代写data编程、代做Java,Python程序设计

日期：2024-02-07 09:41

Computer Security and Networks: Exercise 1

Deadline: 1 February 2024, 4pm

1 Getting the VM working

You first need to download the VM image and install it, as per canvas page.

There are many user accounts on the VM; you begin the module with access to just

one:

Username: employee427, password: employee427

You must use your own copy of the VM for this (and every other) exercise.

You must not share your VM with other students.

In the home directory you will find a token split into two files theFirstTokenPart1

and theFirstTokenPart2. The token is the concatention of these two files. Submit this

token on the website:

https://www.cs.bham.ac.uk/internal/courses/comp-sec/token

This token system is not yet operational. A canvas annoucement will be made when

this system has been set up.

[1 mark]

2 Access Control

For this exercise you need to explore the other home directories on the VM and find out

more about what is going on at the company, in particular you need to find two tokens, get

the shadow file and then crack some passwords to find two more tokens. The VM contains

a number of access control vulnerabilities and you need to find and exploit these to access

files that are protected.

1. Look in the directories /home/carolmiller , /home/charlegarcia /home/jakkinkade

and /home/nikadler, somewhere in there are two files that contain tokens; these files

are protected by the access control system. Search the home directories for these files

and find access control flaws that allow you to read the files. Submit the two tokens

you find to the token submission website.

1

[3 marks each]

2. By exploiting mistakes in the access control settings of the VM, find a way to read

the /etc/shadow password hash file.

Once you have the shadow file, install a password cracker and try to crack the passwords for the staff accounts aarushsanders and alayahpritchard. You may use

any password cracker you like – “John the Ripper” is probably easiest. (N.B. you

will need the “jumbo” version of john the ripper if you want to crack SHA hashes).

This program is already installed on the VM. The canvas page for the assignments

also contains a link to a suitable wordlist.

The staff accounts aarushsanders and alayahpritchard each contain a token.

Cracking the passwords to these accounts will allow you to log in as these users

and read the tokens. Find these tokens and submit them to the token submission

page.

[6 marks]

2