Description
Purpose
The purpose of this assignment is to familiarize you with the most traditional type of TCP spoofing
attack. You will learn how to create and use raw sockets, send raw IP packets with forged source IPs,
manually establish TCP connections, and manually create TCP packets.
Objectives
Learners will be able to:
● Program with raw sockets.
● Create TCP packets both manually and programmatically.
● Simulate TCP connections from a forged IP programmatically.
● Send TCP packets with spoofed source IP addresses.
Technology Requirements
While learners can use any programming language, Python is strongly recommended since it saves
your time of coding.
Note: The course team will not be able to help you if you choose any language that is not Python,
Java, or C#; therefore, to create the best learning experience, Python is strongly recommended.
Assignment Description
A *TCP* service FlagIt is running at 10.0.0.3:13337. This TCP service receives a target IP address
from the user, and if the user is authenticated, it will happily send a flag (a special string) via UDP to
port 13337 of the target IP. Your job is to write a program that retrieves the flag.
FlagIt employs THE BEST AUTHENTICATION METHOD IN THE WORLD: Source-IP-based
authentication, which means it authenticates all users based on their source IP addresses. If a user’s
CSE 543
TCP Spoofing Assignment 1
source IP address is trusted, FlagIt will send out the flag to the specified destination (repeat: via
UDP). Otherwise, it will send an error message back to the untrusted user (via UDP, too).
The only trusted IP is 10.2.4.10. Your task is to break or bypass this source-IP-based authentication
scheme and steal the flag.
To keep the internet a secure place, 10.0.0.3 points to a private IP that is only accessible in the
pwn.college challenge environment.
Directions
Technology Setup Reminder
If you have not already joined the course’s pwn.college, please review the setup directions in Module
0: Welcome and Start Here of your course to properly gain access and start your work.
Accessing the Environment
1. Navigate to https://pwn.college.
2. Click “Login” in the upper right corner of the screen and enter your account credentials.
a. Click “Forgot your password?” if you have trouble logging in.
3. Navigate to “Dojos”, second option from the left at the top of the screen.
4. Under “Courses”, select “CSE 543 – Session X Year”.
5. Under “Modules”, select “TCP Spoofing Assignment”.
6. Under “Challenges”, click on “TCPSpoof”, read the details, and then click “Start” when you
are ready to work.
a. Optional: use “Practice” to help you work through the level with assistance.
Only the challenges in “TCP Spoofing Assignment” are counted towards your grade. The challenges
in “Labs – UDP and TCP Spoofing” are optional and not graded.
Assignment Directions
You are strongly encouraged to use Python 3 and the scapy package to solve this problem. Here is a
step-by-step guide:
CSE 543
TCP Spoofing Assignment 2
1. Since the goal is to conduct TCP spoofing, you may want to revisit the lecture about TCP
spoofing.
2. The key of TCP spoofing is correctly guessing the sequence number that the server sends
back. It is worth noting that the server is not using a secure TCP/IP stack. Specifically, the
server does not properly choose *random* initial sequence numbers for each TCP connection.
Therefore, you should collect several sequence numbers from talking to the server and
observe what is special about these sequence numbers.
3. Assuming you figured out the secret in how the server generates sequence numbers, the next
step is to implement a TCP client that talks to the server using scapy.
4. Since your TCP client will send TCP segments with forged source IPs, you must work with raw
sockets.
5. The only thing difficult with implementing a TCP client using raw sockets is correctly computing
the checksum of each TCP segment. You may find online how TCP checksum works.
6. Make sure the source code of your TCP client is properly documented.
7. Use your TCP client to attack the server and get the flag. Remember that the flag will be sent
back to you via UDP.
8. Submit the flag to the pwn.college challenge environment.
9. Submit a file (`readme.txt`) that describes your thought process and your solution. In addition,
submit your code (as a separate zip file) to the submission space provided in the course.
Note: If you do not receive any UDP or TCP response from the server, you should inform the
instructor immediately since it might be a server-side issue.
Submission Directions for Project Deliverables
You are given an unlimited number of attempts to submit your best work. The number of attempts is
given to anticipate any submission errors you may have in regards to properly submitting your best
work within the deadline (e.g., accidentally submitting the wrong paper). It is not meant for you to
receive multiple rounds of feedback and then one (1) final submission. Only your most recent
submission will be assessed.
You must complete your TCP Spoofing Assignment deliverables in pwn.college and then submit the
deliverables in its submission space in the course. Carefully review submission directions
outlined in the overview document in order to correctly earn credit for your work. Learners may not
CSE 543
TCP Spoofing Assignment 3
email or use other means to submit any assignment or project for review, including feedback, and
grading.
The TCP Spoofing Assignment includes two (2) deliverables:
● Readme: A txt file `readme.txt` describing your thought process or your solution to this
problem.
● Program/Code: In a ZIP file, provide your code (a Python script or source code in any
programming languages) that attacks the service and obtains the flag.
Making File Submissions in Canvas
Before submitting, confirm that your deliverables follow the requirements for the project, and then
submit your work in the designated submission space in the course. Your submission will be reviewed
by the course team before finalizing your assignment grade.
1. In your course, go to Submission: TCP Spoofing Assignment.
2. Click Start Assignment.
3. Click Choose File.
4. Locate and select one (1) deliverable file from your device.
5. If needed, click +Add Another File and repeat Steps 3 and 4 until all deliverables are added.
6. Select the agreement and then click Submit Assignment.
7. (If needed and allowed) To resubmit files:
a. Return to the Canvas submission space, click New Attempt, and repeat the process
from Step 3.
Evaluation
Your submission will be automatically graded in the challenge environment. As you complete each
challenge, you will receive a score in pwn.college. Scores will automatically populate to the course
after completion or after the due date passes. You will earn the maximum number of points for the
corresponding assignment in Canvas if you earn 100% on the challenge in pwn.college. Please refer
to the CourseGrade Breakdown in the syllabus PDF and the assignment submission space in Canvas
so you know how many points each assignment is worth.
CSE 543
TCP Spoofing Assignment 4
Your deliverables will be reviewed by the course team before finalizing your assignment grade. No
credit will be given for missing or incorrect submissions.
Review the course syllabus for details regarding late penalties.
You will earn full credit if your stolen flag.txt is correct. Otherwise, the instructor will grade your
submission and assign partial scores:
● You will earn 40% credit if your code for predicting TCP sequence numbers is reasonable and
correct.
● You will earn 30% credit if your attacking logic is reasonable and correct.
● The remaining 30% is deducted for an incorrect stolen flag.txt.
You will not be able to explain to the instructor what your submitted source code does or intends to
do. Therefore, it is important to ensure that your code is properly commented, especially when your
code does not fully work.