Homework 6 is live! It is due at 12:00pm MST on Wednesday 10/03/18. At exactly 12:00pm, the homework server will become inaccessible.

Homework 6 is a “shellcoding” assignment. Shellcoding is the art of injecting code into a program, during exploitation, to get it to carry out actions desired by the attacker [1].

In terms of submission and so forth, Homework 5 is based on the same high-level concept as the rest. There is a /flag file, and you get to choose one binary on which the SUID flag will be set. The binaries that you are allowed to choose are all under the /pwn directory.

Each program takes user input on stdin and will filter and execute your shellcode. If your shellcode successfully runs, you can use it to read the /flag file.

Read the syllabus.html the full details of the grading system.

Collaboration Policy

These challenges are not as unique as other homeworks. You may collaborate with students in terms of understanding assembly, but you may not work with them on their actual solutions.

Accessing Homework 6

You can access the HW3 submission and management interface using netcat, or a similar program:

nc 23

When you use this interface to Solve Challenge, it will start an ssh server. It will tell you something like:

[+++] Path to Binary: /pwn/babypwn/babypwn6_testing_14794979742557037701
CONTAINER ID        IMAGE               COMMAND                   CREATED             STATUS                  PORTS                   NAMES
88e473a341b6        hw6                 "/bin/sh -c \"/start\""   1 second ago        Up Less than a second>22/tcp   hw6_zardus

This means that the container is running on port 22214! You can now ssh in like so:

ssh -p 22214

Your password is your asurite.

For scriptable interaction, look into pwn.remote to connect to the management interface and pwn.ssh to ssh in.


Useful resources: