Copyright © 2017-2019 Kyle C. Hale, Illinois Institute of Technology.
For this lab, you will be understanding environment variables and the SetUID bit, how they work, and how they can lead to vulnerabilities. You can find the lab description here.
Please write your lab report according to the description. Upload your answers as a PDF to blackboard. You must turn this in by Tuesday before class.
Significant content borrowed from Wenliang Du.
A hacker group set on Chaos has added all of you to the government's criminal watchlist. To make sure the public passes on any hints or tips, the government has published the list at ec2-18-221-149-26.us-east-2.compute.amazonaws.com:9074. Unfortunately for them, to facilitate inter-agency information sharing, they have another service to determine whether or not a particular person is on the list. Even more unfortunate, they hired your instrutor to write this service, and he didn't do a very good job (was it on purpose? Who knows). This other service runs on port 9099. Can you hack it to remove your name from the list? Be careful to remove only *your* name; if other names are left on the list, the less likely you are to be discovered!
Copyright © 2017-2019 Kyle C. Hale, Illinois Institute of Technology.