This is how you choose your homework.
i.Convert your hexadecimal cookie to decimal number.
ii.Do mod 5 on the decimal number.
iii. The remainder you get is the homework that you should work on.
0: Bookstore An online bookstore application.
1: Classifeds A web application that allows posting classifed advertisements.
2: Employee Directory. A web listing of employees of an organization.
3: Events An event scheduler.
4: Portal An online portal of articles.
Eg: Cookie – 0×35c74dc9
Decimal value of 0×35c74dc9 = 902 254 025
902 254 025 mod 5 = 0
You choose Bookstore application for your assignment
You can use google calculator to do these calculations. The following links demonstrate calculation with the cookie value 0×35c74dc9
@msangi2,
As far as I know, you can complete the homework without using the –keep-session-cookies flag. However I will confirm this with Prof Venkat and get back to you.
I am elaborating the submission procedure outlined in the HW pdf.
The bolded parts are the commands to be typed on thompson:
1. mkdir submit (Create a directory named submit)
2. cp client-state-attack.wget client-state-defense.wget submit/ (copy all the files you want to turn in to the directory “submit” created in previous step.)
3. tar cvf venkat-hw2.tar submit (Create an archive file of the submit directory)
4. Download the created tar file to your local computer.
5. Email the same to the course account.
wget files contain the attacks and defenses that you will craft while working on your homework. Part 3 and part 4 of the homework document gives details regarding the same.
Please get back to me if you have further questions.
Does this mean the wget files should be simple bash script calling wget to exploit the web application?
For example, we make client-state-attack.wget point to the application everyone can access which is vulnerable (indicated in the spec. PDF) and client-state-attack-defense.wget point to our version of the application which we are supposed to patch?
(Comments wont nest below this level)
Comment by TA: Prasad
2009-10-06 23:06:43
Does this mean the wget files should be simple bash script calling wget to exploit the web application?
Thanks for the info. I am not able to understand one thing. when you say wget files contain the attack and defences. Does it mean that it just contains the command line instruction that we used to create the exploit.
Thanks in advance
Hi,
I have a problem here. The URL to access my assignment through the web i.e. http://thompson.sisl.rites.uic.edu:443/‘mycookie’/'myappln’/Default.jsp just gives me a blank page. And also for other applications, it just gives me a blank page.
I replace ‘mycookie’ and ‘myappln’ with my cookie and my application name while using it in the browser.
How to set it right?
I have a question about the client state validation for the empldir application.
All the functions that have write access to the database requires user validation, using session information stored on server side and are accessible only to the administrators that already can modify every entry on the database.
Moreover crafting an attack just to show informations about the user does not make much sense, since all the user data are already visible to everybody.
Does the attacks that exploits client state mis-validation have to make the attacker able to do something that he would normally not being able to do?
You are able to edit user information because admin user/password is given to you. Imagine that you are an attacker that does not have the admin password and still wants to craft an attack. That is just one scenario I am pointing out.
The motive behind this assignment is understanding
1.How to overcome weak application security?
2. Patch your application to make it more resistant.
Hope that answers your question. Get back to me if you have any doubts
While retrofitting code, I made some changes to one of the files(filename-hLogin.jsp) but unfortunately the system crashed. So is there a way that can be rectified so that I can work on it now.
How do I know which of the 5 applications I’m supposed to work on? My www directory contains all 5.
Should I receive an email?
Thanks, Rafal
Hi Everyone,
This is how you choose your homework.
i.Convert your hexadecimal cookie to decimal number.
ii.Do mod 5 on the decimal number.
iii. The remainder you get is the homework that you should work on.
0: Bookstore An online bookstore application.
1: Classifeds A web application that allows posting classifed advertisements.
2: Employee Directory. A web listing of employees of an organization.
3: Events An event scheduler.
4: Portal An online portal of articles.
Eg: Cookie – 0×35c74dc9
Decimal value of 0×35c74dc9 = 902 254 025
902 254 025 mod 5 = 0
You choose Bookstore application for your assignment
You can use google calculator to do these calculations. The following links demonstrate calculation with the cookie value 0×35c74dc9
Hex to decimal http://lmgtfy.com/?q=0×35c74dc9+in+decimal
mod 5 calculation http://lmgtfy.com/?q=902254025+mod+5
Please mail me if you have any questions
The wget –keep-session-cookies flag is not working.
