代做COMP 3704、代做Python/Java编程

日期：2023-09-06 05:08

COMP 3704 NETWORK SECURITY: ASSIGNMENT 1

Submission deadline: Friday 1st September, 2023, 5:00pm AET

Submission Procedure: see Wattle page for this course.

This assignment will be worth 30% of the total marks for this course.

Overview

The assignment takes the form of a CTF. You are given an ip address from which you can

obtain up to 12 flags. You are not told beforehand any information about problems though

can expect the vulnerabilities will have been covered in the lectures. Please be careful to

follow the assignment instructions when preparing your report for submission.

Objectives

The main objectives of this assignment are for the students to

? Demonstrate that they can explain network security issues

? Demonstrate that they understand threats and vulnerabilities of a network, and can

explain appropriate countermeasures

In particular this assignment is designed to test your ability to exploit common network

vulnerabilities with very little prior information.

Academic Integrity

You are reminded that your assignment submission must be your genuine and original work

with only allowed assistance.

Allowed assistance

? You may use any tools, guides, walkthroughs, etc. provided they are general in

nature (not directly related to this course or assignment).

? You may discuss with your class mates suggested tools and share guides or

walkthroughs for those tools provided they are general in natures. We highly

encourage these to be shared on Ed

Disallowed assistance (non-exhaustive)

Specific information related to this assignment. For example:

? Types of services

? Protocol structures

? Specific exploits

? Port numbers

? Flags

Environment Setup

In the assignment you will be provided with access to a cluster of servers with services

listening on ports between 1000 and 10000. The present ip of the cluster is 13.236.194.222

but this my change (please see the Wattle page for an update if applicable). Your task is to

retrieve as many flags as possible (there are 12 in total) from the cluster of servers and write

a report detailing how you did it. (WARNING: the firewall around the server means pinging

the machine will not work)

In addition to the server cluster, a collection of documents and clients is available to you.

Note: Marks will only be given for flags if they are accompanied by an adequate description

of how it was acquired by using network analysis.

It's likely possible to cause the servers to get into a failed state. If this occurs please notify

Thomas Haines, preferable including information on the input which caused the failure.

There will be guessing involved in this assignment but the spaces are no larger than a byte

which should straightforward to brute force. (The one expectation is the ETLS protocol)

Additional instructions

Please ensure you have completed retrieving the flags by the 25th of August. No additional

time will be given if the servers are unreliable after that point.

Submission Requirements

You will need to submit a report (in PDF). There is no hard limit on the report length, but

please try and keep it below 3000 words (figures/screenshots do not count for the word

count). The marks are spread relatively evenly across the various components of the report.

The report component will be assessed for clarity of explanation. Sufficient details should be

provided of the steps taken and the reasoning behind taking those steps. Simply listing the

commands used without an explanation of why they were taking is insufficient.

Since the mix of exploration and analysis varies between flags, we will not attempt to assign

a fixed weight to each problem.

Please ensure you dedicate significant effort to proposing and justifying countermeasures if

you want a high distinction.

Suggested section heading for your report

1. Title page

2. Services discovered and how they were discovered

3. Flags

a. The flag

b. How it was retrieved (detailed enough to be reproducible)

c. What you think the vulnerability is with justification

d. What countermeasures could have been used to secure the system (if

applicable)

4. Summary (Doesn’t have to be long, just some reflections on the experience)