Scribd
Upload
35 views2 pages

Assignment 4

Assignment 4 is due on March 31st and consists of 10 levels worth varying points totaling 100 points. Students must work alone but can view a scoreboard to track their progress. The assignment involves hacking a special server to find vulnerabilities and steal passwords starting with "FLG" to prove completion. Extra credit is awarded for additional levels completed or reporting unintended vulnerabilities, with 50 extra points for gaining root access to the server.

Uploaded by

oddlogic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views2 pages

Assignment 4

Assignment 4 is due on March 31st and consists of 10 levels worth varying points totaling 100 points. Students must work alone but can view a scoreboard to track their progress. The assignment involves hacking a special server to find vulnerabilities and steal passwords starting with "FLG" to prove completion. Extra credit is awarded for additional levels completed or reporting unintended vulnerabilities, with 50 extra points for gaining root access to the server.

Uploaded by

oddlogic
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Assignment 4 (100 points) HACK ALL THE

THINGS
Assignment 4 is due 3/31/16 at 11:59pm Eastern. Late assignments will be
decreased at 20% per day (day defined as 24 hour period after the time that the
assignment is due).
Even though the due date for this assignment is after the midterm, do not wait
until after the midterm to start on this assignment. This is a difficult
assignment and working through it is excellent preparation for the midterm.
Assignment 4 is composed of 10 different parts (levels), each worth 10 points,
execpt for levels 8 and 9, which are each worth 15 points.
You must work on Assignment 4 alone (the life of a hacker is tough and lonely).
However, the hackers life is also competitive, so see where you rank on the
scoreboard (http://66.222.86.101/hw4/scoreboard).

Description
Youve been hired by a well-known software company to do a pentest of their
web infrastructure. They pay well (in a mysterious currency known only as
points), however, they will only pay if you find a vulnerability!
Theyve created a special server (https://66.222.86.101/) for you to perform
your pentest. Youll need to login with the same hacker alias/password that you
use for the submission site.

Ground Rules
1. No automated tools. The company is paying for your brain, not an
automated tools brain.
2. No DOS or brute force attacks. None of the vulnerabilities require brute
forcing, so dont do that, you could affect your fellow security researchers.
3. Let the companys lowly paid IT-admins know if there are infrastructure
problems. Make sure to include your UT ID, otherwise its impossible to
troubleshoot.

Submission Instructions
To prove that you found a vulnerability, submit the password on the submission
site (http://66.222.86.101/). To make it a bit easier to identify, passwords that
you need to steal always start with the prefix FLG (similar to the Capture The
Flag concept). Of course, each level has a different password.
1

Extra Credit
If you break more than 9 levels, then you will receive extra credit, 10 points for
each level.
Bug Bounty
If you find an unintended vulnerability in one of the levels or the system, the
first person to report it gets 10 additional points. An uninteded vulnerability
would be something like using the vulnerability on level 2 to break level 3.
Finally, if you manage to get root on the server, you will get 50 additional points.

You might also like