http://www.cis.syr.edu/~wedu/seed/software_security.html . To see the description of the lab (enunciado) select "Description". All labs are executed in a virtual machine (VM) provided by the SEED Labs project: SEEDUbuntu12.04.

Lab 1: Race-condition vulnerability Lab (only task 1):

http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Race_Condition/

Lab 2: Buffer overflows (only task 1):

http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Buffer_Overflow/ (Notes: in call_shellcode.c the include of string.h is missing; in stack.c the buffer must be 32 bytes instead of 24)

Lab 3: Format string vulnerability lab (only task 1):  

http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Software/Format_String/  (note: some students tried to solve the lab in machines other than the VM provided by the Seed labs and had no success. The problem seems to be when the program is compiled into 64-bit binary code. It seems to work if you compile the program with the -m32 flag, that forces the compiler to produce 32-bit code: gcc vul_prog.c -m32 -o vul_prog )

Lab 4: Cross site scripting - Collabtive (tasks 1 to 4):      

http://www.cis.syr.edu/~wedu/seed/Labs/Web/XSS_Collabtive/

Lab 5: SQL injection - Collabtive (all tasks):          

http://www.cis.syr.edu/~wedu/seed/Labs/Web/SQL_Injection_Collabtive/

Lab 6: Perl's Taint Mode (Section 1 of 01-exercises-introduction-to-iflow.pdf):
https://fenix.tecnico.ulisboa.pt/downloadFile/845043405457887/exercises-introduction-to-iflow.pdf

Lab 7: Information Flow Challenge (Section 2 of 03-exercises-static-analysis-high-level-languages.pdf):
https://fenix.tecnico.ulisboa.pt/downloadFile/845043405457889/exercises-static-analysis-high-level-languages.pdf

Lab 8: Interpreter Instrumentation (Section 1 of 05-exercises-dynamic-analysis.pdf):
https://fenix.tecnico.ulisboa.pt/downloadFile/845043405457883/exercises-dynamic-analysis.pdf


Instructions to use the VM at Tagus: (UPDATED FOR 1718)

The SEED Labs VM is executed using VirtualBox in Ubuntu or Windows. The image is at:
- Ubuntu-> /vms/vms/ssof2017/
- Windows-> D:\vms\ssof2017\

The instructions on how to make the VM image available on VirtualBox the first time it is executed is in the file UseVirtualBox.pdf


Instructions to use the VM at RNL (Alameda): (UPDATED FOR 1718)

The SEED Labs VM is executed in QEMU, using the interface provided by RNL. RNL instructions: https://rnl.tecnico.ulisboa.pt/servicos/virtualizacao/

cd /var/tmp  —> you shouldn’t run the VM on the remote file system (AFS) because the performance is bad

mkdir working-dir

cd working-dir

Create disk:

rnl-virt disk create name_disk template  —> creates a disk for the VM; template = SS; disk kept in a file called name_disk.qcow2 and it’s a differential disk (so smaller). 

Start or restart VM:

rnl-virt vm create name_vm template name_disk.qcow2 --nat —> creates a VM based on a disk (but does not run it)

rnl-virt vm list —> lists available VMs

rnl-virt vm start name_vm —> runs a VM but does not show the terminal

rnl-virt vm open name_vm > shows the terminal of a running VM

Simple example:

rnl-virt disk create SS SS; rnl-virt vm create SS SS SS.qcow2; rnl-virt vm start SS; rnl-virt vm open SS

Finish session:

rnl-virt vm stop   —> shuts-down VM (equivalent to shutdown inside VM)

rnl-virt vm stop --force    —> crashes VM

The disk can be copied into AFS or a USB pen drive.