linuCoursework assignment – Break ’em all
Deadline for completing this is 12 October 2021.
Username: Astronaut
Password: ei4jee5ieX3ooYae
The password is automatically generated, so please try to remember it or change it what is convenient to you.
Please follow these steps first before start using the VM machine.
Step1:
Connect to the VM machine using the SSH tool as follows:
– In Windows, go to command prompt “CMD” and type ssh .kcl.ac.uk
– In Linux, open the terminal and type ssh .kcl.ac.uk
– Then provide your password
Step2:
You must do the following *** Important***
1- Make sure you are in the home directory , use the command pwd, it should show you your current location.
2- Make sure the files .profile and .bashrc are in your home directory, use the command ls -la, it should show you them in the output.
We need to add the following snippet to each file ~/.profile and ~/.bashrc ( Hint: use nano editor or vi , no sudo required)
# DON’T REMOVE NOR CHANGE: Enabling ADDR_LIMIT_3GB to mimic the old-fashioned 0xc0000000
trap /usr/local/bin/setarch.sh EXIT
if [ ! -f ~/.setarch.lock ]; then
touch ~/.setarch.lock
setarch `uname -m` -3 -L -v $SHELL
fi
After doing this small task you can start working on the VM.
Goal
Break into all the levels and promote the hacker culture!
1. ssh into seceng.nms.kcl.ac.uk as per instructions received via email after completing the initial form as described in the Assessment page.
2. On seceng.nms.kcl.ac.uk you will find:
· a number of challenges of increasing difficulties (lev1 to lev10):
· Challenges are in /var/challenge/levelX
· You start from lev0 (group)
· You can read the source code of the challenge corresponding to the level you are in.
· Breaking the current level will give you access to the next one:
· Besides spawning a shell, execute the command /usr/local/bin/l33t
· Logout and log back in to retain the privilege level earned.
Check where you are by using the command score:
· At lev0 you show up nowhere. . . 希望显示在香港 (VPN)
Solutions must be submitted. To this end, create a
· For each challenge that you have successfully solved, a program named exploit that successfully performs the exploit.
· A file named README.txt containing a short discussion of additional information, such as interesting findings, alternative exploit techniques.
The .tar.gz file must be structured as follows:
README
level1/
Makefile
exploit
level2/
Makefile
exploit.c
…
…
If you need to compile some source file to obtain the exploit executable, provide a Makefile that does that. The exploit program can be written in either C, C++ or python.