” IY2840留学生 写作、C/C++语言程序调试IY2840 Coursework 2:Application and Web SecurityDeadline: 10:00 am, 26 Mar 2021This is a blind submission, and submissions must be made in a ZIP compressed file onMoodle. This compressed file should include the coursework report and necessary source-codefiles. The report must be in file PDF format, other formats such as: .docx or .pages are notaccepted. This coursework counts for 20% of your grade on this module and is worth 100marks in total. We expect a good submission to be succinct and be less than six pages inlength. Learning outcomes assessed are: Understanding of UNIX/Linux and applications security. Understanding of how to Exploit vulnerabilities and steps involved in their exploitation. Understanding of network packets and how to capture and investigate them. Understanding the fundamentals of network and Web attacks. Understanding the countermeasures and mitigation of these vulnerabilities and attacks.IMPORTANT: SEED Unbuntu 16.04 virtual machine ( httpss://seedsecuritylabs.org/lab_env.html)should be used to develop and test some solutions for this coursework, you can use theyour SEED Ubuntu VM which is already used in the lab. Use the source file attachment (coursework2-files.zip) for Question 1 and Question 2. Use Wireshark to analyse the .pcap files in the coursework attachment. Download the following virtual machine (Web Server, 3.7GB) for Question 3: The Web Server VM: httpss://www.dropbox.com/s/apmwm8sm9g9qrue/ubuntu_web_server_vm_cw2_2021.ova?dl=0This VM must be used to test some solutions of Question 1 as it includes a runningWeb server required for this question. Therefore, you need to install this VM on yourown machine and along with this VM you need also to use another machine like yourSEED VM used in the lab as an attacker machine. Keep in mind, you dont have accessto the Web server VM, except through the network (browsing port 80). To setup theenvironment, follow the setup and configuration environment guidelines section(see Appendix). All answers related to developing a program will be checked on a SEEDLab VM, so it isimportant to make sure that your solutions being provided are executable on this platform.1This coursework aims to have you reflect on Unix, Application, Network and Web security.To get started, it is important to review the lecture notes and lab materials, the course text,but also to investigate online resources. We are not after essays in this coursework. We areafter concise and succinct responses to each question with some proof of implementation (codesnippets and screenshots). Do share useful resources that you find with others on the Moodleforum, but do not give any answers away. Note: All the work you submit must besolely your own work and you should make sure the submitted file not corrupted.Submissions are routinely checked for plagiarism.Questions1. Question 1 (Total 30 Marks): Linux and Application Security(a) An organisation is running a service to welcome its agents by printing a greetingmessage along with their name on Their terminal screen. The developer in thisorganisation has created the C program (vulnerable prog.c) to implement thisservice on the Ubuntu 32bit Linux server and you are asked to compile the programand manage its permissions in the operating system.i. Compile the vulnerable prog.c file using gcc but you have to disable thesmashing stack feature and enable the executable stack feature to be able tosolve the subsequent questions. Then, run the program and provide a terminalscreenshot of the outcome.ii. The compiled program (file) has to be a root-owned Set-UID program, reporthow to accomplish that, you may need to use some file permission Linuxinstructions. Display the program file permissions in a terminal screenshot.(3 marks)Submit your answer and screenshots in your report.(b) A cyber security team in the organisation has discovered that the previous program(vulnerable-prog) is vulnerable to stack-based-buffer-overflow. As a pen-tester, youhave been assigned to perform a penetration test to check if this vulnerability isexploitable in the system. You need to prepare the payload and exploit which will beused for spawning shell with the root permission. You have an exploit file (exploit.c)but this source-code file is incomplete having some missing codes.i. Fix the exploit.c file by completing the missing parts of this file. Replace ?with the appropriate instructions or values to be able to compile and run theexploit program. Beforehand, you will need to understand the buffer-overflowexploit program and how the shell code is injected to have such an successfulattack [Hint: you may need to review the stack frame layout]. You may need toturn off the buffer-overflow countermeasure features while compiling and runningthe program (i.e. kernel.randomize va space = 0).2ii. Briefly explain and justify the Entire program after fixing it and provide theexecution output (a screenshot), you may use code comments for the descriptionof the program. To get the full mark of this part, the new exploit program mustbe executable, so include the amended exploit.c file in the submission.(17 marks)Submit your answer and screenshots in your report, along with the updatedexploit.c file(c) Turn on the countermeasure (i.e. kernel.randomize va space = 2) which is associatedwith the space address randomisation and run the exploit program (the amendedexploit.c file) again. Briefly explain the observation and provide a screenshot.Then, write a shell script to defeat this countermeasure. The shell script should alsoinclude a feature to display the cost of defeating using the metric of either the actualtime (hh:mm:ss) or the number of runs. Briefly explain the scripts and provide ascreenshot for the output. Also, include the shell script in the submission. Note:In order to answer this part, you should have already solved the previous question,Question 1b.(10 marks)Submit your answer and screenshots in your report, along with the script file2. Question 2 (Total 30 Marks): Network SecurityA security analyst team has the cp1.pcap, cp2.pcap and cp3.pcap files which are networktraffic captures of different network segments. They needs to identify potential attacks inthese files. You are asked to assist them in their task by doing the following:(a) Examine these pcap files to determine the attacks within these files usingWireshark; keep in mind, each file has only one attack. Justify your answersincluding the description of Those identified attacks and some screenshots of parts inthe traffic (the pcap files) which refer to the attacks if necessary.