Home Publications Teaching CV Contact
CSC-405 Computer Security Assignment 3 – Web Attacks
Assignment 3 is due 04/12/23 on or before 11:59:59pm EDT.
Your goal is to break a series of web challenges using the full range of your hacking skills.
Every challenge is at https://hw3.kapravelos.com/ . You can access any level at any time, so if you get stuck in one of them you can still work on the others. Once you break the level and discover the Nag, you want to verify it on our submission page
https://hw3.kapravelos.com/flag . Our submission page will record if you successfully solved the level, but you will need to also submit a report with a description of how you exploited that level along with all the code that you used.
Note that some of the levels are not straightforward and you would need to try several different strategies until you land with the correct one. This means that you should start early so that you have time to work on difQcult/challenging levels.
You will need to sharpen your web hacking toolbelt. You will probably need to become familiar with the following tools to understand the web applications that you want to break:
setup Burp Suite (link) and learn how to use it (link, especially how to setup the proxy and use the repeater feature)
Chrome dev tools
Using automated tools that scan for web vulnerabilities against the server is prohibited.
Evaluation
You will be awarded points based on how many levels are broken. All levels are worth 10 points each. However, who needs points when you see your hacker alias in all its glory on the scoreboard?
Submission Instructions
You will need to submit a description for each level of how it was attacked and what the vulnerability was. The description is important and will affect how we grade your assignment. The submission page for the reports will be posted on piazza.
Schedule Syllabus
Assignments
ý 2023 Kapravelos
CS Help, Email: tutorcs@163.com