Description
Purpose
The purpose of this assignment is to make you feel comfortable with using a VPN connection and
working directly with raw sockets. You will learn how to create and use raw sockets, send raw IP
packets with forged source IPs, and manually create UDP packets.
Objectives
Learners will be able to:
● Program with raw sockets.
● Create UDP packets manually and programmatically.
● Send UDP packets with spoofed source IP addresses.
Technology Requirements
While learners can use any programming language, Python is strongly recommended.
Note: The course team will not be able to help you if you choose any language that is not Python,
Java, or C#; therefore, to create the best learning experience, Python is strongly recommended.
Assignment Description and Directions
Technology Setup Reminder
If you have not already joined the course’s pwn.college, please review the setup directions in Module
0: Welcome and Start Here of your course to properly gain access and start your work.
Accessing the Environment
1. Navigate to https://pwn.college.
CSE 543
UDP Spoofing Assignment 1
2. Click “Login” in the upper right corner of the screen and enter your account credentials.
a. Click “Forgot your password?” if you have trouble logging in.
3. Navigate to “Dojos”, second option from the left at the top of the screen.
4. Under “Courses”, select “CSE 543 – Session X Year”.
5. Under “Modules”, select “UDP Spoofing Assignment”.
6. Under “Challenges”, click on “UDPSpoof”, read the details, and then click “Start” when you
are ready to work.
a. Optional: use “Practice” to help you work through the level with assistance.
Only the challenges in “UDP Spoofing Assignment” are counted towards your grade. The challenges
in “Labs – UDP and TCP Spoofing” are optional and not graded.
Assignment Directions
A UDP service FlagServ is running at 10.0.0.3:13337. This UDP service receives a target IP address
from the user, and if the user is authenticated, it will happily send a flag (a special string) via UDP to
port 13337 of the target IP. Your job is to write a program that retrieves the flag.
FlagServ employs THE BEST AUTHENTICATION METHOD IN THE WORLD: Source-IP-based
authentication, which means it authenticates all users based on their source IP addresses. If a user’s
source IP address is trusted, FlagServ will send out the flag to the specified destination (repeat: via
UDP). Otherwise, it will send an error message back to the untrusted user (via UDP, too).
The only trusted IP is 10.2.4.10. Your task is to break or bypass this source-IP-based authentication
scheme and steal the flag.
To keep the internet a secure place, 10.0.0.3 points to a private IP that is only accessible in the
pwn.college challenge environment.
Submission Directions for Assignment Deliverables
You are given an unlimited number of attempts to submit your best work. The number of attempts is
given to anticipate any submission errors you may have in regards to properly submitting your best
work within the deadline (e.g., accidentally submitting the wrong paper). It is not meant for you to
receive multiple rounds of feedback and then one (1) final submission. Only your most recent
submission will be assessed.
CSE 543
UDP Spoofing Assignment 2
You must complete your UDP Spoofing Assignment deliverables in pwn.college and then submit the
deliverables in its submission space in the course. Carefully review submission directions
outlined in the overview document in order to correctly earn credit for your work. Learners may not
email or use other means to submit any assignment or project for review, including feedback, and
grading.
The UDP Spoofing Assignment includes two (2) deliverables:
● Readme: Include a txt file `readme.txt` describing your thought process or your solution to
this problem.
● Program/Code: In a ZIP file, provide your code (a Python script or source code in any
programming languages) that attacks the service and obtains the flag.
Making File Submissions in Canvas
Before submitting, confirm that your deliverables follow the requirements for the project, and then
submit your work in the designated submission space in the course. Your submission will be reviewed
by the course team before finalizing your assignment grade.
1. In your course, go to Submission: UDP Spoofing Assignment.
2. Click Start Assignment.
3. Click Choose File.
4. Locate and select one (1) deliverable file from your device.
5. If needed, click +Add Another File and repeat Steps 3 and 4 until all deliverables are added.
6. Select the agreement and then click Submit Assignment.
7. (If needed and allowed) To resubmit files:
a. Return to the Canvas submission space, click New Attempt, and repeat the process
from Step 3.
Evaluation
Your submission will be automatically graded in the challenge environment. As you complete each
challenge, you will receive a score in pwn.college. Scores will automatically populate to the course
after completion or after the due date passes. You will earn the maximum number of points for the
corresponding assignment in Canvas if you earn 100% on the challenge in pwn.college. Please refer
CSE 543
UDP Spoofing Assignment 3
to the Course Grade Breakdown in the syllabus PDF and the assignment submission space in
Canvas so you know how many points each assignment is worth.
Your deliverables will be reviewed by the course team before finalizing your assignment grade. No
credit will be given for missing or incorrect submissions.
Review the course syllabus for details regarding late penalties.
● You will earn full credit if you steal and submit the correct flag.
● If you do not steal and submit the correct flag, you will not earn credit.
● Partial credit will not be granted for this assignment.