Assignments

Assignments

Hands-on assignments follow the topics shown in the classes:

Each student is assigned a docker container in the class infrastructure at the beginning of the class.
Docker containers run Linux and contain all the tools needed during the semester to solve all assignments.
All assignments are to be done in the containers unless stated otherwise.
All assignments are in the form of Capture the flag: solving a problem yields a flag that can be submitted in the CTFd system for evaluation.

Use university email for accessing the CTFd.

General Rules

You can NOT

Attack others on the Internet from the docker we are giving you.
Attack the assignment servers or CTFd servers
Attack other servers and services in the university network (outside of the IP range given to you)
Share your code or solution with other students

You CAN

Attack the given docker from the Internet.
Attack from the local docker network the dockers for other students (inside the local network)

Containers are to be used for the class only. Failing to comply with the rules will lead to a point deduction and failing the class!

Assignment List

Assignment	Starts	Due	Points
Assignment 1	5.10.2023	12.10.2023 23:59	1
Assignment 2	12.10.2023 20:00	6.11.2023 23:59	4
Assignment 3	12.10.2023 20:00	6.11.2023 23:59	2
Assignment 4	19.10.2023 20:00	6.11.2023 23:59	6
Assignment 5	26.10.2023 20:00	10.1.2024 23:59	5
Assignment 6	2.11.2023 20:00	10.1.2024 23:59	6
Assignment 7	9.11.2023 20:00	10.1.2024 23:59	5
Assignment 8	22.11.2023 20:00	10.1.2024 23:59	4
Assignment 9	30.11.2023 20:00	10.1.2024 23:59	6
Assignment 10	14.12.2023 20:00	10.1.2024 23:59	5
Bonus Assignment	TBA	TBA	100

Assignment 1: Hello class infrastructure

Log in CTFd with given credentials (Check your email).
Log in to the given docker with the given credentials.
Get the flag and submit it to the CTFd

Assignment 2: Network scanning

Log in to your docker
Scan and find running devices in the network 172.16.1.100-200
Find out which services are running on those devices
Find the flag and submit it to the CTFd
Answer related questions in the CTFd

PLEASE DO NOT SCAN HOSTS OUTSIDE OF THE GIVEN RANGE

Assignment 3: Packet capturing

Log in to your docker
Capture traffic for at least 1 hour
Search the captured traffic for suspicious/anomalous traffic and potential attack
Analyze the attacker's actions
Find the flag
Submit the flag in the CTFd

Assignment 4: Exploits & Vulnerabilities

Part 1:

Log in to your docker
Find the library in <IP SHOWN IN CTFd> and explore it
Find the flag and answer the question in CTFd

Useful tools: nmap, ls, ssh, cat

Part 2:

Log in to your docker
Server <IP SHOWN IN CTFd> has a vulnerability
Find it and search for an exploit
Exploit this vulnerability to read the flag file

Useful tools: nmap, python, cat

Assignment 5: Securing Linux devices

The assignment has several parts. You will need to log in to your dockers, investigate potential breaches, and answer the questions in CTFd.

Do not block user access by SSH (pass or public key). Do not harden your dockers before the assignment starts.

Assignment 6: Honeypots

Unordered List ItemYou have a Cowrie installation at your docker running SSH on port 2222
Attackers will try to connect to this port and detect if it is a honeypot or a real service.
You need to try and make the honeypot look more realistic.
More details in CTFd

Assignment 7: Persistance&Escalation

Find a way to access the given server
Make sure you can read all parts of the flag number 1
Find a way to access flag number 2

Assignment 8: Reversing

Log in to your dockers
Analyze the traffic that comes to your container and try to make sense of it. (You can ignore traffic from past assignments)
Find the flag and submit it to the CTFd
More details in CTFd

Assignment 9: C&C Client

There is a bot server specified in CTFd. Create a bot client that can interact with it, respond to the C&C server commands and obtain the flag. In order to register to the bot master you will need to provide proof of work. Check the attached `pow_solver.py` to see what is needed.

Assignment 10: Malware Detection

Part 1: Download a PCAP from CTFd, analyze it and answer the questions
Part 2: Modify the ML part in the class Colab according to the instructions in CTFd and solve the questions.

Bonus Assignment

Bonus assignments will be announced before the winter break. Students who complete the bonus assignment can choose not to come to the final exam. More details and exact conditions for passing the bonus will be announced later in the semester.

Table of Contents