The version installed on thompson.sisl.rites.uic.edu does not support it. What should I do?
Thank you.
@msangi2,
As far as I know, you can complete the homework without using the –keep-session-cookies flag. However I will confirm this with Prof Venkat and get back to you.
Without using –keep-sesstion-cookies I’m able to make the attack but I’m not able to demonstrate that it actually works.
@Filippo @msangi2,
I will talk to Prof Venkat about upgrading wget and get back to you.
@Filippo @msangi2,
The wget on oscar.cs.uic.edu supports –keep-session-cookies option. You can use wget there to craft your attacks/defences.
Hello.
I am not able to understand the submission procedure. Could you please explain in detail especially the .wget files part.
Thank You
@gchand4
I am elaborating the submission procedure outlined in the HW pdf.
The bolded parts are the commands to be typed on thompson:
1. mkdir submit (Create a directory named submit)
2. cp client-state-attack.wget client-state-defense.wget submit/ (copy all the files you want to turn in to the directory “submit” created in previous step.)
3. tar cvf venkat-hw2.tar submit (Create an archive file of the submit directory)
4. Download the created tar file to your local computer.
5. Email the same to the course account.
wget files contain the attacks and defenses that you will craft while working on your homework. Part 3 and part 4 of the homework document gives details regarding the same.
Please get back to me if you have further questions.
Does this mean the wget files should be simple bash script calling wget to exploit the web application?
For example, we make client-state-attack.wget point to the application everyone can access which is vulnerable (indicated in the spec. PDF) and client-state-attack-defense.wget point to our version of the application which we are supposed to patch?
Yes.
Thanks for the info. I am not able to understand one thing. when you say wget files contain the attack and defences. Does it mean that it just contains the command line instruction that we used to create the exploit.
Thanks in advance
Yes.
Hi,
I have a problem here. The URL to access my assignment through the web i.e. http://thompson.sisl.rites.uic.edu:443/‘mycookie’/'myappln’/Default.jsp just gives me a blank page. And also for other applications, it just gives me a blank page.
I replace ‘mycookie’ and ‘myappln’ with my cookie and my application name while using it in the browser.
How to set it right?
Thanks.
I have a question about the client state validation for the empldir application.
All the functions that have write access to the database requires user validation, using session information stored on server side and are accessible only to the administrators that already can modify every entry on the database.
Moreover crafting an attack just to show informations about the user does not make much sense, since all the user data are already visible to everybody.
Does the attacks that exploits client state mis-validation have to make the attacker able to do something that he would normally not being able to do?
@msangi2,
You are able to edit user information because admin user/password is given to you. Imagine that you are an attacker that does not have the admin password and still wants to craft an attack. That is just one scenario I am pointing out.
The motive behind this assignment is understanding
1.How to overcome weak application security?
2. Patch your application to make it more resistant.
Hope that answers your question. Get back to me if you have any doubts
People, please stop editing records in the database that are prefixed with SOMEONE ELSE’s cookie.
Thanks.
Hi,
While retrofitting code, I made some changes to one of the files(filename-hLogin.jsp) but unfortunately the system crashed. So is there a way that can be rectified so that I can work on it now.
Thanks,
Please list the filenames that need to be replaced with the original ones and I will do the needful.
Hi,
I am not able to access the server from around 23.15. Is anyone else also facing the same problem?
Thanks!
I am able to reach thompson.
Same thing here.
Only wanted to test my exploits for the last time though.
Sorry.. I am not able to access the websites. Thompson is ok.
SSH works but I can’t connect to the website anymore.
Same here.. Cant access the websites.. Am able to access thompson though..
same here
Same here as well.
@TA,
I am able to access all my files and make changes or even keep the originals the way they were previously . But the server end is down.
-Ashwini
Website up again for me!
It should be working now. I am extending the deadline until 1 am because of the server problems.
Thanks a lot!
Thanks!
Could you please add the formal statement of Programming assignment-3 on the page?