CSCI 547|INFO 533: Systems and Protocol Security and Information Assurance
Assignment II (100 Points) - Due: 2359hrs Apr. 20 2024
Part I [25 points] - BurpSuite
Burp Suite is a set of tools used for penetration testing of web applications. Some key features include Proxy, Target, Repeater, and Intruder. Install the docker image for a vulnerable application server i.e. juiceshop (https://github.com/bkimminich/juice-shop)
a. Configure your browser to use burpsuite as a proxy. Explore the OWASP Juice Shop and show the intercepted traffic in the burp suite. [5]
b. Give the customer feedback with an impossible rating of 0. [5]
c. Use your knowledge of SQL injection to achieve the following
i. Get admin access to the web portal. [10]
ii. Get the credentials of all registered users in the portal. [5]
Part II [30 points] - Metasploitable
Attack Machine with Metasploitable: You can use Kali Linux or Ubuntu as the attacking machine. Kali Linux comes with a suite of applications pre-installed. Unless specified, you will perform. the following exercise on the attacking machine.
Report format:
1. Background of the attack (3 bullet points on why / how / outcome).
2. Steps followed to perform. the attack.
3. Appropriate screenshots for each command/attack.
4. Other deliverables are specific to the questions.
Problems:
a. Use Nmap to identify the OS version of the metaspoiltable system. [5 pts]
b. List the open ports on the metaspoiltable system. What commands did you use? What are the ports used for by default? What applications did you find running on the open ports? [10 pts]
c. Metasploitable contains a backdoor on its FTP server. Exploit the same and report the following:
i. What tool(s) did you use? [2.5 pts]
ii. What command(s) did you execute? [5 pts]
iii. What is the outcome of the exploit? [2.5 pts]
d. Metaspoiltable has Mutillidae running on the VM. Mutillidae contains the top- 10 vulnerabilities on OWASP. You are required to exploit the “Add blog for Anonymous” vulnerability on the “Cross Site Request Forgery (CSRF) page.” [5 marks]
Part III [20 points] – Buffer Overflow
#include
using namespace std;
int main(void)
{
int vals[10];
size_t count;
size_t which;
cout << "How many values should be store in the array? ";
cin >> count;
for (size_ti = 0; i < count; i++) {
vals[i] = count-i;
}
cout << "Which value do you wish to retrieve? ";
cin >> which;
cout << "Your value is " << vals[which] << endl;
return 0;
}
1. Compile the above program. Describe the results. What happens if you type “3” for the first prompt? 7? 12? 20? What happens if you type 10 for the first prompt and then 3, 7, 12, and 20 for the second prompt? [5]
2. List potential buffer overflow errors. [5]
3. Provide example inputs that might cause buffer overflow problems. [5]
4. Use tools such as AddressSanitizer or Valgrind or Fuzzing to identify vulnerabilities. [5]
Part IV – Testing [25 Points]
1. What is “Recoverability” in the context of software security testing? You are the Admin of a chat server hosted on the IU network, what is your plan to ensure ‘data recoverability’? How do you test the ‘recoverability’ functionality? [8]
2. Code Analysis [8]
a. What is automatic code analysis? List the 4 types of code analysis discussed in class. Given example code for each type.
b. Install PyCharm or Intellij. Do not install any plugins. In the vanilla version of these IDEs what code analysis types are covered? Fill in the table below with 5 such functionalities.
|
Code Analysis
|
Type Sub-functionality
|
Supported (Yes/No)
|
|
Control flow analysis
|
unreachable-code
|
…
|
3. When is regression testing necessary? You are a hacker working for the mobile giant Samsing. The nextgen sPhone will have ‘under display fingerprint scanner’ for locking and unlocking the phone; while the current version has a ‘face recognition’ based unlock mechanism. Write the regression test scenarios for the new upgrade. Start with 1) test cases written for unlocking the phone, add 2) tests specific for ‘face recognition’ based unlock mechanism. Identify 3) what test cases stay relevant with the new upgrade, and finally 4) describe the regression test plan. [7]
Submission guidelines (points will be deducted if not followed):
All the codes/pdf files must be compressed in a zip file which is to be uploaded to the IU Canvas. Instructions to run the code must also be included (in atext file called ‘instructions’).
No email submissions will be entertained.
FileName : A1_ROLLNO.zip