1. Home
  2. Course Calendar
  3. Technical 06: Two Hacking Challenges

Technical 06: Two Hacking Challenges

Congratulations, You've Made it the End of the Course! But Two Challenges Still Await...

So here you are, at the end of the course. You've learned how to write some code, how to reverse engineer software, how to surf Internet ports, how to secure data with crypto, how the Unix privilege model works, and how open source software is managed. Now it's time to put your newfound skills to work for two final challenges. If you can break through the authentication mechanisms of the binary program and web app in this homework, you will be able to leave this course knowing that you have attained some elite skills you can make good use of in the future!

Challenge 1: Hack the Black Box Binary

Download this ELF 64-bit statically linked Linux binary program. It should execute on most 64-bit Linux systems, including the virtual machine you created for Technical Homework 04. You can download the program to your virtual machine by using the browser from within that environment. Save it to a directory that you can navigate to from the command line. You may need to make the file executable so you can run it by issuing the following command in the directory that you saved the file to:


chmod 755 blackbox
 

The program can be invoked in the following manner:


./blackbox -u ‹username› -p ‹password›
 

where ‹username› is a username string and ‹password› is a password string that you supply. If you provide a correct set of credentials, the program will print the message "Access granted." to the terminal. If you provide something other than a correct set of credentials, it will print "Access denied." Your task is to find a valid set of credentials for this binary. Describe the method you used, and provide any code you developed to assist your analysis (pick your favorite language if you go this route).

Pro Tip: there are at least two ways you can hack it. If you go the non-programming route, there is a certain tool you learned about in a previous technical homework that will be very helpful here.

Challenge 2: Hack the Black Box Web Authentication System

Consider the web application available via this link. The login interface is quite simple: a user must enter a valid password in the box to authenticate to the app:

Webapp7

If you provide the correct password, the app will return the message "Authentication successful!". If you provide something other than the expected password, it will return the message "Incorrect password." Your task is to find out what this program's password is. Describe the method you used, and provide any code you developed to assist your analysis (pick your favorite language if you go this route).

Pro Tip: like the previous challenge, there are two ways you can hack it. Wondering how to get started on this one? Use the source Luke...

Grading

You must submit answers for Challenges 1 and 2 in this assignment. Each challenge is worth 25 points. Activities will be graded in terms of the following criteria:

  • Are credentials provided that match the expected credentials for Challenges 1 and 2?
  • Is each method used to recover the credentials for Challenges 1 and 2 adequately described?

Submission Instructions

  • Place your output / answers for each of the two challenges into a plaintext file that will be saved in the Google drive folder that you previously shared with our TA Ellen for the first writing reflection

  • Name your plaintext file using this convention: lastname_firstname_duedate. Example: Joyce_Ellen_041524.txt

  • Ellen will collect each assignment directly from your drive after it is due