Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: THEend8_
Lab Report For COM6015
Instructions
With your other group member, create a report and answer each of the questions. For
each question/sub question, make sure to include descriptions and screenshot
evidence of the completed tasks. You will receive marks based on correct answers
and also your level of understanding in your explanations. You only need to submit
one report per group.
Due Dates:
● You need to submit the report by 19th May 5 pm.
Question #1:Clickjacking
With the help of the clickjacking techniques that
you have learnt, create a malicious web-page that will trick victims into clicking the “follow”
button without realising it. Remember to be creative. [20%]
(Attack Crafting 10%, Attack Implementation 10%)
Question #2: Wireshark
You receive a phone call from a pizza shop, reporting an unauthorised withdrawal of $5000
from their bank account. The store manager informs you that they always use a particular
computer with the IP address (10.8.21.163) to order ingredients from retailers. You collect
the network pcap file for further investigations. [20%]
Analyse the pcap file and answer the following questions with evidence (screenshots).
● What is the victim MAC address? [1%]
● What is the victim Host Name? [1%]
● Find the executable file the victim computer has downloaded using ‘HTTP’ protocol
(hint: filter HTTP packets to discover the malicious HTTP packet containing an
executable file). What is the client operating system, and what day and time the
malware was executed? [2%]
● Where was the intruder file location? [2%]
● What is the intruder IP address? Show the geographical location of the intruder using
the Wireshark endpoint feature. [5%]
● Extract the malicious file (in your VM) and extract its hash key using Linux terminal/
windows cmd (SHA 256). [5%]
● Use the extracted SHA 256 code, search on the Internet and provide the malware
description. [1%]
● Which user is accountable for downloading the malicious malware from the Internet?
provide Account Name by searching inside Kerberos packets (hint: find the answer
in the KRBS packet (#237) ‘CNameString’ section) [3%]
You can find the pcap file in BB.
Question #3 : SQL Injection
Write an SQL Injection query for each of the following:
● Extract the column names of the table that contains the user data
● Attempt the previous injection in medium security, update your query to bypass the
new security measures
● Locate the location of the database on the remote system (File path the database is
stored)
● Read a file (e.g. passwords) from the discovered path
● Discover the users with the highest and lowest salaries
● Who has the insurance number: 53779132
Be sure to write the query you used for each injection and screenshot your results, alongside
a brief explanation for how the query undermines the security measures of the web
application. [20%]
Question #4 : XSS
Set your DVWA to HIGH security. Analyse the PHP source code and perform an attack that
works on Reflected, Stored and DOM XSS pages. Provide a description for each relating to
the source code as to why your given attack works. [10%]
Question #5 : Defence
In a language of your choice, write a short function which handles input from a user which
would prevent an SQL injection attack and a Stored XSS attack. Provide a short description
of where/why your function is safe against these vulnerabilities. (NOTE: Assessment is on
secure development methodology and explanation provided, exact correctness of syntax will
not be assessed). [10%]
Question #6: Buffer Overflow
A. Choose one of the known buffer overflow vulnerabilities and write a half-page description
of it. Aspects that you should cover are:
● Which systems were affected by the vulnerability?
● When was it discovered, reported and fixed?
● What were the known attacks exploiting it, and what were their consequences?
(You are free, but not required to choose one of the vulnerabilities mentioned in the lecture.)
[10%]
B. Propose a modification of the C programming language that would mitigate buffer
overflow vulnerabilities, and discuss the implications of this modification. (Please keep the
discussion within one page of text.) [10%]