In this assignment, you will:
- Form an initial group
- Install a basic development environment
- Find a crashing input to a simple memory corruption bug
Assignments are to be completed and submitted for grading by groups of four. As such, you should first find three other students to create your first group. If for whatever reason you don’t create a group, you will be assigned to a group. Note that group composition will change over the course of the semester.
Your group’s first task will be to set up a basic development environment for each of the modules that comprise the course. At the time of writing, these modules are:
- Web security
- Memory corruption
- Vulnerability discovery
Note that some assignments might need tools in addition to the ones listed below.
The base of your development environment will be a Linux system. It does not matter which distribution you use for this base so long as it is capable of running a container stack such as Docker or OCI. Feel free to use any mainstream Linux distribution. If in doubt, Fedora or Ubuntu are reasonable choices.
For some assignments, a virtualized environment might be necessary – e.g., to run Windows “malware.” Therefore, you should install a working hypervisor which can either be hosted by your Linux environment or installed alongside it if your Linux environment is itself virtualized.
Many assignments, including this one, will be distributed as a
container image that you will run locally. To do so, you will need to
install a container runtime (a.k.a., container stack) within your Linux
environment. A safe choice is Docker.
Note that some Linux distributions have deprecated Docker in favor of
the OCI stack. In that case, it
is easiest to simply use those tools which typically amounts to
docker command with
C/C++ Development Tools
Within your Linux environment, you should install a basic set of
development tools via the distribution’s package manager. Usually, the
package manager is invoked via
depending on whether you are using a modern RPM- or Debian-based
distribution. Package names can vary between different distributions, so
the names below might need to be adjusted for your particular
dnf search or
(or, in the worst case, a Google search) can help you to resolve the
package names you need.
Install the following packages:
Additionally, you will need to install an editor (at a minimum), an
IDE, or perhaps expose your Linux environment’s file system to your
preferred tools on your host machine. Recommended IDEs include Visual Studio Code (if you are
OK with vendor telemetry) or IntelliJ IDEA (free with a
.edu email address).
You will more than likely want a working Python installation, which you should also install via your Linux distribution’s package manager. In this class, we will be using Python 3, so ensure that either you only have a version 3 environment installed or that you are able to unambiguously refer to it if you have multiple Python installations.
In addition to a Python 3 interpreter, you might also want to install IPython which makes interactive Python evaluation or script debugging much more pleasant.
In addition to a browser, you should install an interactive web proxy that will allow you to introspect on and modify HTTP messages. In this class, we will use and support mitmproxy since it is open source. However, if you have a Burp Suite license, then feel free to use that with the understanding that you’re on your own if you run into issues.
Reverse Engineering Tools
For the reverse engineering assignments, we will be using Ghidra. Ensure that you have a compatible Java Runtime Environment installed. If you have an IDA Pro and Hex-Rays license then feel free to use those tools instead with the usual caveat.
With the software prerequisites out of the way, let us turn to the
first assignment: crashing a vulnerable program. This program is
available in Canvas as a container image called
vuln00.img.xz. You can decompress the image using
xz which can be installed using your distribution’s package
manager. From there, you can load the image into your container runtime
docker load and then execute an instance using
When you run the container image, the vulnerable program will wait
for input. While it is running, you can access the program’s source code
which is available at
/app/vuln00.cpp within the container
instance. You can use
docker cp to copy this source code to
the container host if you so desire.
Analyze the source code to find an input that will crash the program.
- Send a Canvas message to the instructor and TAs informing them of your group members.
- Once your group has been created, submit a
.tgzarchive containing a single text file called
input1. This file should contain an input that crashes the vulnerable program when used as part of the following command:
docker run -it $vuln00_image <input1.
- Extra credit. Submit a
.tgzarchive containing two files:
input2. Each of these should exploit distinct bugs in the vulnerable program resulting in crashes when run similarly to the example above.