IY2840留学生代做、C/C++语言程序调试

IY2840留学生代做、C/C++语言程序调试

IY2840 Coursework 2:

Application and Web Security

Deadline: 10:00 am, 26 Mar 2021

This is a blind submission, and submissions must be made in a ZIP compressed file on

Moodle. This compressed file should include the coursework report and necessary source-code

files. The report must be in file PDF format, other formats such as: .docx or .pages are not

accepted. This coursework counts for 20% of your grade on this module and is worth 100

marks in total. We expect a good submission to be succinct and be less than six pages in

length. Learning outcomes assessed are:

? Understanding of UNIX/Linux and applications security.

? Understanding of how to exploit vulnerabilities and steps involved in their exploitation.

? Understanding of network packets and how to capture and investigate them.

? Understanding the fundamentals of network and Web attacks.

? Understanding the countermeasures and mitigation of these vulnerabilities and attacks.

IMPORTANT:

? SEED Unbuntu 16.04 virtual machine (https://seedsecuritylabs.org/lab_env.html)

should be used to develop and test some solutions for this coursework, you can use the

your SEED Ubuntu VM which is already used in the lab.

? Use the source file attachment (coursework2-files.zip) for Question 1 and Question 2.

? Use Wireshark to analyse the .pcap files in the coursework attachment.

? Download the following virtual machine (Web Server, 3.7GB) for Question 3:

– The Web Server VM: https://www.dropbox.com/s/apmwm8sm9g9qrue/ubuntu_web_

server_vm_cw2_2021.ova?dl=0

This VM must be used to test some solutions of Question 1 as it includes a running

Web server required for this question. Therefore, you need to install this VM on your

own machine and along with this VM you need also to use another machine like your

SEED VM used in the lab as an attacker machine. Keep in mind, you dont have access

to the Web server VM, except through the network (browsing port 80). To setup the

environment, follow the setup and configuration environment guidelines section

(see Appendix).

? All answers related to developing a program will be checked on a SEEDLab VM, so it is

important to make sure that your solutions being provided are executable on this platform.

1

This coursework aims to have you reflect on Unix, Application, Network and Web security.

To get started, it is important to review the lecture notes and lab materials, the course text,

but also to investigate online resources. We are not after essays in this coursework. We are

after concise and succinct responses to each question with some proof of implementation (code

snippets and screenshots). Do share useful resources that you find with others on the Moodle

forum, but do not give any answers away. Note: All the work you submit must be

solely your own work and you should make sure the submitted file not corrupted.

Submissions are routinely checked for plagiarism.

Questions

1. Question 1 (Total 30 Marks): Linux and Application Security

(a) An organisation is running a service to welcome its agents by printing a greeting

message along with their name on their terminal screen. The developer in this

organisation has created the C program (vulnerable ? prog.c) to implement this

service on the Ubuntu 32bit Linux server and you are asked to compile the program

and manage its permissions in the operating system.

i. Compile the vulnerable ? prog.c file using gcc but you have to disable the

smashing stack feature and enable the executable stack feature to be able to

solve the subsequent questions. Then, run the program and provide a terminal

screenshot of the outcome.

ii. The compiled program (file) has to be a root-owned Set-UID program, report

how to accomplish that, you may need to use some file permission Linux

instructions. Display the program file permissions in a terminal screenshot.

(3 marks)

Submit your answer and screenshots in your report.

(b) A cyber security team in the organisation has discovered that the previous program

(vulnerable-prog) is vulnerable to stack-based-buffer-overflow. As a pen-tester, you

have been assigned to perform a penetration test to check if this vulnerability is

exploitable in the system. You need to prepare the payload and exploit which will be

used for spawning shell with the root permission. You have an exploit file (exploit.c)

but this source-code file is incomplete having some missing codes.

i. Fix the exploit.c file by completing the missing parts of this file. Replace “?”

with the appropriate instructions or values to be able to compile and run the

exploit program. Beforehand, you will need to understand the buffer-overflow

exploit program and how the shell code is injected to have such an successful

attack [Hint: you may need to review the stack frame layout]. You may need to

turn off the buffer-overflow countermeasure features while compiling and running

the program (i.e. kernel.randomize va space = 0).

2

ii. Briefly explain and justify the entire program after fixing it and provide the

execution output (a screenshot), you may use code comments for the description

of the program. To get the full mark of this part, the new exploit program must

be executable, so include the amended exploit.c file in the submission.

(17 marks)

Submit your answer and screenshots in your report, along with the updated

exploit.c file

(c) Turn on the countermeasure (i.e. kernel.randomize va space = 2) which is associated

with the space address randomisation and run the exploit program (the amended

exploit.c file) again. Briefly explain the observation and provide a screenshot.

Then, write a shell script to defeat this countermeasure. The shell script should also

include a feature to display the cost of defeating using the metric of either the actual

time (hh:mm:ss) or the number of runs. Briefly explain the scripts and provide a

screenshot for the output. Also, include the shell script in the submission. Note:

In order to answer this part, you should have already solved the previous question,

Question 1b.

(10 marks)

Submit your answer and screenshots in your report, along with the script file

2. Question 2 (Total 30 Marks): Network Security

A security analyst team has the cp1.pcap, cp2.pcap and cp3.pcap files which are network

traffic captures of different network segments. They needs to identify potential attacks in

these files. You are asked to assist them in their task by doing the following:

(a) Examine these pcap files to determine the attacks within these files using

Wireshark; keep in mind, each file has only one attack. Justify your answers

including the description of those identified attacks and some screenshots of parts in

the traffic (the pcap files) which refer to the attacks if necessary.

