代写COMP3750、代写Python/C++编程

日期：2023-03-05 10:48

COMP3750 - Winter 2023 Applied Computer Security University of Windsor

Assignment 02 due date: 13/03/2023

1 Overview

This assignment will allow you to gain firsthand experience with network reconnaissance attacks and vulnerability assessment. You can work alone or with another student; the maximum team size is two students

per team.

2 Context

Venus Cybersecurity Inc. is a startup vendor that develops and sells cutting-edge security technologies.

Because the company is a trusted provider of security solutions, its reputation relies not only on the quality

of its products but also on its ability to protect its network and website. To anticipate and prevent a

possible breach, you have been hired as an external cybersecurity consultant to conduct the penetration

testing of Venus’ websites and private networks and recommend appropriate mitigation solutions. Venus’

private network is an Intranet accessible only by the employees, whereas the website can be accessed by the

public and their employees. The management of Venus has received a merger and acquisition (MA) offer from

Atlantis Security Technologies, a large managed security services provider (MSSP). To avoid any adverse

reaction from the stock market, their employees and competitors, the management of both companies (Venus

and Atlantis) have decided to handle the whole process secretly by keeping the paper trail confidential. The

offer was delivered by Atlantis confidentially to one of Venus’ executives who stored it safely in the company’s

(virtual) safety deposit box. The virtual safety deposit box is a separate account in one of the (target) server

machines, which can be accessed only by a small number of authorized executives. The safety deposit box

contains sensitive information or files for which access is restricted to the aforementioned pool of authorized

executives. One such file is the virtual key safe, which is a file that contains passwords and encryption keys

for the company’s resources and assets. To minimize the impact of a potential breach of the virtual key

safe, each key is stored in encrypted form as a hash and linked to a unique identifier without providing any

further information (e.g., the type of data contained in the file). Only authorized individuals are supposed

to know, based on the identifiers, which keys are meant for which resources. One of these resources is a

breakthrough algorithm developed by Venus for future-generation quantum-safe intrusion-resistant SCADA

systems. The algorithm is described in a confidential, encrypted report in one of the company’s executive

network accounts. One of the leading encryption utilities used company-wide by Venus employees is the

Encrypto App, available at https://macpaw.com/encrypto.

3 Requirements

As a penetration tester, you have access only to the company’s websites and no access to the private

network. The project will be performed using Kali as an attack machine and a virtual LAN (VLAN) image

that mirrors as much as possible the target network. You must download the image at the following link:

https://drive.google.com/file/d/1Y1vXkkUiQzAFxP4-o3qdJ2grXVGgHavi/view?usp=sharing

The VLAN is in a .7zip archive file; the hashes for the archive are as follows:

• MD5: 058b36259248a93298df8d6578f87dcc

• SHA-1: 9265115855A95F1A27F2D6917FAA099F0CCB4EAA

Deploy the VLAN on your machine. The installation guide is available on brightspace

3.1 Phase 1: Information gathering

1. Using network scanners, extract the topology information of the company’s private network. Identify

available hosts, and find each host’s IP address, Operating System, running services and open ports.

Ensure that you specify the exact versions. Provide a table summarizing the scan results and adequate

screenshots.

2. Identify vulnerable services; briefly explain why you think these services are vulnerable (by discussing

4 or 5 samples)

3.2 Phase 2: Exploitation

1. Review the network scanning results and other information obtained in the previous phase and exploit

one or more vulnerable services to gain access to the private network. Explain and justify the adopted

strategy.

2. Locate and exfiltrate the MA term sheet submitted by Atlantis.

3. Locate and exfiltrate the confidential report about future generation quantum-safe intrusion-resistant

SCADA system. The content of the report must fully be recovered (i.e. decrypted)

4. The company maintains on their website an online repository containing business documents accessible

by only some of the executives. Locate and exfiltrate the company capitalization table (caps table)

and cash flow statement.

Note: The above documents must all be located and retrieved (i.e. downloaded or transferred), and the

content must be recovered if necessary. It is not required to locate the documents in sequence, e.g., you may

locate the web documents before locating the term sheet, or vice-versa.

Hints

• Venus has two websites which can be accessed at http://<IP address> The sites run on port 80, and

the server’s IP address corresponds to one of the machines running a web server. One of the sites is

used for public business and the other is used internally by some staff.

• Some of the documents are stored in the network accounts, while others can be found in restricted

areas in the website (i.e., logon to an authorized web account is required).

• The username for web and network accounts uses the format: jdoe/password (for employee John Doe).

Venus’ Chief Technology Officer has advised employees against using the same password for both

network and web accounts, but it is unclear whether they really follow such a recommendation.

• Many account passwords are dictionary words (characters/digits), but not all. You can start by using

the password dictionary available at:

https://drive.google.com/open?id=1D9q8pdnyMRIKkfnASI3TcHGn9i7HLahp

This can help with some of the key accounts but not all. So alternatively, you can generate your own

dictionary or use some of the default dictionaries available in Kali or online.

IMPORTANT NOTES

1. Document your answer using screenshots of your scanning activities and explain the scanning methods

you used. Report both your successful and failed attempts.

2. It is assumed that the attacker does not have physical access to the target network. So all access should

be performed (remotely) through the attack machine (i.e. Kali). Results obtained directly analyzing

the target machine are invalid and will be assigned zero.

Page 2

3. The project must be done in groups of two, and only one report must be submitted for the group. Any

collaborative or plagiarism activities will be sanctioned (i.e. Groups are not allowed to collaborate).

4. Your submissions need to be typeset and in pdf.

5. Project reports should be submitted on or before the deadline.

Page 3