Assignment 2 - Web Server Research and Compromise

Context

To test your knowledge and understanding of the subjects discussed in labs 5-7, you are given a web server binary and a target instance.

You will first conduct reverse engineering to find out its secrets. In so doing, you will also investigate its security and find exploitable vulnerabilities.

Finally, to show the impact of the vulnerability and the necessity of securing the application, you will create an exploit that fully compromises the computer that hosts the web server.

Task resources

Download from here. The 7z archive password is infected and has the following contents:

• asg2 - the binary you will analyze
• target.txt - information about the remote server

Objectives and grading

• Assess the security of the binary (what mitigation techniques are put into place) and their efficiency in this context. (15p)
• Bonus: Find a way to obtain any file on the file system (e.g.: /etc/passwd) (10p)
• Identify the non-standard HTTP request method and describe what it does and what it returns on the remote end and why! (15p)
• Find a memory corruption vulnerability and construct a payload that crashes the program. (30p)
• Construct a full exploit that spawns a shell on the remote end. (40p)
• Bonus: Obtain code execution using only one type of request method. (40p)

Pitfalls

• Use the indications for PIE binaries from lab 7 when using GDB!
• The binary is a bit different from the ones encountered so far as it handles the network communication and client handling itself.
• One thing you might encounter is that calling system("/bin/sh") will not work as expected because input/output is not redirected to the socket.
• Use dup2 in your ROP chain for this purpose.

What to send

• a detailed description of what you did to solve each item
• the IDB/I64 (or the IDC if that’s the case) resulting from your analysis in IDA
• the source code for your exploit/exploits

Timeline:

The assignment can be solved until the 25th of April, 23:59 (hard deadline)

Fair play

Do not cheat! Do not post the task text or files on any sort of public/private collaboration platform (forums, groups, etc). Do not ask someone else to solve it for you as it might be the case that you will be randomly asked about various aspects from your solution and you should be able to answer.

Any cheating attempts will result in a 0 grade for this Assignment.

Support

You can ask questions (by mail) regarding the tasks in any of the labs so far. However, really specific questions regarding the assignment tasks will probably not be answered. These are for you to answer by manual analysis.