(15 marks)Submit your answer and your justification in your report.(b) It is important for security analysts to understand suspicious activity in pcap files.This is often done by reproducing attacks. Write a program or shell-script thatreproduces the attack in cp3.pcap [Hint: refer to Lab7 on how to create networkprograms] and describe briefly the program in the report. Also, provide the pcaptraffic capture of running your program being developed using WireShark (your pcapand the provided pcap files are not expected to be identical, as some IP addresseswould be different in your network settings. Note: you are not expected to reproducethe pcap content line by line, but it has to be the same attack).(15 marks)Submit your source-code and your traffic-capture file from running your program.33. Question 3 (Total 40 Marks): Web SecurityFigure 1: Environment setup. See the appendix for setup informationA company IY2840 Co. owns a website, ( https://10.0.2.x/index.html (x here is anunknown part of the Web server IP address and students are expected to find it), this URLrefers to the virtual machine provided (Ubuntu Web Server VM) that hosts the companyweb server, refer to Figure 1 which is utilised for managing the employees records of thecompany. In order to access the website resources, you need to have a login credentials.However, this website is Vulnerable to SQL injection (SQLi) and cross-site scripting (XSS)attacks.(a) How can an attacker bypass the website login without having accesscredentials? Assume there is an admin user for this system. Justify youranswer showing at least three different patterns of injections and report the output(screenshots).(10 marks)Submit your answer and your justification in your report.(b) An attacker is often keen on cracking the admin password in the system, however apassword is usually protected by a hashing function (SHA1 is used in this website).How can an attacker learn about the stored password for the admin userin this website? Demonstrate the steps to perform this attack including the necessary injectedSQL statements. Report the necessary screenshots.(15 marks)Submit your answer and screenshots in your report.[Hints: for this question you should not use any type of available brute force attacktools for cracking the website login in this system (i.e. hitting the system with manyrandomised passwords). However, this question requires you to perform a number4of steps to learn about the website database (schema, tables and columns) to reachand extract the stored password data. Then, you need to recover the actual passwordusing any online or offline tools.](c) Within so many websites, a session cookie approach is still widely used as a means tomaintain a session of an authenticated user. This cookie is normally created once auser logs on to the website.Suppose that you have Already compromised the admin password from the previousquestion. Create an XSS attack to be able to persistently steal the cookiesfor the current admin sessions in the websites even if the admin changesthe password and the SQL injection vulnerability is fixed for the websitehereafter. As an attacker, you need to find out the sink where to inject the scriptwhich facilitates obtaining the cookie and how to receive the cookie. Also, you mayneed to take advantage of nc command to create a server in the attacker VM (yourown virtual machine) to capture the cookie.Also, you need to use the following JavaScript/HTML methods to create a workablescript for the attack, however proposing some different alternatives of script methodsis acceptable as long as these scripts are executable:1) Image().src=link to the image2) document.cookie Report the steps of the scenario and the stolen cookie. Provide all necessary outputs (screenshots and traffic capture) indicating that youperform a successful attack. Can you identify the type of the XSS attack in this context?(15 marks)Submit your answer and screenshots in your report, along with a traffic packet capturefile.SD JH 12 March 20215Appendix: Setup and config. environment guidelinesIn addition to your existing SEED Lab VM, you will for the purposes of this coursework alsoneed a separate VM to be your Web server.1. Install VirtualBox: httpss://www.virtualbox.org/wiki/Downloads. Make sure you areusing the most up-to-date VirtualBox.Installation Notes for different platforms: Mac: you need to allow Oracle Apps to be installed in the security and privacy setting. Windows: check that your machine has enabled virtualization. This can be done byentering your bios and enabling virtualization in a setting there. To check whetheryou have virtualization enabled or not, we suggest you go to your task manager,see a screenshot here: httpss://www.shaileshjha.com/wp-content/uploads/2017/02/windows_10_task_manager_performance_tab_virtualization_enabled.jpg Linux, we expect the problem would be the same as windows.2. Download the Web server virtual machines.3. Import the Web Server virtual machine. Follow how to import OVA files here: httpss://www.virtualbox.org/manual/ch01.html#ovf-import-appliance.4. Click File on the top left of The VirtualBox main UI. Then click Preferences as shownin Figure 2.Figure 2: Preferences5. Click the Network tab on left panel. click the + icon to create a new NAT Networks(NatNetwork) adaptor (if one does not exist). Double click on the NatNetwork, and lookat its configuration. Set the configuration as the same as what is shown in Figure 3.6. Enable Adapter 1 (and disable the other adapters if any are enabled), then choose NATNetwork and then NatwNetwork which is already declared in the previous step.7. [IMPORTANT] Switch on both VMs. After you have switched on both, they will be givenan IP address each, it will be like 10.0.2.x IP address. You will need to find out what IP6Figure 3: Network ConfigurationFigure 4: VM Network Adapter (the MAC address can be whatever VirtualBox assigns it.)address is your Web server VM to in Order to browse the website from your SEED LabVM. You can either scan your network to do so, or use a number of Linux commands tofind this out.请加QQ:99515681 或邮箱:99515681@qq.com WX:codehelp
“
添加老师微信回复‘’官网 辅导‘’获取专业老师帮助,或点击联系老师1对1在线指导。
