Skip to content

Commit

Permalink
add pa4
Browse files Browse the repository at this point in the history
  • Loading branch information
zzjas committed May 16, 2022
1 parent 3eabe29 commit d46356a
Show file tree
Hide file tree
Showing 2 changed files with 166 additions and 0 deletions.
2 changes: 2 additions & 0 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,7 @@ <h3>Tentative Schedule</h3>
Directions in Cryptography</a> by Whitfield Diffie and Martin E. Hellman
</td>
<td>
<a href="pa/pa4.html">Assignment 4 available</a>
</td>
</tr>

Expand Down Expand Up @@ -523,6 +524,7 @@ <h3>Tentative Schedule</h3>
Large Sparse Datasets</a> by Arvind Narayanan and Vitaly Shmatikov
</td>
<td>
<a href="pa/pa4.html">Assignment 4 due</a>
</td>
</tr>

Expand Down
164 changes: 164 additions & 0 deletions pa/pa4.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet"
integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bungle.min.js"
integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
crossorigin="anonymous"></script>
<title>CSE 127 - PA4: Network Attacks</title>
<style>
img {
padding: 0;
display: block;
margin: 20px 0;
max-height: 100%;
max-width: 600px;
}

body {
padding-top: 20px;
padding-bottom: 50px;
}

.tab {
margin-left: 40px;
}
</style>
</head>

<body class="d-flex flex-column">
<main role="main" class="flex-shrink-0">
<div class="container">
<div class="row">
<div>
<h1>PA4: Network Attacks <span class="text-muted courseyear"><small>Spring 2022</small></span>
</h1>

<div class="alert alert-primary" role="alert">
<b> Total Points: 20</b><br>
<b> Due: Tuesday, May 24 at 11:59pm</b>
</div>

<div class="md-content">

<p>This is a group project; you can work in a team of size at most four and submit one
project per team. You are not required to work with the same partner on every project.
You and your partner should collaborate closely on each part.</p>

<p>You have two late days that you may use to turn in work past the
deadline over the entire quarter. A late day is a contiguous 24-hour
period. Both you and your partner will be charged for every late day
that you use, and you both must have late days to use them. These
late days are intended to cover your extension needs for usual
circumstances: brief illness, busy with other classes, interviews,
travel, extracurricular conflicts, and so on. You do not need to ask
permission to use a late day.</p>

<p>The code and other answers you submit must be entirely your team's
own work. You may discuss the conceptualization of the project and the
meaning of the questions, but you may not look at any part of someone
else’s solution or collaborate with anyone other than your
partner. You may consult published references, provided that you
appropriately cite them (e.g., with program comments).</p>

<p>Solutions must be submitted to Gradescope.</p>
<hr>

<h2 id="introduction">Introduction</h2>
<p>A talented but, unfortunately, clumsy student in George's research group
accidentally dropped a flash drive in the campus coffee shop. You, an
infamously nefarious hacker known far and wide as the archvillain of the
research group, noticed this dropped flash drive, and quickly but
surreptitiously pocketed it. As usual, you're trying to do everything in your
power to disrupt all of the activities of the research group. Your latest scheme
requires you to get control of the account Nadia uses to access campus networks,
and you have a sneaking suspicion that this dropped flash drive might be just
the foothold you need in order to set your scheme in motion.</p>

<p>Being a smart but cautious hacker, you connected the flash drive to a secure,
isolated machine to inspect its contents. You don't want a repeat of that one
time when a similar dropped flash drive actually contained a nasty virus and you
ended up having to wipe your machine and reinstall your operating system. But
this one seems to have nothing suspicious, no traps or hidden surprises. This
drop seems to actually have been an accident. Feeling exhilarated, you quickly
email a dump of the flash drive's contents to yourself so you can access it on
your primary machine.</p>

<p>Unfortunately, a quick glance shows that there's not much of interest on this
flash drive itself. You were hoping it might have something juicy, like the
plans for the research group's next super-potent virus. But all is not lost.
You might still be able to use some of the information on this flash drive to
breach into the research group's super-secret network. And then who knows what
information you might be able to find just by listening in to what's going
on...</p>

</div>

<hr>
<h2>
Logistics and Opening Hints
</h2>

<p>You should have already received an email from [email protected] with the dump of the dropped flash drive's contents;
the email's subject is "[CSE 127] PA4 Flash Drive Dump". If you don't immediately see it, you may need to check your spam folder. That
should be all you need to get started - what interesting things might be here
that would prove useful for your hacking activities?</p>

<p>You'll eventually have to turn in a writeup describing the steps you took to
achieve your goals, so you may want to keep a log as you go in order to make
that easier.</p>

<p>Linux commands you may need to know about or look up for this assignment, in alphabetical order, include:
<ul>
<li>nc</li>
<li>nmap</li>
<li>ssh</li>
<li>tcpdump</li>
<li>wget</li>
</ul>
</p>

<p>Certain flags of some of these commands may also come in useful, such as
-F, -i, -p, and -X, among others. Information can be found on man pages
(e.g., man nc) or online.</p>
</div>

<hr />
<h2>Final Notes</h2>

<p>We hope this assignment will be enjoyable and interesting for you. In order
to preserve the experience for everyone, please be careful with spoilers on
Piazza and in class - part of the fun is finding the relevant information and
figuring out how you're supposed to use it. As usual, the TA's will be
available in office hours and via private questions on Piazza to provide help
and maybe some hints if necessary.</p>

<p>There are three parts to turn in on Gradescope. A hint for what to turn in
for assignment A is in the PA itself. Assignment B is the discovered token,
and assignment C is a writeup of the steps you took and what tools/flags you used in
the process. Note that if you are working with a partner, you should upload your parts
together in one submission. This means you should primarily use one account for this
entire PA.</p>

<p>Also, once you breach into the network, you should be able to find a
`README.md` file in the victim's home directory with additional directions and
hints for the next steps.</p>

<p><strong>Note</strong> this project is self contained. <strong>You should not be actually trying to
access anything outside of this server. All the email addresses in the
PA are made up and you should not use any real email address.</strong>
If you have questions, please reach out to the TAs.</p>

<p>Good luck in your hacking!</p>

</div>
</div>
</main>
</body>

</html>

0 comments on commit d46356a

Please sign in to comment.