Rice University logo
 
Top blue bar image Comp327: Introduction to Computer Security
Blog and homepage for Rice's Comp327
 

Grading Criteria for HW6

April 22nd, 2012 by dso

No report is required for turn-in, but please tell me who is in your group and the way that work was distributed.
Below is how I will grade each groups homework:

1) For each solution, I will start from scratch (e.g. make clean)

2) After I run solution #1, I will examine the log file and the users directory to see that you created a valid user.

3) After I run solution #2, I will examine the log file and the users directory to see that you created a valid users.  Your code should perform the following actions:
a) enumerate whether these users exist in the application or not
b) use writeArticle to write arbitrary passwords into each existing user’s password as an authenticated user

You should include users you know will and will not exist in the application in your exploit, as this will be the most precise demonstration that your tool meets the grading criteria.

4)  After I run solution #3 and/or #4, I will try to connect to the remote port that the shell code binded too.  Then I will connect to the port and type:
‘ls’, ‘whoami’, and ‘date’.
I will read your code and comments to figure out how to run the exploit.  If I can’t figure out your exploit or get it to run, you will not get credit for the problem.  Be very verbose in your comments and instructions about how to run the code.

HW5 Write-ups Graded

April 17th, 2012 by dso

If you want your grades and comments for HW 5, please drop by the TAs office today before 4p.  Otherwise they will be available to you at the end of class on Thursday.  No grades will be sent out for this assignment.  Thanks.

Office hours rescheduled

April 15th, 2012 by dso

The TAs office hours will not be held at the normal time tomorrow.  They will be held after class tomorrow.

Reminder: Class on Monday

April 12th, 2012 by dso

Just a friendly reminder that class will be held on Monday of next week.  The place is Keck 101 at 3:00-4:30pm.  Thanks.

HW 6: Exploiting the bad code

April 9th, 2012 by dso

HW 6: Exploiting the bad code is now assigned.  Before you get started, there are a couple of points:
1)  This is the first time this assignment has been used, so please make sure you email the TA if you have problems getting started or you get stuck on a problem.
2)  Everyone must work in a group of 2 or more, no exceptions.
3)  The required environment for this assignment is a 32-bit Linux system.
4)  Please read the instructions carefully before emailing the TA.
5) Do not hesitate to ask for guidance.

TA Office Hours for Monday Cancelled

March 31st, 2012 by dso

The TA’s office hours for Monday (4/2/12) will be canceled.  If you need assistance, please send the TA an email to ask your question or schedule an appointment. This an official decree, and it is not related to 4/1/12.   Thanks.

HW5: Source Code Auditing

March 28th, 2012 by dso

Homework 5, Source Code Auditing is now assigned,

HW 4: WebSecLab Exercises #3 Posted

March 9th, 2012 by dso

HW4 has been posted here, and it will be due on March 26, 2012.

UPDATE Assignment #3: FTP Upload 2 is now extra credit.

March 6th, 2012 by dso

Update Assignment #3: FTP Upload 2 problem is now extra credit.

UPDATE: Assignment #3 Deadline Extended

February 23rd, 2012 by dso

Assignment #3’s deadline has been extended too Thursday March 8th.