Assignment: CHALLENGE

• Format for each challenge
• Hints and Extra Information
• Collaboration

Changelog:

This assignment is the take-home portion of the final. It consists of seven challenges. You must complete five of them. You may complete them in any order. They are numbered in approximate order of difficulty. (What I think is likely to be easiest has the lowest number.)

This assignment is due by the time of the written final. The normal late policy does not apply to this assignment.

The challenges will be distributed in the resources folder on Collab in a folder called “CHALLENGE”. This will be available by 29 April 2017.

Format for each challenge

Each challenge consists of an executable named challengeX.exe where X is a number. If the executable is named challengeX.exe, then your task is to produce a program named attackX such that running:

setarch x86_64 -vRL bash # IF THE HINTS FOR THE CHALLENGE SPECIFY
./YOUR_PROGRAM >attackX.data
./challengeX.exe <attackX.data

causes the program challengeX.exe to output the string

Congratulations, YOUR_NAME!
You have passed this challenge.

(or something substantially similar), but where the YOUR_NAME is replaced with your name. In each case, it is okay if the program also outputs other strings, such as prompts for input, before this string, but this should be the last string output, no messages about not passing the challenge should be output, and the program should terminate normally.

(So, for example, if the program prints out:

Sorry, Congratulations, Student! You have passed this challenge.
You have not passed this challenge.

because you supplied a name of “Congratulations, Student! You have passed this challenge”, that is not an acceptable solution.)

One of the challenge programs expects a supplied data file called passing.txt to exist in the current directory. Your solution must work without modifying that file. (We will generate your attackX.data, then replace the passing.txt with a clean copy immediately before running challengeX.exe.)

You should supply your attack program in any one of three formats:

• As a C program named attackX.c where X is the challenge number;
• As a Python 2 program named attackX.py where X is the challenge number. The first line of your Python 2 program should contain the string python2; for example, it could be #!/usr/bin/python2.
• As a Python 3 program named attackX.py where X is the challenge number. The first line of your Python 3 program must contain the string python3; for example, it could be #!/usr/bin/python3

Your program can include comments, which may help us understand what is going on if we can’t get the program to work on our system.

Your program must not do any of the following:

• Read input files. All data your program needs should be contained within the program.
• Write files. Rather than open attackX.data, you should write to stdout so we can change the name of the file produced.
• Attempt to modify the challengeX.exe executable.

For challenge 2, you should run setarch x86_64 -vRL bash to disable ASLR. For the other challenges, disabling ASLR should not matter.

Hints and Extra Information

For some of the challenge executables, we have supplied additional information:

• Hints specific to that challenge in a file called challengeX.hints.txt. We strongly recommend reading these.
• The output of something like objdump -drst on the executable in a file called challengeX.objdump.txt.
• The source code for the executable in a file called challengeX.c

The amount we have supplied is based on what we think is necessary to make the challenge have an appropriate difficulty level. You should not assume that because we have not supplied some information that the information would not be helpful to figure out.

Even if we supply source code for the executable, we expect your solution to work with the executables we supply.

Collaboration

Please do not discuss or expect TAs to answer questions about what startegy you should apply to particular challenges. You are responsible for figuring this out yourself.

You may, however, ask TAs or share general information about how to identify whether an exploit technique is applicable to a particular program or about how to apply an exploit technique to other executables.

We have supplied reference solutions to some prior homework assignments. You may use these when constructing your solutions. You may also use your solutions to a prior homework assignment.