_ ______ /\ (_) _ (_____ \ / \ ___ ___ _ ____ ____ ____ ____ ____ | |_ ____) ) / /\ \ /___)/___) |/ _ | _ \| \ / _ ) _ \| _) /_____/ | |__| |___ |___ | ( ( | | | | | | | ( (/ /| | | | |__ _______ |______(___/(___/|_|\_|| |_| |_|_|_|_|\____)_| |_|\___|_______) (_____| _______ ______ _______ ____ __ ______ ____ (_______) _____|_______) __ \ / / / __ |/ __ \ _____ | / _____ ( (__) ) /_ | | //| ( (__) ) | ___)| | | ___) \__ / __ \| |// | |\__ / | |____| \_____| |_____ / ( (__) ) /__| | / / |_______)______)_______)/_/ \____/ \_____/ /_/
In this assignment you will complete a Capture-the-flag (CTF) style challenge. You will be presented with a linux virtual machine and will be required to solve a
Log in to the virtual machine with Username:
user and Password:
user. Proceed to recover the root password via a stack buffer overflow.
- A modern computer with about 500Mb of free disk space. The VM is based on tinycore Linux, and the compressed image is only about 80Mb to download.
- The VirtualBox virtual machine player. (Note: You can use any VM player that supports
.ovaVMs, however the instructions below are specific to VirtualBox and may differ slightly if you decide to use a different player such as VMWare).
- You may need to install the Virtual Box extension pack.
assignment2-VM.ovavirtual machine image available for download in
OWL -> ECE 9609 -> Resources
- Import the virtual machine image into your virtual machine player.
File -> Import appliance -> assignment2-VM.ova-> Continue -> Import
- Start the VM:
tinycore -> Start
- Login to an account and recover the root password
The VM is currently configured to use a
host-only network adapter, which provides network access between your host OS and the VM only. Your VM does not need actual/full-on internet access for you to complete the challenges. You can discover the machine’s IP address by typing:
ifconfig | grep inet
You can use the IP address to download/upload files using utilities like
- Stack buffer overflows can be tricky to exploit for a beginner. See this excellent tutorial video for more information.
- The administrator chose a weak password. Try this password list of the 10,000 most common passwords.
What to submit
Submit a single PDF of your solutions in
OWL -> ECE 9609/9069 -> Assignments -> Assignment 2
- (a) The root password
- (b) A writeup of the steps you took to obtain it, including the list of the commands you used, and an explanation (in your own words) of what you did and why it worked