Scribd
Upload
33 views7 pages

Ethical Hacking - Assignment

Uploaded by

Jack Bunny
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views7 pages

Ethical Hacking - Assignment

Uploaded by

Jack Bunny
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

18/03/2024, 18:48 Ethical Hacking - Assignment

Ethical Hacking Ethical Hacking Course Course Programme Slides and Doc

Assignment

https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 1/7
18/03/2024, 18:48 Ethical Hacking - Assignment

Ethical Hacking
Ethical Hacking Assignment
Ethical Hacking Course Course Programme Slides and Doc

Specification
Overview
Register your group
For this assignment you will be working in groups of up to 4 people.

Please register your group as soon as possible, and no later than the end of March 2024, using this form (you must be logged
in with your student account to fill in the form).
Shortly after the submission deadline, you will be assigned a group number that you will need to use when submitting your
assignment.

If you don't have a group but still wish to work on the assignment, use the form above, following the instructions
provided there.

This assignment consists of two phases.

Phase 1: Designing and Configuring a Vulnerable VM


1. VM Design: You will design a virtual machine (VM) containing deliberate vulnerabilities based on the specifications
outlined in the "VM Specification" section. This VM must provide some ways for pentesters to first obtain remote access
(e.g., through a vulnerable service) and successively escalate privileges (obtain root).

2. VM Report: Create a written report documenting the following:

Vulnerable Services and Programs: Detail the specific vulnerabilities you introduced into the VM.

Attack Path Scenario: Explain your vision for how a penetration tester could gain root access to your VM. This
includes outlining the vulnerabilities they might exploit, and the likely steps involved in escalating privileges.

3. Submission: By the deadline (specified in the "Deadline and How to Submit" section), each group must submit both the
report and upload the VM using the instructions provided.

Phase 2: Penetration Testing a Randomly Assigned VM


1. Penetration Testing: Each group will be randomly assigned a VM designed by another group. Your objective is to identify
and exploit vulnerabilities within this assigned VM to achieve the following:

Gain Local Access: Establish initial access to the operating system on the VM.

Escalate Privileges: Gain root privileges on the VM, allowing complete control of the system.

2. Penetration Testing Report: Following the completion of your penetration testing activities, create a second written
report detailing your efforts. Refer to the "Reports Section" for specific report requirements.

3. Submission: By the deadline (specified in the "Deadline and How to Submit" section), each group must submit the second
report following the instructions provided.

https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 2/7
18/03/2024, 18:48 Ethical Hacking - Assignment

VM Specification
Ethical Hacking Ethical Hacking Course
The VM will be based on Ubuntu Server 20.04 LTS 64-bit (link) and must work with VirtualBox (6.1).
Course Programme Slides and Doc

The VM should expose several services, a subset of which should have hidden vulnerabilities that can be exploited to obtain
local access.
Some examples of vulnerabilities that can be exploited to obtain local access include the following:

Outdated version of a service with known exploits (see https://www.exploit-db.com/).


Poorly configured service
Weak credentials for a service (e.g., SSH)
Web application vulnerable to XSS/SQLi

The VM must also provide various ways for a local user to escalate privileges and obtain root access. Some examples include
the following:

Outdated versions of programs with known exploits


Poor system configuration (see Hacking Unix — Local Access class)

Weak root password


User-written vulnerable programs

The vulnerabilities you introduce in the VM must be realistic, meaning they could be found in real systems. For instance, a
system misconfiguration that leads to a vulnerability, such as wrong permissions being assigned to a sensitive file/directory,
is realistic since it could have been mistakenly changed by a bugged automated script or something similar. On the other
hand, hiding the password for a root user in an image on a random web server page is unrealistic.

VM Requirements

The VM file must be named as follows: VM_xxxx, where xxxx is a randomly generated 16-digit number. For instance,
using:

python3 -c "import random; print(f'{int(random.random()*(10**16)):016d}')"

The name of your VM must be included in the first report.


Your VM must provide 3 different paths to obtain local access (easy, intermediate, hard), and 3 different paths to
escalate privileges (easy, intermediate, hard).

User-written vulnerable programs, if used, must satisfy the following criteria:


Source code must be available and placed in a directory in the VM that is accessible as a non-root user. No code
obfuscation should be used.
The program should be in C, and the source code must include comments to explain some sections briefly.

If the vulnerability to be exploited is a buffer overflow, buffer overflow protections must be permanently
disabled (stack smashing protection, non-executable stack, address space layout randomization, ...). You must
ensure that the vulnerability in your code is effectively exploitable (i.e., try it yourself and make sure it works as
expected).

