 -> Assignments -> Assignment 2

  • (a) The root password
  • (b) A writeup of the steps you took to obtain it, including the list of the commands you used, and an explanation (in your own words) of what you did and why it worked