3809ICT Assignment Specification Due Time: 23:59, 31th May 2024 Weighting: 50% (Report 40%, Reflection/Peer-Review 10%)
This assignment is worth 50% of the total assessment for the course. It is designed for a group of four students. The group enrolment has been completed, and no further group changes should be made in principle.
This assignment aims to gain knowledge and understanding of penetration testing through research and practical experience. This understanding will be demonstrated by submitting a formal technical report of a penetration test.
You are also required to peer-assess your final submission and reflect on your assignment and how each group member has contributed to the final submission. This allows you to reflect on what you and your team members have learned from this assignment and what you need to enhance your knowledge and skills in security and penetration testing. Each group member should be awarded a mark out of 10 for peer assessment. This will be submitted as a separate assignment.
All group members shall receive the same marks unless in the situation that some group members had a significantly low contribution to the final report. Your group is encouraged to keep a working log and all your communication history in case of a dispute on the peer assessment. Support information for working in groups can be found here. Task The main task is to conduct a penetration test of a network. You will be required to write a report of your penetration test results. The assignment network will contain several host machines, and there will be flags (text strings) that you will need to identify on the machines. Each flag starts with the characters FLG24. For each flag you locate,代 写3809ICT Specification you should write up the process you used to access and find the flag. There are 15 or more flags that are not necessarily evenly distributed on the targets. The assignment theme is based on the game Elden Ring. And all flag strings are related to it. Instructions for Connecting to the Kali VM on MS Azure
You should have gotten an email that asks you to register for the MS Azure lab.
Click the blue button in the email, and you will be taken to a webpage.
Start running the cloud service (1), and then click the “network” button (2). Note
that step 1 may take a while. After clicking the “network” button, your browser
will download a connection file onto your computer.
Install Microsoft Remote Desktop (Google it) if you haven’t done it.
Double click the above connection file, and you will be presented with a log in window like below.
The password for undergraduate students is #Griffith3809ICT
Enter the password and click “Continue”, and you will log in to a Windows VM, like below.
Open the Remote Desktop application on the Windows VM (not on your computer). In the connection window, enter the IP address 192.168.10.1, which connects to the Kali VM.
Enter the IP address and click “Connect”, and then you will see a warning window. Click Yes, and then you should see the Kali login screen. The username for Kali is kali, and the password is kali (Same as your Cyber Range setup). Once logged in, you should see the familiar Kali OS.
The gateway 192.169.10.1 connects to the Internet.
For undergraduate students, the gateway 192.168.11.0/24 is for the assignment network.
Submission Please submit your assignment via the Canvas course site's 3809ICT/7809ICT Assignment Submission point under the Assessment Overview link. A separate link is also available to upload the peer review forms. The quality of the presentation of a formal technical report is as important as the quality of the technical content of the report in the profession.
The submission involves two documents: • Each group leader should submit a group report via the “3809ICT/7809ICT Assignment Submission” link. (Please note that only the group leader needs to submit this report. Please avoid submissions from other group members.) • Every student should submit a reflection/peer-review document on the Peer-Review Form Submission link. (Ensure you submit the correct assessment items to the corresponding submission links).
Your assignment will be assessed on: 1. The text of both documents should be in 12-point Times New Roman or 11- point Arial font or something equivalent and in single-line spacing. 2. Page size is A4 with 2cm in margins on all sides. 3. The body text of your group report should be at most 10 pages long, excluding appendices. 4. The group report is suggested to be organised with a cover page, executive summary within one page, declaration of contributions of each of your group members (within one page), table of contents, body text, and appendices. The presentation and format of your report are worth 2 marks. 5. The body text consists of your overall analysis (open ports, associated services, operating system) of each host and network map of the network (4 marks), a description of how each flag was found and obtained (30 marks, 2 marks per flag), and recommendations on how to protect the network against the attacks (4 marks). 6. The peer-review document should include your group members' contributions from your point of view. You should give each of the group members a mark out of 10. Your self-review is worth 3 marks, and the reviews you get are worth 7 marks. Academic Integrity Violation of academic integrity is not acceptable, and the university’s academic integrity policies and procedures apply. If potential academic misconduct were identified, the course convenor would investigate through oral exams on the assignment work to all group members. Academic misconduct (e.g., purchasing a report or directly copying from the Internet with no proper reference) will result in a reduced mark in this assessment item. Individual Assignment Extension The extension may be given to individuals on the grounds considered by the University policy. The group should submit the assignment report and peerreview forms by the deadline, clearly indicating the missing content to be done by the extension requester. After the missing part is submitted, the two parts of WX:codinghelp
