辅导COMP3750、辅导Python/C++编程

日期：2023-03-06 11:43

COMP3750 - Winter 2023 Applied Computer Security University of Windsor
Assignment 02 due date: 13/03/2023
1 Overview
This assignment will allow you to gain firsthand experience with network reconnaissance attacks and vulnerability assessment. You can work alone or with another student; the maximum team size is two students
per team.
2 Context
Venus Cybersecurity Inc. is a startup vendor that develops and sells cutting-edge security technologies.
Because the company is a trusted provider of security solutions, its reputation relies not only on the quality
of its products but also on its ability to protect its network and website. To anticipate and prevent a
possible breach, you have been hired as an external cybersecurity consultant to conduct the penetration
testing of Venus’ websites and private networks and recommend appropriate mitigation solutions. Venus’
private network is an Intranet accessible only by the employees, whereas the website can be accessed by the
public and their employees. The management of Venus has received a merger and acquisition (MA) offer from
Atlantis Security Technologies, a large managed security services provider (MSSP). To avoid any adverse
reaction from the stock market, their employees and competitors, the management of both companies (Venus
and Atlantis) have decided to handle the whole process secretly by keeping the paper trail confidential. The
offer was delivered by Atlantis confidentially to one of Venus’ executives who stored it safely in the company’s
(virtual) safety deposit box. The virtual safety deposit box is a separate account in one of the (target) server
machines, which can be accessed only by a small number of authorized executives. The safety deposit box
contains sensitive information or files for which access is restricted to the aforementioned pool of authorized
executives. One such file is the virtual key safe, which is a file that contains passwords and encryption keys
for the company’s resources and assets. To minimize the impact of a potential breach of the virtual key
safe, each key is stored in encrypted form as a hash and linked to a unique identifier without providing any
further information (e.g., the type of data contained in the file). Only authorized individuals are supposed
to know, based on the identifiers, which keys are meant for which resources. One of these resources is a
breakthrough algorithm developed by Venus for future-generation quantum-safe intrusion-resistant SCADA
systems. The algorithm is described in a confidential, encrypted report in one of the company’s executive
network accounts. One of the leading encryption utilities used company-wide by Venus employees is the
Encrypto App, available at https://macpaw.com/encrypto.
3 Requirements
As a penetration tester, you have access only to the company’s websites and no access to the private
network. The project will be performed using Kali as an attack machine and a virtual LAN (VLAN) image
that mirrors as much as possible the target network. You must download the image at the following link:
https://drive.google.com/file/d/1Y1vXkkUiQzAFxP4-o3qdJ2grXVGgHavi/view?usp=sharing
The VLAN is in a .7zip archive file; the hashes for the archive are as follows:
? MD5: 058b36259248a93298df8d6578f87dcc
? SHA-1: 9265115855A95F1A27F2D6917FAA099F0CCB4EAA
Deploy the VLAN on your machine. The installation guide is available on brightspace
3.1 Phase 1: Information gathering
1. Using network scanners, extract the topology information of the company’s private network. Identify
available hosts, and find each host’s IP address, Operating System, running services and open ports.
Ensure that you specify the exact versions. Provide a table summarizing the scan results and adequate
screenshots.
2. Identify vulnerable services; briefly explain why you think these services are vulnerable (by discussing
4 or 5 samples)
3.2 Phase 2: Exploitation
1. Review the network scanning results and other information obtained in the previous phase and exploit
one or more vulnerable services to gain access to the private network. Explain and justify the adopted
strategy.
2. Locate and exfiltrate the MA term sheet submitted by Atlantis.
3. Locate and exfiltrate the confidential report about future generation quantum-safe intrusion-resistant
SCADA system. The content of the report must fully be recovered (i.e. decrypted)
4. The company maintains on their website an online repository containing business documents accessible
by only some of the executives. Locate and exfiltrate the company capitalization table (caps table)
and cash flow statement.
Note: The above documents must all be located and retrieved (i.e. downloaded or transferred), and the
content must be recovered if necessary. It is not required to locate the documents in sequence, e.g., you may
locate the web documents before locating the term sheet, or vice-versa.
Hints
? Venus has two websites which can be accessed at http:// The sites run on port 80, and
the server’s IP address corresponds to one of the machines running a web server. One of the sites is
used for public business and the other is used internally by some staff.
? Some of the documents are stored in the network accounts, while others can be found in restricted
areas in the website (i.e., logon to an authorized web account is required).
? The username for web and network accounts uses the format: jdoe/password (for employee John Doe).
Venus’ Chief Technology Officer has advised employees against using the same password for both
network and web accounts, but it is unclear whether they really follow such a recommendation.
? Many account passwords are dictionary words (characters/digits), but not all. You can start by using
the password dictionary available at:
https://drive.google.com/open?id=1D9q8pdnyMRIKkfnASI3TcHGn9i7HLahp
This can help with some of the key accounts but not all. So alternatively, you can generate your own
dictionary or use some of the default dictionaries available in Kali or online.
IMPORTANT NOTES
1. Document your answer using screenshots of your scanning activities and explain the scanning methods
you used. Report both your successful and failed attempts.
2. It is assumed that the attacker does not have physical access to the target network. So all access should
be performed (remotely) through the attack machine (i.e. Kali). Results obtained directly analyzing
the target machine are invalid and will be assigned zero.
Page 2
3. The project must be done in groups of two, and only one report must be submitted for the group. Any
collaborative or plagiarism activities will be sanctioned (i.e. Groups are not allowed to collaborate).
4. Your submissions need to be typeset and in pdf.
5. Project reports should be submitted on or before the deadline.
Page 3