User Account

All Pages

How software vulnerabilities can be exploited

Assignment Help Computer Network Security
Reference no: EM131267222

Objectives:

The main objective of this assignment is for the students to understand the security mechanisms in Unix-like operating systems and their interplay with software security, in particular:

- to learn practical access control mechanisms in Unix operating system, such as files and folder permissions and SUID programs, and how application security is affected by them;

- to learn how software vulnerabilities can be exploited to circumvent security mechanisms in both applications and operating systems.

Problem Description:

There are three problems in this assignment. To do this assignment, you will make use of an installation of Ubuntu Linux 12.04 (32 bit) in the Oracle VirtualBox virtual machine. The VirtualBox image of the Ubuntu installation is provided with this document and can be downloaded from the NTULearn site for this assignment, under the Group assignment menu. The assessment of the solutions to the problems listed below will be entirely done inside this particular installation of Ubuntu.

The Ubuntu installation for this assignment is a clone of the Ubuntu image provided for the tutorial sessions. In particular, it has the following users: admin, alice, bob, charlie, dennis, eve and fong.

User admin has the administrative privilege over the system, i.e., it can escalate its privilege to the root user.

The user bob maintains several applications that allows a user to access a certain ‘secret', when the right password is provided. These passwords are different from the user account passwords. To distinguish the two, we shall call these passwords as application passwords. Every user is assigned a unique secret and a unique application password. The secrets take the form of a string of alpha numeric characters. The application passwords and the secrets are stored in individual files. The locations for these files are summarized in Table 1. The application passwords are strings of lower- case letters, of length at most 14 characters.

IMPORTANT NOTE: Appendix A provides the account passwords, the application passwords and the secrets for all users. All these passwords and secrets, except those for user ‘charlie', will be changed during the assessment of your solutions. So your solutions must not hardcode any of these passwords and secrets other than charlie's.

User name

Application password file location

Secret file location

admin

/home/admin/Private/password

/home/admin/Private/secret

alice

/home/bob/Private/alice/password

home/bob/Private/alice/secret

bob

/home/bob/Private/bob/password

home/bob/Private/bob/secret

charlie

/home/bob/Private/charlie/password

home/bob/Private/charlie/secret

dennis

/home/bob/Private/dennis/password

home/bob/Private/dennis/secret

eve

/home/bob/Private/eve/password

home/bob/Private/eve/secret

fong

/home/bob/Private/fong/password

home/bob/Private/fong/secret

Table 1. Locations of application passwords and secrets. Each password is stored in a file called ‘password', and each secret is stored in a file called ‘secret'.

There are three main programs that a user can use to display his or her secret:

- user-secret: This program is used to access the secrets for the following users only: alice, charlie, dennis, eve and fong. It takes two arguments: a user name and an (application) password. If the application password supplied is correct for that user, the secret for the user will be displayed. The following screenshot shows an example of the output of a normal run of the program.

- bob-secret: This program is used by user bob to access his secret. It takes one argument, which is bob's application password. If the password is correct, bob's secret will be displayed. The following screenshot shows an example of the output of a normal run of the program.

- admin-secret: This program is used by user admin to access its secret. It takes one argument, which is admin's application password. If the password is correct, admin's secret will be displayed. The following screenshot shows the output of a normal run of the program.

In addition to the above three programs, there are additionally two helper programs:

- show-secret: This program is invoked by bob-secret to display bob's secret, in case of a successful authentication check. It is not supposed to be invoked by the users directly.
- register: This program is invoked by bob-secret to display an error message in case of an unsuccessful authentication check. It is not supposed to be invoked by the users directly.

All of the above programs, except for register, are SUID programs. Table 2 lists the locations of the binaries of the programs. The source code of these programs are written in C and are located in the same directory as their binaries. For your convenience, the source code of these programs are included in Appendix B.

There are further details about the permissions of each program above that you need to discover on your own. Pay particular attention to the SUID programs and their owners.

Table 2. Program locations

There are 3 (three) problems you need to solve for this assignment. For each problem, you are asked to write an attack program or script. These attack programs/scripts must be executed using user charlie's account. So in the following, we assume all attack programs/scripts are located in
/home/charlie/.

Problem 1

Your first task is to write an attack script or a program to display the secret of any of the following users: alice, charlie, dennis, eve, or fong. The attack program takes one argument, which is the user you want to attack. The attack must work when executed by user charlie. If your program/script works correctly, it should show something that looks like the following:

1012_figure.jpg

That is, each successful attack should display the word ‘Secret: ‘, followed by a string that is the secret.

Problem 2

For this problem, you are asked to write an attack script/program to display bob's secret. The attack program takes no argument. As in Problem 1, this attack must work when launched by user charlie. The following screenshot shows what a successful attack should look like:

1821_figure1.jpg

Problem 3

For Problem 3, you are asked to write a script/program to display the application password and the secret of the admin user. The attack program takes no argument. A successful attack should output something like the following:

1754_figure2.jpg

Again, as in previous problems, this attack must be successfully executed when logged in as charlie.

