___ _ _ _____ / _ \ (_) | | |____ | / /_\ \___ ___ _ __ _ _ __ _ __ ___ ___ _ __ | |_ / / | _ / __/ __| |/ _` | '_ \| '_ ` _ \ / _ \ '_ \| __| \ \ | | | \__ \__ \ | (_| | | | | | | | | | __/ | | | |_ .___/ / \_| |_/___/___/_|\__, |_| |_|_| |_| |_|\___|_| |_|\__| \____/ __/ | |___/ _____ _____ _____ _____ ____ _____ _____ | ___/ __ \| ___| | _ |/ ___| _ || _ | | |__ | / \/| |__ | |_| / /___| |/' || |_| | | __|| | | __| \____ | ___ \ /| |\____ | | |___| \__/\| |___ .___/ / \_/ \ |_/ /.___/ / \____/ \____/\____/ \____/\_____/\___/ \____/
In this assignment you will complete a Capture-the-flag (CTF) style challenge. You will be presented with a linux virtual machine and will be required to solve a set of challenges to obtain the root password.
Log in to the virtual machine with Username:
user and Password:
user. Proceed to recover the root password via a stack buffer overflow.
- A modern computer with about 500Mb of free disk space. The VM is based on tinycore Linux, and the compressed image is only about 80Mb to download.
- The VirtualBox virtual machine player. (Note: You can use any VM player that supports
.ovaVMs, however the instructions below are specific to VirtualBox and may differ slightly if you decide to use a different player such as VMWare).
- You may need to install the Virtual Box extension pack.
assignment3-VM.ovavirtual machine image available for download in
OWL -> ECE 9609 -> Resources
- Import the virtual machine image into your virtual machine player.
File -> Import appliance -> assignment3-VM.ova-> Continue -> Import
- Start the VM:
Assignment 3 -> Start
- Login to an account and recover the root password
The VM is currently configured to use a
host-only network adapter, which provides network access between your host OS and the VM only. Your VM does not need actual/full-on internet access for you to complete the challenges. You can discover the machine’s IP address by typing:
ifconfig | grep inet
You can use the IP address to download/upload files using utilities like
IMPORTANT: the exploit has been configured to be run over ssh. If you log into the VM terminal directly, the environment variables will be different, and the buffer overflow won’t work.
- Stack buffer overflows can be tricky to exploit for a beginner. See this excellent tutorial video for more information.
- The administrator chose a weak password. Try this password list of the 1,000 most common passwords.
What to submit
Take the Assignment 3 test in OWL under the Tests and Quizzes tab.