Lab Instructions

Overview

In each lab (every week), you are asked to solve a set of challenges (typically 10~15 challenges except for the first two weeks). In each challenge, you have to submit three things, namely, a flag, the exploit, and its write-up via scoring server the flag you got from the challenge, the exploit that you wrote, and the write-up that summarizes how you formulated the exploit (see below).

A flag is an ASCII string that matches with a regular expression of CANDL{[^}]+}, and you can find it either in the challenge program or in the challenge directory (usually as a ‘flag’ file). Your job is to read this flag by exploiting the distributed challenges.

Taking actions #1 (Registration)

1. Register your account to scoring server

• Visit scoring server. You will use the registration menu.

2. Then you need to generate your SSH public key and register to CTF competition server.

# In case if you already have your ssh key
[host] $ cat ~/.ssh/id_ed25519.pub
# -> copy and paste the key, use this key to register your server account.

# In Linux (Ubuntu)
[host] $ sudo apt-get install openssh-client

# For both Linux and MacOS
[host] $ ssh-keygen -t *ed25519*
Generating public/private ed25519 key pair (or RSA).

# select your key location
Enter file in which to save the key (/home/YOUR_ID/.ssh/id_ecdsa):
=> type YOUR_KEY_LOCATION or use the default path
(you can omit this if you want to store that in a default ~/.ssh location).

# type passphrase (you can use an empty one, if you wish)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

# check your key location
Your identification has been saved in YOUR_LOCATION.
Your public key has been saved in YOUR_LOCATION.

# After key generation
[host] $ cat YOUR_KEY_LOCATION/id_ed25519.pub
# -> copy and paste the key, use this key to register your server account

# an example of a public key
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIONLM0cVwr1u1qE5DtbjnP1c4sQqYRXbXMZnXmw2mq4b blue9057@os-gitlab.com

Do not forget where you store your private key and the passphrase for it. After having public/private key pair, please register your server account at here:

3. Connect to the course CTF server

# login to the course server
# Replace YOURID to the username that you send to us in the e-mail message above...
[host] $ ssh <NETID>@cs4301.syssec.org -p 2201

# In case if you placed your id_ed25519 to YOUR_KEY_LOCATION, then
[host] $ ssh -i YOUR_KEY_LOCATION/id_ed25519 <NETID>@cs4301.syssec.org -p 2201

# let's start week1 (unit1)!

[CTF_server] $ fetch unit1
[CTF server] $ cd unit1
[CTF server] $ cd level0
[CTF server] $ ./level0

5. Submit your solution and flag

# Submit Flag
  1) Visit the scoring website
     https://ctf.syssec.org

  2) Choose the challenge name from the correct week-X set

  3) Submit the flag!


# Submit Writeup

# NOTE: your score wouldn't count unless you submit writeup
# NOTE: you can also submit your flag and writeup through the class website

Write-up sample

#!/usr/bin/python
from pwn import *
context.terminal = ['tmux', 'splitw', '-h']

p = process('./level0')
e = ELF('./0')

get_a_shell = e.symbols['get_a_shell']
buf = "0xdeadbeef" # your exploit payload here.
p.sendline(buf)

p.interactive()