7CCSMSEN: Security Engineering Coursework
Deadline: Jan 19 @ 11:59pm GMT
Dr. Ruba Abu-Salma 7CCSMSEN Deadline: Jan 19 @ 11:59pm GMT 1 / 5
Dr. Ruba Abu-Salma

[Slides adapted from Prof. Lorenzo Cavallaro]
TAs: Zeliang (Mark) Kan & Mohamed Abouhashem
7CCSMSEN Coursework
Goal
Break into all the levels/challenges and prove that you are more than just a script kiddie
A number of challenges of increasing difficulties (lev1 to lev10)
Challenges in /var/challenge/levelX
You start from lev0 (group)
You can read the source code of the challenge corresponding to the level you’re in
Breaking the current level will give you access to the next one
Ultimately execute the command /usr/local/bin/l33t
Logout and log back in
Now you have access to the next level ;-)
Dr. Ruba Abu-Salma 7CCSMSEN Deadline: Jan 19 @ 11:59pm GMT 2 / 5
7CCSMSEN Coursework
Check where you are by using the command score
At lev0 you show up no where. . .
Check your email for login information :-)
Do discuss on KEATS’ forum—but don’t give answers away
Let everyone have fun!
Dr. Ruba Abu-Salma 7CCSMSEN Deadline: Jan 19 @ 11:59pm GMT 3 / 5
7CCSMSEN Coursework
Solutions must be submitted to KEATS. To this end, create a
.tar.gz that include the following information:
For each challenge that you have successfully solved, a program named exploit that
successfully performs the exploit
A file named README.txt containing a short discussion of additional information, such as
interesting findings, alternative exploit techniques
The .tar.gz file must be structured as follows:
Dr. Ruba Abu-Salma 7CCSMSEN Deadline: Jan 19 @ 11:59pm GMT 4 / 5
7CCSMSEN Coursework
-solutions/
README
level1/
Makefile
exploit
level2/
Makefile
exploit.c
...
...
For challenges 1-5, the exploit could be written as a shell script (.sh), a python script (.py), or
as a text file explaining the steps you did to pass the challenge (which must be reproducible for
assessment).
Dr. Ruba Abu-Salma 7CCSMSEN Deadline: Jan 19 @ 11:59pm GMT 5 / 5
For challenges 6-10, if you need to compile some source file to obtain the exploit executable,
provide a Makefile that does that. The exploit progrm can be written in C, C++, or python.