首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
辅导Web开发|辅导R语言程序|辅导留学生 Statistics统计、回归、迭代|辅导Python编程
项目预算:
开发周期:
发布时间:
要求地区:
IY2840 Coursework 2:
Application and Web Security
Deadline: 10:00 am, 26 Mar 2021
This is a blind submission, and submissions must be made in a ZIP compressed file on
Moodle. This compressed file should include the coursework report and necessary source-code
files. The report must be in file PDF format, other formats such as: .docx or .pages are not
accepted. This coursework counts for 20% of your grade on this module and is worth 100
marks in total. We expect a good submission to be succinct and be less than six pages in
length. Learning outcomes assessed are:
• Understanding of UNIX/Linux and applications security.
• Understanding of how to exploit vulnerabilities and steps involved in their exploitation.
• Understanding of network packets and how to capture and investigate them.
• Understanding the fundamentals of network and Web attacks.
• Understanding the countermeasures and mitigation of these vulnerabilities and attacks.
IMPORTANT:
• SEED Unbuntu 16.04 virtual machine (https://seedsecuritylabs.org/lab_env.html)
should be used to develop and test some solutions for this coursework, you can use the
your SEED Ubuntu VM which is already used in the lab.
• Use the source file attachment (coursework2-files.zip) for Question 1 and Question 2.
• Use Wireshark to analyse the .pcap files in the coursework attachment.
• Download the following virtual machine (Web Server, 3.7GB) for Question 3:
– The Web Server VM: https://www.dropbox.com/s/apmwm8sm9g9qrue/ubuntu_web_
server_vm_cw2_2021.ova?dl=0
This VM must be used to test some solutions of Question 1 as it includes a running
Web server required for this question. Therefore, you need to install this VM on your
own machine and along with this VM you need also to use another machine like your
SEED VM used in the lab as an attacker machine. Keep in mind, you dont have access
to the Web server VM, except through the network (browsing port 80). To setup the
environment, follow the setup and configuration environment guidelines section
(see Appendix).
• All answers related to developing a program will be checked on a SEEDLab VM, so it is
important to make sure that your solutions being provided are executable on this platform.
1
This coursework aims to have you reflect on Unix, Application, Network and Web security.
To get started, it is important to review the lecture notes and lab materials, the course text,
but also to investigate online resources. We are not after essays in this coursework. We are
after concise and succinct responses to each question with some proof of implementation (code
snippets and screenshots). Do share useful resources that you find with others on the Moodle
forum, but do not give any answers away. Note: All the work you submit must be
solely your own work and you should make sure the submitted file not corrupted.
Submissions are routinely checked for plagiarism.
Questions
1. Question 1 (Total 30 Marks): Linux and Application Security
(a) An organisation is running a service to welcome its agents by printing a greeting
message along with their name on their terminal screen. The developer in this
organisation has created the C program (vulnerable − prog.c) to implement this
service on the Ubuntu 32bit Linux server and you are asked to compile the program
and manage its permissions in the operating system.
i. Compile the vulnerable − prog.c file using gcc but you have to disable the
smashing stack feature and enable the executable stack feature to be able to
solve the subsequent questions. Then, run the program and provide a terminal
screenshot of the outcome.
ii. The compiled program (file) has to be a root-owned Set-UID program, report
how to accomplish that, you may need to use some file permission Linux
instructions. Display the program file permissions in a terminal screenshot.
(3 marks)
Submit your answer and screenshots in your report.
(b) A cyber security team in the organisation has discovered that the previous program
(vulnerable-prog) is vulnerable to stack-based-buffer-overflow. As a pen-tester, you
have been assigned to perform a penetration test to check if this vulnerability is
exploitable in the system. You need to prepare the payload and exploit which will be
used for spawning shell with the root permission. You have an exploit file (exploit.c)
but this source-code file is incomplete having some missing codes.
i. Fix the exploit.c file by completing the missing parts of this file. Replace “?”
with the appropriate instructions or values to be able to compile and run the
exploit program. Beforehand, you will need to understand the buffer-overflow
exploit program and how the shell code is injected to have such an successful
attack [Hint: you may need to review the stack frame layout]. You may need to
turn off the buffer-overflow countermeasure features while compiling and running
the program (i.e. kernel.randomize va space = 0).
2
ii. Briefly explain and justify the entire program after fixing it and provide the
execution output (a screenshot), you may use code comments for the description
of the program. To get the full mark of this part, the new exploit program must
be executable, so include the amended exploit.c file in the submission.
(17 marks)
Submit your answer and screenshots in your report, along with the updated
exploit.c file
(c) Turn on the countermeasure (i.e. kernel.randomize va space = 2) which is associated
with the space address randomisation and run the exploit program (the amended
exploit.c file) again. Briefly explain the observation and provide a screenshot.
Then, write a shell script to defeat this countermeasure. The shell script should also
include a feature to display the cost of defeating using the metric of either the actual
time (hh:mm:ss) or the number of runs. Briefly explain the scripts and provide a
screenshot for the output. Also, include the shell script in the submission. Note:
In order to answer this part, you should have already solved the previous question,
Question 1b.
(10 marks)
Submit your answer and screenshots in your report, along with the script file
2. Question 2 (Total 30 Marks): Network Security
A security analyst team has the cp1.pcap, cp2.pcap and cp3.pcap files which are network
traffic captures of different network segments. They needs to identify potential attacks in
these files. You are asked to assist them in their task by doing the following:
(a) Examine these pcap files to determine the attacks within these files using
Wireshark; keep in mind, each file has only one attack. Justify your answers
including the description of those identified attacks and some screenshots of parts in
the traffic (the pcap files) which refer to the attacks if necessary.
