Beruflich Dokumente
Kultur Dokumente
Assessment Notes:
UG (CSI3208) & PG (CSI5208) have different assessments
UG students must undertake the UG assignment
PG students must undertake the PG assignment
Kali Linux is available as a virtual machine on the Unit Resources section of Blackboard
Task
You are to infiltrate the provided system and attain root level privileges. Additionally there are five
flags, these flags are represented as values and are awarded at each point of system compromise. Look
for them in home directories, web pages etc.
You are to write a report outlining each test / attack run against the system and the result. You must
follow a process, which should be defined prior to the commencement of testing. Your report should
include the flags as well as any credentials you uncover as part of your hacking endeavours.
Note: You must compromise the system over the network, local, physical or other attacks requiring
direct interaction with the target system are not valid for the purposes of the assignment.
Example flag:
chahNaelia9zohlaseiPaich0QuoWoh8ohfaenaiQuaetaebushoakarai6lainohjongoneesoocahdei6guosietha
e7uwuu5Kaid9eisah8EChoo4kaiGh2eit2mu
Postgraduate students: You must also write the following software and include it as part of your
submission:
Basic TCP port scanner
Password cracker (of the type required to complete the case study)
Submission Requirements
You must include the following in your submission:
Your report containing:
o Cover Page
o Table of Contents
o Executive Summary
o Defined Methodology
o Testing Log (should allow repeatability)
o Results & Recommendations
Postgraduate Students:
o Your source code for tools used
o Compilation and usage instructions
Marking Guides
CSI3208 (Undergrad)
Item Mark
Executive Summary 5
Defined Methodology 15
Testing Log 5
Results & Recommendations 15
Total: 40
CSI5208 (Postgrad)
Item Mark
Executive Summary 5
Defined Methodology 10
Testing Log 5
Results & Recommendations 15
Source/Instructions: PortScanner 2
Source/Instructions: Password Cracker 3
Total: 40
Notes
Your work must comply with ECU referencing guidelines and plagiarism policy
Flag 1
then use the nmap utility to find the host on the network.
using the nMap utility try to find the ip address for the casestudy metasploit
Flag 2
upload the exploit code of in .php file in order to get the ssh shell access in the web browser
after the upload try opening the uploaded picture and that will grant an access in web browser
after getting access to the ssh shell try 'ls' command to list the files and folders in directory you got
access
Flag 3
Flag 4
navigate to directory /home/fred and find the .bash_history file by the command cat
/home/fred/.bash_history
we will find the manager password in the .bash_history and use that password to connect ssh to
manager
from manager access locate and open the file readme.txt in dorectory /home/manager/ to find flag 4
Flag 5
in the home directory of manager we will edit bak.sh in order to copy the shadow file of root to the
manager directory
edit the shadow file and replace the root password with the manager password
change the bak.sh file again to copy the edited shadow file back to root folder