6048CEM Exploit Development
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit
Faculty of engineering,
Environment and Computing
Module: 6048CEM Exploit Development
Assignment Brief
|
Module Title: Exploit Development |
Group / Indivudual Individual |
Cohort Resit |
Module Code 6048CEM |
|
Coursework Title CW 2: Exploit Development |
Handout Date May 2023 |
||
|
Lecturer Dan Goldsmith |
Due Date and Time 3 July 2023 |
||
|
Estimated Time (hrs) 20 Hours |
Coursework Type Report |
% of Module Mark 50% |
|
|
Submission Arrangements Via: Aula Marks release expected: None Feedback Method: Individual Feedback Via Turnitin / Aula Word limit: 2000 |
|||
Module Learning Outcomes Assessed
• 1. Examine, analyse and test programs for security vulnerabilities
• 2. Evaluate the features of an operating system or programming language that can mitigate the impact of a security exploit.
• 3. Make use of existing "off the shelf" exploits and shell code to compromise a program.
• 5. Design, develop and implement programs in different programming language for exploiting vulnerabilities in various platforms
Task and Mark Distribution
CW2: Report Providing a security assessment of a piece of vulnerable software, and development and evaluation of Proof Of Concept Exploit, with code for this exploit
Coursework Overview
For this coursework you are required to develop exploits for three target applications, providing exploit code for each of the targets. You will also need to produce a short report, giving details of the exploit code you have developed.
Target Machine.
You can download the target machine using the link on Aula.
When configuring the machine you must use your university email address failing to do this may result in 0 marks being awarded.
Exploit Development
For each of the targets you will need to develop an appropriate exploit, this should be in the form of an automated solve script (using pwntools or similar).
The solve script should automate the exploit process, dropping a shell on the remote target, and retrieving the flag.
The solve script should be well commented, and run (as much as possible) without requiring user intervention. If user input is required, there should be clear instructions on how the required information can be found.
Flags are text files, and can either be found in:
• /
• /root
Report
As well as individual exploit scripts, you will need to include a brief overview of the exploit development process, as well as instructions for running the exploit against the target.
The report will include instructions for setting up and running the script (for example, finding relevant offsets). You should also include a demonstration of the script running along with details of any flags found.
Submission Instructions
Your Final Submission should consist of
• Solve Scripts for Each of the Exploits (3 python files)
• Summary Report (word / pdf)
Marking Scheme
Overall Marking Scheme
|
Element |
Marks |
|
|
Exploit for Target 1 |
40 |
|
|
Exploit for Target 2 |
30 |
|
|
Exploit for Target 3 |
30 |
|
|
Report
Individual Marking Scheme |
|
|
|
Marks |
Description |
|
|
0-39 |
No Attempt Made |
|
|
40-50 |
Some attempt made at providing a working script, though major modifification needed to get exploit to work. Poorly Documented |
|
|
50-70 |
Some attempt made at providing a working script, some modifications needed to get exploit to work. Appropriate Documentatation given |
|
|
70-90 |
Working exploit script provided, script may require some minor user input. Clear documenataion provided. |
|
100 Working Exploit Script provided, Clear documentation on setting up and running the script
Notes:
1. 1. You are expected to use the Coventry University APA style for referencing For support and advice on this students can contact Centre for Academic Writing (CAW).
2. Please notify your registry course support team and module leader for disability support.
3. Any student requiring an extension or deferral should follow the university process as outlined here.
4. The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the University system.
5. If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader.
6. You are encouraged to check the origianlty of your work by using the draft Turnitin links on Aula
7. Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both courseworks and exam answers.
8. A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework assignment is entirely your own work.
9. If you make use of the services of a proof reader in your work you must keep your original version and make it available as a demonstration of your written efforts. Also, please read the univeristy Proof reading policy
10. You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this university, unless this is specifically provided for in your assignment brief or specific course or module information. Where earlier work by you is citable, ie. it has already been published/submitted, you must reference it clearly. Identical pieces of work submitted concurrently will also be considered to be self- plagiarism.
2023-06-13