Purpose
The purpose of this assignment is to make you feel comfortable with using a VPN connection and working directly with raw sockets. You will learn how to create and use raw sockets, send raw IP packets with forged source IPs, and manually create UDP packets.
Objectives
Learners will be able to:
- Program with raw sockets.
- Create UDP packets manually and programmatically.
- Send UDP packets with spoofed source IP addresses.
Technology Requirements
While learners can use any programming language, Python is strongly recommended.
Note: The course team will not be able to help you if you choose any language that is not Python, Java, or C#; therefore, to create the best learning experience, Python is strongly recommended.
Assignment Description and Directions
Technology Setup Reminder
If you have not already joined the courseβs pwn.college, please review the setup directions in Module 0: Welcome and Start Here of your course to properly gain access and start your work.
Accessing the Environment
- Navigate to https://pwn.college.
- Click βLoginβ in the upper right corner of the screen and enter your account credentials.
- Click βForgot your password?β if you have trouble logging in.
- Navigate to βDojosβ, second option from the left at the top of the screen.
- Under βCoursesβ, select βCSE 543 β Session X Yearβ.
- Under βDojo Modulesβ and select βIA in Information Systemsβ.
- Under βChallengesβ, click on βUDPSpoofβ, read the details, and then click βStartβ when you are ready to work.
- Optional: use βPracticeβ to help you work through the level with assistance.
Assignment Directions
A UDP service FlagServ is running at 10.0.0.3:13337. This UDP service receives a target IP address from the user, and if the user is authenticated, it will happily send a flag (a special string) via UDP to port 13337 of the target IP. Your job is to write a program that retrieves the flag.
FlagServ employs THE BEST AUTHENTICATION METHOD IN THE WORLD: Source-IP-based
authentication, which means it authenticates all users based on their source IP addresses. If a userβs source IP address is trusted, FlagServ will send out the flag to the specified destination (repeat: via UDP). Otherwise, it will send an error message back to the untrusted user (via UDP, too).
The only trusted IP is 10.2.4.10. Your task is to break or bypass this source-IP-based authentication scheme and steal the flag.
To keep the internet a secure place, 10.0.0.3 points to a private IP that is only accessible in the pwn.college challenge environment.
Submission Directions for Assignment Deliverables
You are given an unlimited number of attempts to submit your best work. The number of attempts is given to anticipate any submission errors you may have in regards to properly submitting your best work within the deadline (e.g., accidentally submitting the wrong paper). It is not meant for you to receive multiple rounds of feedback and then one (1) final submission. Only your most recent submission will be assessed.
You must complete your UDP Spoofing Assignment deliverables in pwn.college and then submit the deliverables in its submission space in the course. Carefully review submission directions outlined in the overview document in order to correctly earn credit for your work. Learners may not email or use other means to submit any assignment or project for review, including feedback, and grading.
2
The UDP Spoofing Assignment includes two (2) deliverables:
- Readme: Include a txt file `readme.txt` describing your thought process or your solution to this problem.
- Program/Code: In a ZIP file, provide your code (a Python script or source code in any programming languages) that attacks the service and obtains the flag.
Making File Submissions in Canvas
Before submitting, confirm that your deliverables follow the requirements for the project, and then submit your work in the designated submission space in the course. Your submission will be reviewed by the course team and then, after the due date has passed, your score will be populated into your grade.
- In your course, go to Submission: UDP Spoofing Assignment.
- Click Start Assignment.
- Click Choose File.
- Locate and select one (1) deliverable file from your device.
- If needed, click +Add Another File and repeat Steps 3 and 4 until all deliverables are added.
- Select the agreement and then click Submit Assignment.
- (If needed and allowed) To resubmit files:
- Return to the Canvas submission space, click New Attempt, and repeat the process from Step 3.
Evaluation
Your submission will be automatically graded in the challenge environment. When you complete the assignmentβs challenge, you will receive a score in pwn.college. After the due date passes, the score will be reviewed by the course team, aligned with the course grade breakdown, and then populated in your course grade in Canvas. For example, if you earn 100% on the challenge in pwn.college, you will earn the maximum number of points for the corresponding assignment in Canvas. Please refer to the syllabus PDF and the assignment submission space in Canvas so you know how many points each assignment is worth.
- You will earn full credit if you steal and submit the correct flag.
- If you do not steal and submit the correct flag, you will not earn credit.
- Partial credit will not be granted for this assignment.
3


