Deadline: March 5th, 11:59 PM Phoenix Time

In this assignment, you will be the master of stack and use stack to get the flags. The goal is to understand stack vulnerabilities and the effectiveness of different defense techniques.

You need to exploit the vulnerability to get the flag, which is located at /flag and in the format of pwn_college{}

To start the game, you need to set up your account by the following steps:

  1. Register yourself at https://dojo.pwn.college.

    Notice: You can register anonymously now, but you need to make sure your email address can be identified. We will score you only if your email address is associated with your ASURITE ID.

    Notice: We encourage you register anonymously since the scoreboard is public for all who join the dojo. If you already register, you can change your user name at https://dojo.pwn.college/settings.

  2. Log in to the website, and then go to https://dojo.pwn.college/settings#private-dojos and join with dojo with code 062b338a9eea2cb7.

  3. Once you join the dojo successfully, you will be able to see Software Security 2023 at https://dojo.pwn.college/dojos after you log in to the platform.

  4. You need to create an ssh key to access the challenge. Once you create an ssh key, copy paste your public key to https://dojo.pwn.college.com/settings#key. This link will instruct you how to generate an ssh key.

  5. Go to link https://dojo.pwn.college/private-11085/babystack, and you will see the assignment challenges.

  6. To get your flag, make sure you connect to the server per the instruction of each challenge, connect to the server, and run the binary on the server with the correct input.

Score Calculation

Babystack contains 11 levels. Each testing challenge is 1 points. The full score is 10 points, yet you can get 11 points in maximum, and that additional 1 point will be your bonus that will help boost yourself to A+. The score will be normalized based on the proportion of each assignment for the final grade. Try your best to get as much you can!

Questions?

If you have any questions, please contact the CSE545 Staff via Discord channel #assignment1-questions