Main navigation | Main content
Covering risk assessment, low-level attacks and defenses. Questions here. Due on the course Moodle by Thursday, September 25th at 11:55pm.
In this assignment you'll learn about binary-level and OS-level
vulnerabilities within a buggy Linux program, and exploit them for
fun and profit academic credit within a virtual machine.
Available now: assignment instructions, updated (PDF), virtual machine instructions.
BCLPR source code:
| Version | C source code | Makefile | Patch from previous version | Security advisory |
|---|---|---|---|---|
| 1.4 | bclpr.c | Makefile | bclpr-1.4.patch | ... |
| 1.3 | bclpr.c | Makefile | bclpr-1.3.patch | BCSA-004 |
| 1.2 | bclpr.c | Makefile | bclpr-1.2.patch | BCSA-003 |
| 1.1 | bclpr.c | Makefile | bclpr-1.1.patch | BCSA-002 |
| 1.0 | bclpr.c | Makefile | N/A | BCSA-001 |
Commands for downloading a new version of BCLPR into your VM and recompiling (shown with version 1.4):
% cd /src
% sudo rm Makefile bclpr.c
% sudo wget http://www-users.cselabs.umn.edu/classes/Fall-2014/csci5271/ha1/v1.4/{Makefile,bclpr.c}
% sudo make
% sudo make install
% bclpr -v
Covering defensive programming and OS security. Questions here, C code for question 1. Due on the course Moodle by Thursday, October 9th at 11:55pm.
Covering a bit of voting, network basics, and cryptography. Questions here. Due on the course Moodle by Thursday, November 6th at 11:55pm.
In this assignment you'll learn about network-level and web software vulnerabilities within a buggy web server, and exploit them within a virtual machine to steal "secret" information.
Available now: Questions handout (now complete) (PDF), virtual machine instructions.
Covering cryptography and middleboxes. Questions here. Due on the course Moodle by Thursday, November 20th at 11:55pm.
Covering XSS, malware, and DoS. Questions here. Due on the course Moodle by Thursday, December 4th at 11:55pm.