Project 1x: Command Injection (25 pts.)
What You Need
- A computer of any sort with an Internet connection.
Purpose
To understand and exploit the simplest type of vulnerability:
command injection.
Task A: Exploit a Buffer Overflow (10 pts.)
In a browser, go to
http://attack3214.samsclass.info/bufo.htm
Exploit that form and get your name on the
Winners board,
as shown below.
Capturing a Screen Image
Capture a
WHOLE-DESKTOP image showing
your name on the
Winners board.
Save the image as
"Proj 1xa from YOUR NAME".
Task B: Exploit ImageMagick (15 pts.)
In a browser, go to
https://attack3214.samsclass.info/im.htm
First upload a real image to see how the form works.
Then exploit that form and get your name on the
Winners board,
as shown below.
Capturing a Screen Image
Capture a
WHOLE-DESKTOP image showing
your name on the
Winners board.
Save the image as
"Proj 1xb from YOUR NAME".
Turning in Your Project
Send the images to cnit.129s@gmail.com with a subject of
"Proj 1x from YOUR NAME". Send a Cc:
to yourself.
Posted 8-14-16 12:11 pm
Revised 12-1-16
URL updated 1-17-18 5 pm