Web Attacks

Project Files
Due Thursday, December 1st

Worth 80 points

Description

For this project, you will exploit four web based vulnerabilities. They are running on a webserver hosted on netsec-projects.cs.northwestern.edu, port 5000. For each exploit, you will find a flag which is associated with your username. To submit your flags, put them in the file called flags.txt, and run the submit script as usual. Here is a little information about each of the vulnerabilities:

Tips

The user who's session you are trying to steal for each of the last two parts is logging in from behind the firewall, i.e., accesses the site by visiting netsec-projects.cs.northwestern.edu directly, not via localhost and port forwarding like you.

For any XSS you write, it is not recommended that you communicate with any server other than netsec-projects because of potential firewall issues.

Accessing from home

In order to do this project from home, you will have to forward ports since there's a firewall on netsec-projects. Execute the following command:
ssh -N -L 9000:netsec-projects.cs.northwestern.edu:5000 hamsa.cs.northwestern.edu

Now in your web browser, you will be able to access the project by visiting http://localhost:9000/.