Web Attacks

Project Files
Due Monday, January 1st

Worth 80 points


For this project, you will exploit four web based vulnerabilities. They are running on a webserver hosted on netsec-projects.cs.northwestern.edu, port 5000. For each exploit, you will find a flag which is associated with your username. To submit your flags, put them in the file called flags.txt, and run the submit script as usual. Here is a little information about each of the vulnerabilities:


The user who's session you are trying to steal for each of the last two parts is logging in from behind the firewall, i.e., accesses the site by visiting netsec-projects.cs.northwestern.edu directly, not via localhost and port forwarding like you.

For any XSS you write, it is not recommended that you communicate with any server other than netsec-projects because of potential firewall issues.

Accessing from home

In order to do this project from home, you will have to forward ports since there's a firewall on netsec-projects. Execute the following command:
ssh -N -L 9000:netsec-projects.cs.northwestern.edu:5000 hamsa.cs.northwestern.edu

Now in your web browser, you will be able to access the project by visiting http://localhost:9000/.