security代写 | Network | Algorithm | 密码学 | cryptography – CSCI 4174/CSCI 6708 NETWORK SECURITY: ASSIGNMENT NO. 5

CSCI 4174/CSCI 6708 NETWORK SECURITY: ASSIGNMENT NO. 5

security代写 | Network | Algorithm | 密码学 | cryptography – 这是一个关于network的题目, 主要考察了关于security network的内容,是一个比较经典的题目, 是比较典型的网络安全等代写方向, 涉及了密码学相关的内容,这个项目是assignment代写的代写题目

web代写 代写web 网站代写

PLEASE READ – GENERAL IMPORTANT NOTES FOR ALL ASSIGNMENTS:

  1. It is very important that you use the network tools that you download only for collecting information about your own machine or a self-contained private network. Never use any of the tools for unethical purposes
  2. All references must be properly cited in your answers. Use IEEE or ACM reference styles (https://www.ieee.org/documents/ieeecitationref.pdf) (https://www.cs.ucy.ac.cy/~chryssis/specs/ACM-refguide.pdf). Points will be deducted for improper citations and citations in incorrect formats.
  3. Keep in mind that just because you cite references, you must not cut-and-paste from these or other sources. The write-up must be properly paraphrased and referenced.
  4. Late Penalty Policy : The assignment is due at 11.59 PM on the due date. It will not be marked late up to 5 hours past the deadline. Beyond the grace time, there will be a 10% per day on the mark earned on the assignment. For instance, if your score on the assignment is 8/10 and there is a 10% late penalty, the score will be reduced to 7.2/10. Assignments that are five days past due will not be accepted. 5. Submission : Submission will be on Brightspace.

In this assignment, you will be completing two exercises. The first exercise asks you to do a program emulation of the RSA algorithm. In the second exercise, you will be using the Social Engineering Toolkit in Kali Linux to emulate a simple phishing attack.

Exercise 1 (RSA Emulation): The Objective of the exercise is to emulate the RSA algorithm. Your program must accept two prime numbers, p and q, and determine the public and private keys. Then it must accept a plaintext message, represented by an integer m, and determine the ciphertext c. It should then decrypt the ciphertext c to get back the original integer m. Your program should be implemented from first principles without using standard libraries for RSA.

Design the program to accept user input from the console and display the output to the console.

A sample dialog is given below: Enter the prime numbers, p and q: 11 17

Calculating RSA values ….

Public RSA key is (3, 187) Private RSA key is (107, 187)

Enter the plaintext message m (an integer): 5

Encrypting m… The ciphertext c is 125

Decrypting c …. The plaintext m is 5

Use the steps of the RSA Algorithm discussed in the lectures, and given below, in your program:

  1. Choose two primes p and q (these are the input values).
  2. Find their product n = pq
  3. Choose an integer e that is < n and relatively prime to (p-1)(q-1), that is, e and (p-1)(q-1) do not have common factors.
  4. Find an integer d such that ed mod (p-1)(q-1) = 1

Then the public RSA key is (e,n) and the private RSA key is (d, n). Encryption formula is c = me mod n Decryption formula is d = cd mod n

For calculating cd mod n where cd can be a large number, use the mod calculation method discussed in the lectures. For example, to calculate 1 25107 mod 187, express 107 in powers of 2 as follows:

125 (64 + 32 + 8 + 2 + 1) mod 187 = ((125^64 mod 187)(125^32 mod 187)(125^8 mod 187)(125^2 mod 187)(125 mod 187))mod 187

Then find the result by working from the smallest power upwards: using 125 mod 187 you would find 125^2 mod 187, from that you would find 125^8 mod 187, and so on.

Test your program for at least three sets of inputs.

Exercise 2: Simulation of Credential Stealing with a Phishing Attack

Credential Stealing is a major cyber-threat in which a victims identity is stolen to gain access to the victims systems and/or steal valuable information. One of the important ways in which credential stealing is carried out is social engineering such as phishing, in which hackers pose as a trusted organization and trick users to revealing confidential information.

Kali Linux has a pre-installed functionality called the Social Engineering Toolkit (SET) that can be used by security professionals for testing different social engineering attacks. The objective of this exercise is to simulate a phishing attack for credential stealing. You will create a Google phishing page using the SET.

Important note: You will not be sending the phishing link to anyone outside your machine! Rather, you will simulate it on your own machine.

Steps

Step -1: Ensure that you are able to access the Internet from your Kali Linux browser by making the appropriate settings on your Kali Linux Virtual machine. Reference link: https://www.hacking-tutorial.com/tips-and-trick/how-to-enable-the-network-in-kali-linux- virtual-box/

Step 0: Read and understand the Social Engineering Toolkit in Kali Linux. You will find the following websites to be useful: https://www.tutorialspoint.com/kali_linux/kali_linux_social_engineering.htm

https://linuxhint.com/kali-linux-set/ https://medium.com/@nancyjohn_95536/using-set-tool-kit-to-perform-website-cloning-in-kali-linux- 67fa01c92af

Once you understand the basics of the toolkit, follow these steps.

  1. Open the terminal window in Kali and make sure you have root access as this is a requirement for setoolkit. (Full form of setoolkit: Social Engineering TOOLKIT)
  2. Type setoolkit in the command line.
  3. Enter the appropriate option (Option number 1) to select Social Engineering Attacks.
  4. Choose an appropriate type for social engineering attack that depicts Website Attack Vectors. (Please see screenshot below)

5. Enter the appropriate option (Option number 3) to select Credential Harvester Attack

Method as the aim is to obtain user credentials by creating a fake page that will have certain

form fields. (Please see screenshot below).

  1. Choose the option for web templates to craft a malicious web page.
  2. Next, it will ask you to provide an IP where the credentials captured will be stored. Paste the address of your Kali Linux virtual Machine. And hit enter. You can find out IP Address of kali Linux using ifconfig command.
  3. Choose a Google template to clone the website.
  1. The setup for a phishing attack is complete, you have cloned the login page of Google and hosted it on the server.
  2. Now, generate a phishing link by creating a test. html file in your Kali virtual machine as follows: (Please copy IP address of your kali linux in place of IP_ADDRESS. (Example: http://10.0.0.130, here 10.0.130 is IP address of Kali Virtual Machine)

html>

Login to google Page

  1. Now, go to the browser and open the test.html file.
  2. You will find the phishing URL on the page as follows: Login to google Page
  3. Click on Login to google Page
  4. This will redirect you to the fake Google page.
  5. Enter username and password and click on login.
  6. In the background, your setoolkit has recorded your credential information. (If an unsuspecting user fills in their details and clicks on Log In, the fake page takes them to the actual Google login page. Usually, people tend to pass it off as a glitch in Google or an error in their typing).
  7. Find out the location where you can check the credentials, that have been recorded in XML file.

What to submit for this exercise.

  1. Once you successfully record the user credentials, take a screenshot for each of the following steps: 2, 3,4,5, 6, 7,8, 9, 12,13,16,17. ( 12 screenshots)
  2. Write down the location of the credentials stored. Also, write down the login information that you have recorded.

Submission: A zip file containing the following: a) Source code for Exercise 1; b) Sample inputs/outputs for Exercise 1; c) Screenshots for Exercise 2; and d) Answers to Question 2 above for Exercise 2.