(15 marks)
Submit your answer and your justification in your report.
(b) It is important for security analysts to understand suspicious activity in pcap files.
This is often done by reproducing attacks. Write a program or shell-script that
reproduces the attack in cp3.pcap [Hint: refer to Lab7 on how to create network
programs] and describe briefly the program in the report. Also, provide the pcap
traffic capture of running your program being developed using WireShark (your pcap
and the provided pcap files are not expected to be identical, as some IP addresses
would be different in your network settings. Note: you are not expected to reproduce
the pcap content line by line, but it has to be the same attack).
(15 marks)
Submit your source-code and your traffic-capture file from running your program.
3
3. Question 3 (Total 40 Marks): Web Security
Figure 1: Environment setup. See the appendix for setup information
A company “IY2840 Co.” owns a website, (http://10.0.2.x/index.html (x here is an
unknown part of the Web server IP address and students are expected to find it), this URL
refers to the virtual machine provided (Ubuntu Web Server VM) that hosts the company
web server, refer to Figure 1 which is utilised for managing the employees records of the
company. In order to access the website resources, you need to have a login credentials.
However, this website is vulnerable to SQL injection (SQLi) and cross-site scripting (XSS)
attacks.
(a) How can an attacker bypass the website login without having access
credentials? Assume there is an ’admin’ user for this system. Justify your
answer showing at least three different patterns of injections and report the output
(screenshots).
(10 marks)
Submit your answer and your justification in your report.
(b) An attacker is often keen on cracking the ’admin’ password in the system, however a
password is usually protected by a hashing function (SHA1 is used in this website).
How can an attacker learn about the stored password for the admin user
in this website?
• Demonstrate the steps to perform this attack including the necessary injected
SQL statements.
• Report the necessary screenshots.
(15 marks)
Submit your answer and screenshots in your report.
[Hints: for this question you should not use any type of available brute force attack
tools for cracking the website login in this system (i.e. hitting the system with many
randomised passwords). However, this question requires you to perform a number
4
of steps to learn about the website database (schema, tables and columns) to reach
and extract the stored password data. Then, you need to recover the actual password
using any online or offline tools.]
(c) Within so many websites, a session cookie approach is still widely used as a means to
maintain a session of an authenticated user. This cookie is normally created once a
user logs on to the website.
Suppose that you have already compromised the admin password from the previous
question. Create an XSS attack to be able to persistently steal the cookies
for the current admin sessions in the websites even if the admin changes
the password and the SQL injection vulnerability is fixed for the website
hereafter. As an attacker, you need to find out the sink where to inject the script
which facilitates obtaining the cookie and how to receive the cookie. Also, you may
need to take advantage of nc command to create a server in the attacker VM (your
own virtual machine) to capture the cookie.
Also, you need to use the following JavaScript/HTML methods to create a workable
script for the attack, however proposing some different alternatives of script methods
is acceptable as long as these scripts are executable:
1) Image().src="link to the image"
2) document.cookie
• Report the steps of the scenario and the stolen cookie.
• Provide all necessary outputs (screenshots and traffic capture) indicating that you
perform a successful attack.
• Can you identify the type of the XSS attack in this context?
(15 marks)
Submit your answer and screenshots in your report, along with a traffic packet capture
file.
SD & JH 12 March 2021
5
Appendix: Setup and config. environment guidelines
In addition to your existing SEED Lab VM, you will for the purposes of this coursework also
need a separate VM to be your Web server.
1. Install VirtualBox: https://www.virtualbox.org/wiki/Downloads. Make sure you are
using the most up-to-date VirtualBox.
Installation Notes for different platforms:
• Mac: you need to allow Oracle apps to be installed in the security and privacy setting.
• Windows: check that your machine has enabled virtualization. This can be done by
entering your bios and enabling virtualization in a setting there. To check whether
you have virtualization enabled or not, we suggest you go to your task manager,
see a screenshot here: https://www.shaileshjha.com/wp-content/uploads/2017/
02/windows_10_task_manager_performance_tab_virtualization_enabled.jpg
• Linux, we expect the problem would be the same as windows.
2. Download the Web server virtual machines.
3. Import the Web Server virtual machine. Follow how to import OVA files here: https:
//www.virtualbox.org/manual/ch01.html#ovf-import-appliance.
4. Click “File” on the top left of the VirtualBox main UI. Then click “Preferences” as shown
in Figure 2.
Figure 2: Preferences
5. Click the “Network” tab on left panel. click the “+” icon to create a new NAT Networks
(NatNetwork) adaptor (if one does not exist). Double click on the NatNetwork, and look
at its configuration. Set the configuration as the same as what is shown in Figure 3.
6. Enable Adapter 1 (and disable the other adapters if any are enabled), then choose “NAT
Network” and then NatwNetwork which is already declared in the previous step.
7. [IMPORTANT] Switch on both VMs. After you have switched on both, they will be given
an IP address each, it will be like 10.0.2.x IP address. You will need to find out what IP
6
Figure 3: Network Configuration
Figure 4: VM Network Adapter (the MAC address can be whatever VirtualBox assigns it.)
address is your Web server VM to in order to browse the website from your SEED Lab
VM. You can either scan your network to do so, or use a number of Linux commands to
find this out.
7
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
代做ece5550: applied kalman ...
2024-12-24
代做cp1402 assignment - netw...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!