Wargame Spec

Wargame 1 & 2 - Buffer Overflows & Format Strings README

The following wargames will provide you with exercises where you will be required to reverse the binary, figure out the vulnerability and write an exploit.

Please use the techniques learned in the lectures to exploit the challenges provided. These challenges closely mimic those that will be present in your midsem and final exam. If you are able to complete the challenges, you should be fine with the practical assessments in class (the exams).

Provided in this assignment are the following:

• Link to the VM: https://cloudstor.aarnet.edu.au/plus/s/djdhcrPRiqGbaLE pw: 0x41414141

• Zip file of the binaries + Source code for some binaries. https://cloudstor.aarnet.edu.au/plus/s/231A3Fj80fAiOj4 pw: 0x41414141
• This readme.

Notes on the challenges

The challenges are listed below. Please see due dates for the corresponding due dates for each challenge. For challenges without source code, you are expected to reverse the binary to find the vulnerability. We have included the source for the first few challenges as a gentle introduction to COMP6447.

Each challenge is listening on the listed port and contains a flag file at /flag, a successful exploit script should be able to automatically print out the contents of this file, or execute a shell.

All challenges have ASLR disabled.

Notes on the VM

The VM is configured to automatically start hosting each of the challenges on their listed ports, and to automatically connect to the network via DHCP.

Credentials to login: comp6447/comp6447

Due dates

The challenges will not all be due at the same time. We have given you the first two sets of wargames to provide you with enough range of challenges to practice for the midsem exam.

Marking

As per the course outline, all the wargames collectively will be worth 20% of your final mark. Hence each wargames set will be worth 5%.

The challenges i n each wargame set are all weighted equally.

The marking criteria per week is as follows:

• 1 mark for following instructions
• 4 marks for wargames and writeups.

Submission Instructions

A markdown document (.md) containing the following for each challenge:

We are interested in proof that you understood the challenge, the vulnerabilities and how to exploit them. This is not intended as a formal bug report.

Example-1
===========================

General overview of problems faced
-------------------------------------
Had to research how to overwrite the return address

List of vulnerabilities
--------------------
1. The input for the user's name can overflow a fixed buffer on the stack

Steps to exploit
------------------
1. Enter a name exactly 100 bytes long, to overflow the buffer to the return address, and the append the address of the win function (0x15141312)

Script/Command used
------------------
```
python -c 'print(("A"*100)+"\x12\x13\x14\x15")' | nc 127.0.0.1 3000
```
Example-2...
=============

Please submit the document as a markdown file on give. You may submit as many times as you like. Only your most recent submission will be marked.

Submission for Wargame 1

give cs6447 war1 war1.md

Submission for Wargame 2

give cs6447 war2 war2.md

Late submissions incur a 0.5 mark penalty per day on the maximum possible mark you can get. Eg. If you submit 4 days late, and your raw mark is 2/5, then you will still receive 2/5. If you submit 4 days late, and your raw mark 5/5, your adjusted mark will be 3/5.