Recent Question/Assignment
read the assignment
BIT354 Network Vulnerability and Penetration Testing
Assignment 1 (20%)
Due Date: Week 6 - 30/08/2020
Assignment Overview
The assignment is to be completed individually. You are required to perform a penetration testing attack from any Hacking competition website such as HackTheBox. The attack should under the “web” or “network” categories. Other categories such as “crypto” and “forensics” are not permitted.
Step 1:
Choose one hacking challenges from any CTF web site.
Selected attacks must be:
• Of appropriate difficulty and;
• Cover topics relevant to what was covered during the lecture and workshop and;
• Require a significant amount of effort and time. I.e attacks that can be completed with a single command are not acceptable. If you are not sure about this step, ask your lecturer for some suggestions
Step 2:
Get approval for the hacking challenge from the lecturer to ensure that your attack meets the criteria listed in step 1.
Step 3:
Complete the hacking challenges.
Step 4:
Write a Penetration testing report, summarizing your findings, including remedy strategies.
1000 words maximum
Check this sample:
https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
(15 marks)
Suppose you were hired by a company as an outsource to perform a hacking penetration testing on their network or web and they need to find out what is the vulnerability in their network/web in order to fix these issues .So you job is to write 1000 word about the hacking challenge you performed.
The report should follow the general structure:
Executive summary:
Attack Narrative:
Most important part, provide as much as details about the attack. How you did the attack, where you started how you found the vulnerability.
Please add screen shots of the attack as much as possible that shows your work/attack.
Think as if the reader of the report didn’t know how to perform the attack ,write enough information to make the reader understand your thought process: what you did ,why you chose that particular style of attack, why didn’t you choose another tool
Basically, in attack narrative tell What you did, how you did, why did you do it, include commands and outputs in screenshots
Vulnerability and exploit:
Talk very deeply about the weakness of the system that allowed you to complete this attack, why were you able to complete this attack. Explain the vulnerability well. In couple of lines explain the exploit how you were able to trigger the vulnerability
Implications
• The implications: what can happen if a hacker manages to perform a similar attack to a real website or network. Explain?
What would happen if the get really hacked ex: will the hackers be able to steal data?
Write the implications very specific to you attack
Conclusion
Write about the recommendations, how can the company that hired you get rid of the vulnerability what can they do ex: install a new service, add a firewall
Plagiarism
All used sources must be properly acknowledged with references and citations, if you did not create it. Quotations and paraphrasing are allowed but the sources must be acknowledged. Failure to do so is regarded as plagiarism and the minimum penalty for plagiarism is failure for the assignment. The act of given your assignment to another student is classified as a plagiarism offence. Copying large chucks and supplying a reference will result in zero marks as you have not contributed to the report.
Due Date & Submission
The report is due at Week 6 (See Moodle for details)
By the due date, you must submit:
1. Name your file with your student number
2. Softcopy of your report (with your name and student number) to MOODLE. By submitting on MOODLE you agree that the work is yours unless properly cited.
3. Fail to submit the presentation will result in a fail.
Late submission of assignments will be penalised as follows:
• For assignments 1 to 5 days late, a penalty of 10% (of total available marks) per day.
• For assignments more than 5 days late, a penalty of 100% will apply.
Your submission must be compatible with the software (PDF/Word) in MIT, Computer Laboratories/Classrooms.
Extensions: Under normal circumstances extensions will not be granted. In case of extenuating circumstances—such as illness—a Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, an extension will be only granted only by the time period stated on the documentation; that is, if the illness medical certificate was for one day, an extension will be granted for one day only. Accordingly the student must submit within that time limit.
Penalties may apply for late submission without an approved extension.
Penalties: Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion.
Marking criteria:
Marks are allocated as indicated on each question, taking the following aspects into account:
Aspects Description
Analysis (if appropriate) Investigation, comparison, discussion
Explanation/justification Description/answer to the question
Presentation Inadequate structure, careless presentation, poor writing
Reference style Proper referencing if required
Plagiarism Copy from another student, copy from internet source/textbook, copy from other sources without proper acknowledgement
Marking Rubric for Exercise Answers
Grade
Mark HD
80%+ D
70%-79% CR
60%-69% P
50%-59% Fail
50%
Excellent Very Good Good Satisfactory Unsatisfactory
Analysis
Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent and convincing Adequate cohesion and conviction Argument is confused and disjointed
Effort/Difficulties/
Challenges The presented solution demonstrated an extreme degree of difficulty that would require an expert to implement. The presented solution demonstrated a high degree of difficulty that would be an advance professional to implement. The presented solution demonstrated an average degree of difficulty that would be an average professional to implement. The presented solution demonstrated a low degree of difficulty that would be easy to implement. The presented solution demonstrated a poor degree of difficulty that would be too easy to implement.
Explanation/
justification All elements are present and well integrated. Components present with good cohesion Components present and mostly well integrated Most components present Lacks structure.
Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/style Unclear referencing/style Lacks consistency with many errors
Presentation Proper writing. Professionally presented Properly spoken, with some minor deficiencies Mostly good, but some structure or presentation problems Acceptable presentation Poor structure, careless presentation