闪电代写 -代写CS作业_CS代写_Finance代写_Economic代写_Statistics代写_代码代做_IT代写_加急帮助

Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit

Primary Examination, Semester 1, 2022

Cyber Security Fundamentals

COMPSCI 3308

Question 1 3 marks

Please briefly describe the differences between black hat, white hat, and grey hat hackers.

Question 2 2 marks

After executing the bash script in Listing 1, there will be a number [f] of files created. In each file there will be [n] random number(s) in range of [min] and [max]. Calculate the values of [f], [n], [min] and [max].

#!/bin/bash

rm -rf output

mkdir -p output

for k in {1 . .50}

filename=$(printf output/%06d $k)

for j in {1 . .50}

num=$((RANDOM % 50 ))

echo $num > $filename

done

Listing 1: numbers.sh

Question 3 2 marks

Name one advantage and one disadvantage of ’black box’testing over ’white box’testing.

Question 4 3 marks

What is the key space of the encryption function in Listing 2? Note:

• ord() function calculates the character code (e.g. ord(’A’) = 65)

• chr() function is the reverse (e.g., chr(65) = ’A’)

#!/usr/bin/env python3

def crypt(plain, key):

output = ’’

for c in plain:

if (c .isalpha() and c .isupper()):

x = ord(c) + key

while (x > 100):

x -= 36

output += chr (x)

else :

output += c

return output

Listing 2: crypt.py

Question 5

(a) If Alice wants to send a short encrypted message to Bob using RSA,

which key does she use?

A. Alice’s public key

B. Bob’s public key

C. Alice’s private key

D. Bob’s private key [2 marks]

(b) If Alice wants to send a digitally signed document to Bob, which key

does she use to sign the document hash?

A. Alice’s public key

B. Bob’s public key

C. Alice’s private key

D. Bob’s private key [2 marks]

[Total for Question 5: 4 marks]

Question 6 4 marks

Write the Google search syntax to look for a website where:

• The page body contains the keyword ”cybersecurity fundamentals”

• The page title contains ”course”

• The page is NOT using ”http”

• The page is in the ”edu.au”domain

Question 7 2 marks

Name two techniques that can be used to force the victim to browse to a malicious website when it tries to browse google.com.

Question 8 3 marks

What TCP flags are set in each phase of the TCP three-way handshake?

1. (client to server)

2. (server to client)

3. (client to server)

Question 9

You have the network 20.22.2.0/22.

(a) What is the netmask of this network? [2 marks]

(b) How many hosts are able to be allocated in this network? [2 marks]

(c) You want to create subnets on this network and the subnets need to support up to 55 hosts each. How many bits would you allocate for the host part of the subnets? [2 marks]

(d) How many such subnets can you support? [2 marks]

[Total for Question 9: 8 marks]

Question 10 5 marks

Take a look at the C program in Listing 3. Determine if it is vulnerable to Buffer overflow or Format String (or both), and briefly explain why.

#include <stdlib .h>

#include <stdio .h>

int main(int argc, char ** argv)

{

char buff[128];

char result[] = "+";

printf("Enter your name: ");

gets(buff);

printf("Hello %s! Your covid test result is %s . \n", buff, result);

return 0;

}

Listing 3: vulnerable.c

Question 11 4 marks

Refer to the program in Listing 3 (as same as the one in Question 10).

Is it possible to change the value of ’result’by injecting several ’-’s into the memory (to cause a buffer overflow and overwrite the ’result’as ’-’)? Briefly explain why.

Question 12 2 marks

In which of the following scenario(s) is DHCP spoofing attack possible?

A. Victim’s machine is on the same subnet as the Attacker, connected to a switched (Layer 2 switch) network

B. Victim’s machine is on the same subnet as the Attacker, connected to a non-switched (hub) network

C. Victim’s machine is on a different subnet from the Attacker

Question 13 3 marks

Refer to the code in Listing 4. Suppose the code was compiled using the -fstack-protector gcc flag (i.e., stack protector is enabled). Is it pos- sible to get the program to print“Yes!”? Briefly explain why or why not.

#include <stdio .h>

#include <stdlib .h>

int main(int argc, char **argv) {

char ans[] = "N";

char buf[12];

gets(buf);

if (0 == strcmp(ans, "Y")) {

printf("Yes!");

}

return 0;

}

Listing 4: fstack-protector.c

Question 14 3 marks

Take a look at the code in Listing 5. Suppose this program owned by root and the SETUID bit is set. How would you attack this program to run arbitrary code as root?

#include <stdio .h>

#include <stdlib .h>

#include <string .h>

#include <sys/types .h>

#include <unistd .h>

int main(int argc, char **argv) {

setreuid(geteuid(), getegid());

system("echo ’Hello World!’");

return 0;

}

Listing 5: hello-world.c

Question 15

Refer to the code in Listing 6, a simple program that just echos user input (argv[1]).

#include <stdio .h>

#include <stdlib .h>

#include <string .h>

#include <sys/types .h>

#include <unistd .h>

int main(int argc, char **argv) {

setreuid(geteuid(), getegid());

char buff[100];

snprintf(buff, 100, "echo %s", argv[1]);

system(buff);

return 0;

}

Listing 6: echo.c

(a) Is this program vulnerable to buffer overflow? Explain. [2 marks]

(b) What malicious input could be provided to run arbitrary code as root,

if the SETUID bit is set, and the owner is root? Write a proof-of- concept exploit that prints the content of the shadow file (/etc/shadow). [2 marks]

[Total for Question 15: 4 marks]

Question 16

(a) ARP Cache Poisoning poisons the victim’s ARP cache table with a spoofed . [1 mark]

(b) Refer to the following table for the current IP addresses and MAC ad-

dresses of the Gateway, the Victim, and the Attacker. What are the correct arpspoof commands to execute in order to perform man-in- the-middle (MITM) attack?

IP Address

MAC Address