If you are unsure about a vulnerability you want to add to the VM, please write to us and ask about it
([email protected], [email protected]).

VM Penetration Testing
The pentester will start with no access to the target VM (i.e., they can reach the VM through the network but has no
https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 3/7
18/03/2024, 18:48 Ethical Hacking - Assignment
The pentester will start with no access to the target VM (i.e., they can reach the VM through the network but has no
credentials to access any service on the machine). The pentester will have to scan and enumerate the system to find a way to
Ethical Hacking Ethical Hacking Course Course Programme Slides and Doc
obtain local access.
Once the pentester obtains local access (e.g., by exploiting an outdated, vulnerable service, SQL injection, ...), they must find a
way to escalate privileges and obtain root access. After obtaining root privileges, the pentester must establish a way to
maintain persistent access to the system (for instance, in case the vulnerable service is patched in the future) and clean
traces of his actions in the VM.

Evaluation Criteria
The evaluation will be based on the following factors:
1. VM setup and first report (50% of grade)

Quality of the report: we don’t require a long report detailing your VM. However, it should be clearly structured, and
we should be able to clearly understand how you designed your VM and what attack paths you created.
How hard was it for the group that received your VM to exploit it? Did they find all the vulnerabilities you designed?
The more vulnerabilities are found and successfully exploited, the lower the score of this part of the evaluation
will be. Therefore, telling the other group how to exploit your VM is not a good idea :-)

How original are the attack paths that you designed in the VM? Interestingly, more thought-out vulnerability paths
are preferred and will have a higher grade.
2. Pentesting and second report (50% of grade)

How many attack paths did you discover? The more you find, the better the evaluation.

Quality of the report. We don’t require a long report detailing everything you tried and didn’t work, but you should
make clear what vulnerabilities you found, how you exploited them, and why the attack worked. You should also
discuss how you set up persistent access and how you cleaned your traces.
How well did you clean up after yourself? Did you leave traces? How did you maintain persistent access, and how
easy is it to spot?

Reports
You will have to produce two PDF reports for this assignment: one on the setup of your VM and one describing your
pentesting activities. The length of the reports is not relevant; the content is what matters. Both reports must include your
group number, name, family name, student ID, and email.
The report name must have the following format: groupXX_report#.pdf, where XX is the number of your group, and # is the
number of the report (1 or 2).

1. The first report details your VM setup and, particularly, what vulnerabilities you designed and what attack paths you
expect the pentester to follow (i.e., what they should do to go from remote access to root). Length is unimportant, but you
must explain clearly each vulnerability and decision you took. Moreover, for each vulnerability you added to the VM,
you must discuss why it is realistic and could be found in a real-life system.
2. The second report details your pentesting activity. In particular, it should concisely describe what vulnerabilities you
have found on the VM, how you have found them, how you exploited them, and why they worked. Once again, word
count is not considered a plus in the evaluation, but you must clearly explain each step you took in your pentesting
activity and why you took it. You do not need to describe everything you tried and didn’t work, but we expect you to
explain your thought process in looking for vulnerabilities and how you discovered the specific vulnerabilities of the VM
assigned to you.

Deadlines and How to Submit


The two written reports must be uploaded using the following google forms (you must be logged in with your student
account to fill in the form):
https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 4/7
18/03/2024, 18:48 Ethical Hacking - Assignment

Form 1 — VM and Intended Exploitations Report


Ethical Hacking Ethical Hacking Course Course Programme Slides and Doc
Note: in past years, most machines were no bigger than 4 GB, try to reduce the filesystem size before uploading (just
as an example: shrink size of ova file in virtualbox)

The VM must follow the naming scheme defined in Section VM Requirements above

Form 2 — Penetration Testing Report

Tentative deadlines for the assignment (will be updated soon):

1. 30 April 2024 at 23.59: first report and VM (phase 1)


2. 25 June 2024 at 23.59: second report (phase 2)

F.A.Q.

Q: Can I use hardening on the VM (e.g., firewall, banner hiding)?


A: No, VM hardening is not allowed

Q: Which format should I use to export the VM?


A: You can export it as an OVA file

https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 5/7
18/03/2024, 18:48 Ethical Hacking - Assignment

Ethical Hacking Ethical Hacking Course Course Programme Slides and Doc

https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 6/7
18/03/2024, 18:48 Ethical Hacking - Assignment

Ethical Hacking Ethical Hacking Course Course Programme Slides and Doc

https://sites.google.com/a/di.uniroma1.it/ethical-hacking/assignment 7/7

You might also like