The attack should output two lines: the first one contains the application password (the line prefixed by ‘Password:') and the second one contains the secret of the admin user (the line prefixed with ‘Secret:').

Assessment

The assessment is based on two components:

1. Attack code execution: This is broken down to 15% for Problem 1, 15% for Problem 2 and 20% for Problem 3. The assessment of the correctness of your attack will be partially automated, so please make sure you follow the suggested output format as mentioned in the problem description above. Your solutions will be tested in the same virtual machine that is provided with this assignment, but with all password and secret values modified (except for charlie's passwords and secret). So you should make sure that you do not hardcode any of the sample passwords/secrets, other than charlie's, mentioned above in your solutions, as they will not work in the assessment process. Each attack must be successfully executed within 2 (two) minute. This is really a gross approximation; if you implement the attacks correctly, each attack should take only a few seconds to solve the given problem.

2. Report- There is no definitive structure of the report, but here are some guidelines of what we would expect from the report:

- As a general guideline we expect a division into three parts, corresponding to the division of the problems. But if you are able to find a single attack that solves all problems, in which case, the division per problem does not work so well and the report will be judged more holistically.

- We expect a detailed analysis of what are the vulnerabilities and how you exploit them. It is not enough, for example, to say that you do a ‘stack overflow' attack. You'd need to explain about the memory layout, what is the effect of the overflow, how do you subvert the control flow of the program, etc. Similarly, where the problem/solution concerns Unix security mechanism, I expect you to articulate clearly the aspects of the control mechanism that cause the vulnerability, and how you exploit them.

Reference no: EM131267222

Questions Cloud

What functionality did the site provide : 1. What functionality did the site provide? 2. How was information on the site organized? 3. Was the site easy to use? Explain
Find a binary matrix : How to apply network flow to find a binary matrix with given row and column sums?
What seems to be the message of each ad : What seems to be the message of each ad? How does the item help create or reinforce an image for the product being sold in the ad?
What are programming and algorithms : What are programming and algorithms? How are programming and algorithms related to our everyday lives?
How software vulnerabilities can be exploited : CE-CZ4062 Group assignment - CE4062-CZ4062: COMPUTER SECURITY (SYSTEM SECURITY) - Assignment is for the students to understand the security mechanisms in Unix-like operating systems and their interplay with software security
Listing of cricket matches score : Write a program in C++ to have a good game in the listing of Cricket Matches score update with ranking.
Bookkeeping aspects of a library : A university library system needs to be built in order to handle the bookkeeping aspects of a library and provide user-browsing facilities. The system allows borrower to search for a book on a particular topic or by a particular author. The borrow..
Explain how decisions are improved : Describe one or two examples of decisions that could be made using the information provided by managerial accounting. Provide specific examples and explain how decisions are improved when the information is used accurately
Evaluate how human resources development programs : Evaluate how human resources development programs that address the unique needs of some employees can be implemented to increase goodwill, attract, and retain quality employees.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Most important characteristics of cyber warfare

How has the nature of cyber warfare changed in the past 5 years from an economic, social and government perspective and how will it change in the next 5 years?

  How rtsp vary from http in keeping client state information

How does RTSP differ from HTTP (a) in maintaining client state information; (b) in terms of in-band, out-of-band traffic?

  Evaluate the viability of biometric authentication methods

Describe your experience working with your chosen security-related tools. Analyse which aspects of the tools will be useful for security purposes for experts and for normal users.

  Protocol stack for wap2

WAP protocol, cellular network infrastructure, SSL protect against eavesdropping, network datagrams (packets) be protected at the network layer, pin and fingerprint, Certificate Revocation, Public Key Infrastructure, modern symmetric algorithm bl..

  Write an authenticated key establishment protocol

Write an authenticated key establishment protocol for A and B to establish a session key - Write a concrete private handshake by using a zero-knowledge proof technique.

  Primary steps to database design

We explored the 2-primary steps to database design - conceptual design and physical design. We discussed importance of having representatives from all key stakeholders in conceptual design to ensure accuracy of the design.

  What is computer security

Computer security is integral part of any organization, if any organization hasstarted working in, immediately it should start Computer security for its systemif they want to protect their system for future.

  What additional level of internet protection have children

What additional level of internet protection should children have over adults? Provide explanations for the following situations:

  Patton-fuller community hospital networking virtual

resource patton-fuller community hospital networking virtual organization or an organization you are familiar with

  Mobile devices security

Mobile Devices Security

  Explain about cnss model

The CNSS model, examine each of the cells and write a brief statement on how you would address the three components occupying that cell.

  Discuss specific malware and social engineer attacks

Discuss specific malware, social engineer, or any other type of attacks you would deploy to achieve your desired goals

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd