代做COMP5618 - Applied Cybersecurity S2 2024 Assignment 2代写留学生SQL 程序
- 首页 >> DatabaseCOMP5618 - Applied Cybersecurity S2 2024
Assignment 2
Due: Sunday the 13th of October, 2024 23:59
Assignment worth-15%of your final mark
This is an individual assignment
Task Introduction
You are given access to two vulnerable images on the Hack the Box platform, named Rental and Invalidated,for the COMP5618 Assignment dedicated lab.
Rental is a Linux machine that features an Apache server hosting the Car Rental Management System application.Research reveals that suffers from SQL injection and Arbitrary File Upload vulnerabilities.The SQL injection vulnerability is leveraged in order to gain access to the administrative panel,upload PHP code and gain a reverse shell.Post-exploitation enumeration reveals a set of credentials for the MySQL database,which is running in the context of the manager user.The database user is found to have FILE privileges,which is used to read the Bash history file of the service user.The history file contains the user's password passed over the command line,allowing us to move laterally.Examination of sudo permissions reveals that the user can execute htop as root.Through the htop command,a script. running in the context of root is identified,and the environmental variables of the process can be read.The environmental variables of the script contain the root password.
Invalidated is a business logic machine that showcases how improper input validation can lead to authentication bypass and SQL injection.The former can be achieved through sending an empty({})JSON request to sign in on the platform, this results in the first user being returned,in this case being the admin user.Next it is possible to exploit SQL injection through the JSON parameter names.
The Report
You need to complete the 10 questions for the Rental image and obtain the root flag on the Hack the Box platform.Your report should include detailed steps with supporting snapshots,covering Enumeration,Foothold,SQL Injection,Arbitrary
File Upload,Lateral Movement,and Privilege Escalation,along with the answers to the questions and the flags.Additionally,provide recommendations for addressing the discovered vulnerabilities,supported by proper references.
For the Invalidated image,you should answer the five questions and capture both the user and root flags on the Hack the Box platform.Your report should detail the steps with supporting snapshots,including Enumeration,SQL Injection,and JSON Sign-In Requests,as well as the answers to the questions and the flags.Also,discuss the recommended steps for mitigating the found vulnerabilities,with appropriate references.
Submission Details
Your report is due by 23:59 Sunday 13th of October.
Please submit your report in the“Assignment”section of Canvas.
Allowed submission format is PDF only.(not DOCX).
Questions and flags must be answered in the HTB platform.
A video should be submitted,demonstrating vour conducted steps.Your username
should appear in the recording.The recording should be up to 10 minutes MAX.
Late submissions will be penalised according to the late submission policy.
Plagiarism will not be tolerated and your assignment will be submitted to a plagiarism checking service.
Marking
Your report is worth 15%of your overall grade for the course.
● Answering Questions and Capturing Flags (10 points total):
o You will receive 0.5 points for each correctly answered question/flag,up to a total of 19 questions/flags on the HTB platform.Each answer must be both demonstrated and explained in your report,clearly outlining the steps you followed,the objective of each step,and the results you obtained.Additionally, a video demonstration (showing your username)is required to showcase the conducted steps(no explanation is needed in the video,only the execution of commands/steps).If either the video or the report is missing,your answers will NOT be accepted.
● Recommendations (3 points total):
o You will receive 0.5 points for each relevant recommendation provided for the discovered vulnerabilities.You must provide three recommendations for each box.Each recommendation must be clearly explained and supported in your report,with proper referencing.
● Report Structure(2 points total)
o You will be marked based on the report structure,cover page,organization, references and English grammar.
Your report will be marked according to the following rubric,the maximum score is 15 marks.
|
Novice |
Competent |
Proficient |
Answering questions and capturing flags. |
0:No important issues identified or described. |
1-5(0.5 each question/flag):up to 10 questions/flags were answered and explained in the report and demonstrated in the video. |
7-10(0.5 each question/flag):more than 10 and up to 20 questions/flags were answered and explained in the report and demonstrated in |
Recommendations |
0:Recommendations are missing,irrelevant or ineffective. |
1-2(0.5 each recommendation):Up to4 relevant recommendations are listed explained. |
2 30.5 ach recommendation): more than 4 and up to 6 related recommendations are |
Report Structure |
0:Report structure is unorganised and difficult to read. |
1:Report conveys Information effectively but lacks professionalism. |
listed Rnd explained professional and well written.i.e.,Well formatted and presented.No English or grammar mistakes. |