(15 marks)

Submit your answer and your justification in your report.

(b) It is important for security analysts to understand suspicious activity in pcap files.

This is often done by reproducing attacks. Write a program or shell-script that

reproduces the attack in cp3.pcap [Hint: refer to Lab7 on how to create network

programs] and describe briefly the program in the report. Also, provide the pcap

traffic capture of running your program being developed using WireShark (your pcap

and the provided pcap files are not expected to be identical, as some IP addresses

would be different in your network settings. Note: you are not expected to reproduce

the pcap content line by line, but it has to be the same attack).

(15 marks)

Submit your source-code and your traffic-capture file from running your program.

3

3. Question 3 (Total 40 Marks): Web Security

Figure 1: Environment setup. See the appendix for setup information

A company “IY2840 Co.” owns a website, (http://10.0.2.x/index.html (x here is an

unknown part of the Web server IP address and students are expected to find it), this URL

refers to the virtual machine provided (Ubuntu Web Server VM) that hosts the company

web server, refer to Figure 1 which is utilised for managing the employees records of the

company. In order to access the website resources, you need to have a login credentials.

However, this website is vulnerable to SQL injection (SQLi) and cross-site scripting (XSS)

attacks.

(a) How can an attacker bypass the website login without having access

credentials? Assume there is an ’admin’ user for this system. Justify your

answer showing at least three different patterns of injections and report the output

(screenshots).

(10 marks)

Submit your answer and your justification in your report.

(b) An attacker is often keen on cracking the ’admin’ password in the system, however a

password is usually protected by a hashing function (SHA1 is used in this website).

How can an attacker learn about the stored password for the admin user

in this website?

? Demonstrate the steps to perform this attack including the necessary injected

SQL statements.

? Report the necessary screenshots.

(15 marks)

Submit your answer and screenshots in your report.

[Hints: for this question you should not use any type of available brute force attack

tools for cracking the website login in this system (i.e. hitting the system with many

randomised passwords). However, this question requires you to perform a number

4

of steps to learn about the website database (schema, tables and columns) to reach

and extract the stored password data. Then, you need to recover the actual password

using any online or offline tools.]

(c) Within so many websites, a session cookie approach is still widely used as a means to

maintain a session of an authenticated user. This cookie is normally created once a

user logs on to the website.

Suppose that you have already compromised the admin password from the previous

question. Create an XSS attack to be able to persistently steal the cookies

for the current admin sessions in the websites even if the admin changes

the password and the SQL injection vulnerability is fixed for the website

hereafter. As an attacker, you need to find out the sink where to inject the script

which facilitates obtaining the cookie and how to receive the cookie. Also, you may

need to take advantage of nc command to create a server in the attacker VM (your

own virtual machine) to capture the cookie.

Also, you need to use the following Javascript/HTML methods to create a workable

script for the attack, however proposing some different alternatives of script methods

is acceptable as long as these scripts are executable:

1) Image().data="link to the image"

2) document.cookie

? Report the steps of the scenario and the stolen cookie.

? Provide all necessary outputs (screenshots and traffic capture) indicating that you

perform a successful attack.

? Can you identify the type of the XSS attack in this context?

(15 marks)

Submit your answer and screenshots in your report, along with a traffic packet capture

file.

SD & JH 12 March 2021

5

Appendix: Setup and config. environment guidelines

In addition to your existing SEED Lab VM, you will for the purposes of this coursework also

need a separate VM to be your Web server.

1. Install VirtualBox: https://www.virtualbox.org/wiki/Downloads. Make sure you are

using the most up-to-date VirtualBox.

Installation Notes for different platforms:

? Mac: you need to allow Oracle apps to be installed in the security and privacy setting.

? Windows: check that your machine has enabled virtualization. This can be done by

entering your bios and enabling virtualization in a setting there. To check whether

you have virtualization enabled or not, we suggest you go to your task manager,

see a screenshot here: https://www.shaileshjha.com/wp-content/uploads/2017/

02/windows_10_task_manager_performance_tab_virtualization_enabled.jpg

? Linux, we expect the problem would be the same as windows.

2. Download the Web server virtual machines.

3. Import the Web Server virtual machine. Follow how to import OVA files here: https:

//www.virtualbox.org/manual/ch01.html#ovf-import-appliance.

4. Click “File” on the top left of the VirtualBox main UI. Then click “Preferences” as shown

in Figure 2.

Figure 2: Preferences

5. Click the “Network” tab on left panel. click the “+” icon to create a new NAT Networks

(NatNetwork) adaptor (if one does not exist). Double click on the NatNetwork, and look

at its configuration. Set the configuration as the same as what is shown in Figure 3.

6. Enable Adapter 1 (and disable the other adapters if any are enabled), then choose “NAT

Network” and then NatwNetwork which is already declared in the previous step.

7. [IMPORTANT] Switch on both VMs. After you have switched on both, they will be given

an IP address each, it will be like 10.0.2.x IP address. You will need to find out what IP

6

Figure 3: Network Configuration

Figure 4: VM Network Adapter (the MAC address can be whatever VirtualBox assigns it.)

address is your Web server VM to in order to browse the website from your SEED Lab

VM. You can either scan your network to do so, or use a number of Linux commands to

find this out.

请加QQ：99515681 或邮箱：99515681@qq.com   WX：codehelp

郑重声明：此文内容为本网站转载企业宣传资讯，目的在于传播更多信息，与本站立场无关。仅供读者参考，并请自行核实相关内容。