Due Thursday, December 1st
Worth 80 points
For this project, you will exploit four web based vulnerabilities. They are running on a webserver hosted on
5000. For each exploit, you will find a flag which is associated with your username. To submit your flags, put them in the file called
flags.txt, and run the
submit script as usual. Here is a little information about each of the vulnerabilities:
Vulnerability 1: This is a SQL injection attack, and we are giving you the most information about this attack. There is a column of flags displayed. One of these is yours. The MySQL table that holds these flags also has a column called
name. The flag you want to submit has your username set in that column.
- Vulnerability 2: This is a more in depth SQL injection attack.
- Vulnerability 3: This is a basic session stealing attack using cross-site scripting. In order to have the administrator view the page (so you can steal his cookie), click "Force Admin Login".
- Vulnerability 4: This is a similar session stealing attack, except using more advanced cross-site scripting techniques.
The user who's session you are trying to steal for each of the last two parts is logging in from behind the firewall, i.e., accesses the site by visiting netsec-projects.cs.northwestern.edu directly, not via localhost and port forwarding like you.
For any XSS you write, it is not recommended that you communicate with any server other than netsec-projects because of potential firewall issues.
Accessing from home
In order to do this project from home, you will have to forward ports since there's a firewall on
netsec-projects. Execute the following command:
ssh -N -L 9000:netsec-projects.cs.northwestern.edu:5000 hamsa.cs.northwestern.edu
Now in your web browser, you will be able to access the project by visiting