This project is a C-based version of the turnout assignment.
There are two separate deliverables for this project, each due at midnight (via web-Turnin) at the end of the specified date:
TurnOut-C is available as another VMware image for this class. You can retrieve it using the command line
scp -pr fossilvm.cs.wpi.edu:~guttman/turnoutc your_target_locationor your system-specific equivalent. Like the previous VM, it is a directory containing 3 GB. If you want to run your VMs on fossilvm, please let me know immediately, i.e. by Thursday night 22 Sept.
Log into the image as "student" with password "WormSplurt". You'll see a link to the executable on the desktop. You may also use ssh to connect to the image, e.g. ssh firstname.lastname@example.org, or whatever IP address your virtual machine system has supplied the image. Change directory to the desktop. You can then launch the turnout application via the command line.
Turn in a text or PDF file (no doc files, please) with two main parts: a description of your attack strategy (what you looked for and what you tried) and a list of attacks you launched against the system. For each attack:
Each attack you list should be qualitatively different. Multiple versions of the same attack will cost you points. Attacks are the same if they exploit the same vulnerability with the same result (ie, both use code injection with the same constructs in the same field to achieve the same goal). If you list multiple attacks that look similar but you think are not, give us a sentence or two of justification.
Submit a zip file containing edited versions of the source code of any files you have changed and a README.txt file. Your README should describe each edit you made at a high level (such as "added filtering to the X input") and the class of attacks that edit is designed to mitigate. Your goal is to fix the code to avoid as many attacks as possible, not just the attacks that you personally identified for the first deadlines.
In grading this assignment, we will look for:
We will not announce a number of attacks that you should aim for because real-world systems don't come with this information. A comprehensive and systematic attack strategy is your best evidence for the quality of your work on this assignment (it also helps us gauge your respective abilities in identifying vulnerabilities and crafting exploits).