Assignment 3 - Mission 1: DNS Poisoning
Goal: In
this assignment, you
are required to launch DNS poisoning attacks against an adversary, with
the goal of stealing secrets from a misconfigured webserver.
Deadlines:
This assignment is divided in 4 missions. Each mission has a deadline:
Mission 1: 10/22/2013 11:59pm
Mission 2: 11/08/2013 11:59pm
Mission 3: 11/12/2013 11:59pm
Mission 4: 11/19/2013 11:59pm
Plot:
You are a national security agent working to defend the security
of your home Country's critical cyber-infrastructure. Through various
means, you came to know that an extremist group called HackFun, based in a hostile Country
(HC), used to operate a propaganda website reachable at http://<$NAME>.propaganda.hc.
In the past, <$NAME>.propaganda.hc
used to resolve to IP address <x.x.x.x>,
which hosted a trove of information you would like to access to thwart
possible future attacks against your country by HackFun members.
Unfortunately, HackFun recently remapped <$NAME>.propaganda.hc
to point to a (seemingly) innocuous website. However, it turns out that
they forgot to reconfigure the webserver running at <x.x.x.x>
and to shut down the previous site. If you only were able to remap <$NAME>.propaganda.hc
to <x.x.x.x>,
you would obtain access to the information you were looking for.
Therefore, your first mission is to find a way to extract such
information from the misconfigured webserver running at <x.x.x.x>.
Directions:
1) You can obtain your <$NAME>by [...HIDDEN...]
2) Completing the first mission will reveal FLAG1,
which represents the secret information you wanted
3) Once the first mission has been completed, you will be assigned a
new, more challenging task
Environment:
The figure below shows what you currently know about the network
environment. Notice that the local DNS server used by machines in the
HackFun netework is an open resolver. Namely, anybody can query HackFun's local DNS server to resolve domain names. The IP of the open resolver is x.x.x.x.
Submission:
Submit the obtained flags via nike.cs.uga.edu,
as usual. Make a directory called Assignment3-Mission1
and create a file called flag1.txt
that has the following format:
FLAG1: flag
from the first challenge
Also copy the source code you used for performing the attacks
in a sub-dir called Assignment3-Mission1/code/.
Then submit the dir:
nike> $
submit Assignment3-Mission1 csx250
Grading:
This Assignment is worth 20 points overall, plus some bonus points if you solve
the hardest challenge and do it fast.
For each correctly retrieved flag, you will receive the following points:
FLAG1:
4 points
FLAG2:
6 points
FLAG3:
10 points
FLAG4:
5 bonus points
TIME BONUS: The first grad student and undergrad student to submit the correct answer for each
FLAGS will each receive extra bonus points
Mission 1: 1 bonus point
Mission 2: 2 bonus points
Mission 3: 3 bonus points
Mission 4: 5 bonus points