Submission and Grading

Writeup

Each group must submit writeup–two pages maximum, please. For each of flags 3–8 only, include a brief description (2–3 sentences) of how you acquired the flag, and a suggestion (a line of code or 2–3 sentences) for how to protect against your exploit.

In your writeup, even if there are flags where the same defenses apply, please do not say “Refer to the defenses from Flag X”. Please re-write out and copy out defenses.

Grading & Deliverables

For your grade on project 3, we will compute a weighted average as follows:

70% for finding exploits, equally distributed across all 8 flags. You do not need to submit anything, since flags are automatically registered on the server.
30% for the writeup, equally distributed across flags 3–8. Submit a writeup to Gradescope, and remember to add your partner if you worked in a group.

There is no submission for your actual exploits–as long as you see the timestamps for flags populate on the splash page https://box.cs161.org, you’ve gotten credit for them!