IY2840 Coursework 2
web代做 | 代做report | security | Network | 代做network | shell作业 | 代做Python | lab作业 | 代做sql – 该题目是一个常规的sql的练习题目代写, 涉及了web/report/security/Network/network/shell/Python/sql等代写方面, 这个项目是lab代写的代写题目
Deadline:10:00am, 25th March 2022
This coursework is aimed to have you reflect on attacks and their mitigations. To get started, it is important that you review the lecture material and the course text. You are also expected to investigate online and/or library resources. We are not after essays in this coursework. We are after concise and succinct responses to each question, and suggest using bullet points and sketches where appropriate. Please make sure that any resource you use is suitably acknowledged as submissions are routinely checked for plagiarism.You are free to choose referencing style.
Total amount of marks in this coursework is 100 marks. This is a blind submission, and submissions are to be uploaded in PDF format on Moodle. The PDF file should contain all screenshots and source code requested. Specifics for these are indicated with blue underlined text. Do not include screenshots or sourcec code as files. This coursework counts for 20% of your grade on this module.
It is recommended that you use the SEED lab VMs to perform any tasks required for this coursework.
Question 1: Linux and Application Security
(a) An organisation is running a service to welcome its agents by printing a greeting
message along with their name on their terminal screen. The developer in this
organisation has created the C program (vulnerable-prog.c) to implement
this service on the Ubuntu 32bit Linux server and you are asked to compile the
program and manage its permissions in the operating system.
i.[3 marks] Compile thevulnerable-prog.cfile usinggccbut you have to
disable the smashing stack feature and enable the executable stack feature
to be able to solve the subsequent questions. Then, run the program and
provide a terminal screenshot of the outcome in your report.
ii.[2 marks] The compiled program (file) has to be a root-owned Set-UID
program. Provide the commands you would execute to achieve this. Show
the program file permissions in a terminal screenshot in your report.
(b) A cyber security team in the organisation has discovered that the previous pro-
gram (vulnerable-prog.c) is vulnerable to stack-based buffer overflow. As a
pentester, you have been assigned to perform a penetration test to check if this
vulnerability is exploitable in the system. You need to prepare the payload and
exploit which will be used for spawning shell with the root permission. You
have an exploit file (exloit.c) but this source-code file and is missing some
statements.
i.[15 marks] Fix theexploit.cfile by completing the missing parts of this
file. Replace all instances of ? with the appropriate instructions or values
to be able to compile and run the exploit program. Beforehand, you will
need to understand the buffer-overflow exploit program and how the shell
code is injected to have such an successful attack [Hint: you may need
to review the stack frame layout]. You may need to turn off the buffer-
overflow countermeasure features while compiling and running the program
(i.e. kernel.randomizevaspace = 0).Providetheamendedexploit.ccode
withyourchangeshilightedinyourPDF.
ii.[3 marks] Briefly explain and justify the entire program after fixing it and
provide a screenshot of the execution output in your PDF.
(c) [12 marks]Briefly explain three countermeasures used in Linux to prevent
stack-overflow attacks. Include in your answer how to enable them or how to
check if they are already enabled.
(d) [15 marks]Turn on the ASLR countermeasure (i.e. kernel.randomizevaspace
= 2) which is associated with the space address randomisation and run the ex-
ploit program (the amendedexploit.cfile) again. Briefly explain the observa-
tion and provide a screenshot in your report. Then, write a program to defeat
this countermeasure. The program should also include a feature to display the
cost of defeating using the metric of either the actual time (hh:mm:ss) or the
number of runs. Briefly explain the scripts andprovideascreenshotoftheout-
putinyourPDF.IncludeyoursourcecodeinyourPDF.
Note: In order to answer this part, you should have already solved
part b.
Question 2: network Security
(a) A security analyst team has thecapture1.pcap,capture2.pcapand
capture3.pcapfiles which are network traffic captures of different network seg-
ments. They need to identify potential attacks in these files. You are asked to
assist them in their task by doing the following:
i.[15 marks] Examine thesepcapfiles to determine the attacks within these
files using Wireshark; keep in mind, each file has only one attack. Justify
your answers including the description of those identified attacks and some
screenshots of parts in the traffic (thepcapfiles) which refer to the attacks
if necessary.
ii.[5 marks] It is important for security analysts to understand suspicious
activity in pcap files. This is often done by reproducing attacks. Setup and
execute the attack identified incapture3.pcap. Provideascreenshotof
networktrafficcausedbyyourattackinWireshark.
Note: your pcapand the providedpcapfiles are not expected to
be identical. You are not expected to reproduce the pcap content
line by line, but it has to be the same attack.
Question 3: web Security
A company owns a website which is utilised for managing the employees records of
the company. This website is run on a webserver using the Python code provided
(CW2WebServer.py). The webserver can be run on the SEEDLabs VM with the com- mandpython3 CW2WebServer.py. The webserver runs locally and can be accessed at localhost:8081. Be advised that when the webserver is restarted, it resets the database.In order to access the website resources, you need to have a login credentials. However, this website is vulnerable to sql injection (SQLi) and cross-site scripting (XSS) attacks. It is suggested you use two VMs; one as the web server and one as the attacker.
(a) [10 marks]How can an attacker bypass the website login without having access
credentials? Assume there is an admin user for this system. Justify your answer
showing at leastthreedifferent patterns of injections andprovidescreenshots
inyourPDF.
(b) Within so many websites, a session cookie approach is still widely used as a
means to maintain a session of an authenticated user. This cookie is normally
created once a user logs on to the website. Suppose that you have already
compromised the admin password from the previous question.
i.[15 marks] Create an XSS attack to be able to persistently steal the
cookies for the current admin sessions in the websites even if the admin
changes the password and the SQL injection vulnerability is fixed for the
website hereafter. As an attacker, you need to find out the sink where to
inject the script which facilitates obtaining the cookie and how to receive
the cookie. Also, you may need to create a web server in your own virtual
machine to capture the cookie. You will need to use the JavaScript/HTML
methoddocument.cookieto create a workable script for the attack, however
proposing some different alternatives of script methods is acceptable as long
as these scripts are executable.
ii.[4 marks] report the steps of the scenario and the stolen cookie. Provide
screenshots of the outputs in your report.Includescreenshotsofthetraffic
captureinWiresharkindicatingthatyouperformedasuccessfulattack.
iii. [1 mark] Can you identify the type of the XSS attack in this context?
SK/GS March 2022