[Lab-Pentest] Metasploit RAT

This question is designed to gain more experience on symmetric encryption algorithms, encryption modes. The cryptographic library implemented by OpenSSL project will be used in this question. Using OpenSSL from the command line interface Create a new text file using a notepad or any other software, The text file contains your name(first 8 chars) and the file must be exactly 8 bytes in size only and name it “txt”. Print screen of your public ip address, repeat it twice and convert it to hexadecimal format then Create another text file and name it “key.txt” contains the doubled IP address in hexadecimal format. Encrypt the file “txt” using DES, using key.txt as a key and ECB mode of operation. The ciphertext should be in a file named “your_id.enc” and print screen your steps in details. [ Prove and explain by details that the avalanche effect is exist in DES algorithm. you don’t have check the existence of avalanche effect using different plaintext only you can use different keys to…

Last Stage of Delirium, a security study organisation, created some clean portbinding shellcode for Linux. Shellcode that is clean is shellcode without any NULL symbols. As was already stated, NULL characters prevent the majority of buffer overflow vulnerabilities from being exploited properly because the function stops copying when a NULL byte is encountered. E

Regenerate code in Python to run in the server program; while the first client is running, start ten other clients that connect to the same server; these clients should be created in the background with their input directed from a file. What happens to these ten clients, do their connect()s fail, time out, or succeed? Do you know if any other calls block? Now, could you let the client exit? Explain what happens

It is often claimed that passwords do not get saved as plaintext anywhere in systems, and even the system administrator does not know your password. Given what you learned about hash functions. Explain how such a claim is possible. In other words, how do systems perform authentication without having to store passwords in a format that can be read by the system administrators. Authentication is primarily the process of verifying that provided password is correct. Design a simple authentication system and implement the following two methods: def signup(username, password      '''store the user credential so that the system knows how to authenticate the user in the future (when login() gets called).'''def login(username, password):     '''returns True, if the provided username and password are correct'''

UDP Task    In the program explained during the lab, in the client side The OS assigns the port number automatically. The client sends a line of characters (data) from its keyboard to server. Update the client side of program so that it takes 2 arguments The port it will bind to. The message that will be sent to the server.   Keep the server side of program as it is Use the screenshots in the presentation as a reference check the testArg.py --> an example to show you how to use arguments TCP Task  In the program explained during the lab the client sends only 1 message to server ‘hello from tcp client’ server responds with the uppercase message.   Update the program / make a simple chat program so that Client can send/receive multiple messages to server. A special exit message is used to disconnect ‘Exit’. Each time client sends a message, server responds with a confirmation of receiving it and its length (use the screenshots in the presentation as a reference)…

UDP Task    In the program explained during the lab, in the client side The OS assigns the port number automatically. The client sends a line of characters (data) from its keyboard to server. Update the client side of program so that it takes 2 arguments The port it will bind to. The message that will be sent to the server.   Keep the server side of program as it is Use the screenshots in the presentation as a reference check the testArg.py --> an example to show you how to use arguments TCP Task  In the program explained during the lab the client sends only 1 message to server ‘hello from tcp client’ server responds with the uppercase message.   Update the program / make a simple chat program so that Client can send/receive multiple messages to server. A special exit message is used to disconnect ‘Exit’. Each time client sends a message, server responds with a confirmation of receiving it and its length (use the screenshots in the presentation as a reference)…

A small insurance company has an online application system that allows its customers to interactwith the business (e.g., log claims). Backups of the customers’ details are done on a spreadsheetdocument stored on Google drive. However, anyone who has access to the Google drive link ofthe file can view and modify all the customer details. On the backup, the system administratordoes not have visibility of the modifications made on the file.  By analysing the scenario above, use the security design principles to criticise theoperations of the small insurance company and propose any two simple controlsthat could influence a good security program.

Sharon recently lost an encryption certificate that rendered some of her EFS-encrypted files unrecoverable. To prevent a similar situation from arising in the future, she wants to create a recovery certificate for recently encrypted files. She creates the recovery certificate.What should Sharon do next?   a. Run cipher with the /r:filename option, where filename is the name of the recovery certificate   b. Import the recovery certificate into the local security policy as a data recovery agent   c. Use the public key of the recovery certificate to encrypt the symmetric key   d. Run cipher with the /u option to update the existing encrypted files

An underground resistance group wants to write articles with completely differ- ent security goals. The resistance group shared a secret at the last resistance meeting that they can all use for these articles. Here are their goals: Only users with the shared secret should be able to upload to the server. Only users with the shared secret should be able to read the articles. Any changes to the article should still be easily detectable The resistance is paranoid about both quantum computers and any mod- ern encryption algorithms so they want to avoid public key cryptography. They only trust AES (symmetric key encryption) and SHA-256 (crypto- graphic hashing) since these have been around for decades and are resistant to quantum computers. Write a protocol for the underground paper to authenticate authors before publishing to the server. (HINT: Make sure that this protocol cannot be tricked by someone who has been listening to the previous article upload) Write a protocol for the server…

How a virus-infecting executable may add itself to an executable. Why must modifications be made to the executable?

A. COPE is a more relaxed version of BYOD where employees can choose from a list of company-approved devices. True False   B. A router crushing can be classified as an event True False   C. In Linux file systems, a useful tool is the archive bit in each file’s property. True False

Computer forensics Discuss some advantages and disadvantages of setting up a forensic workstation based on any distribution of Linux.

@@@@@   Scenario 1: You are an Application Security Analyst recently your manager asked you to work with the application development team to assist and meet the security requirements for the upcoming projects. The application team wants you to highlight the secure password requirements for the application in development. Based on your knowledge highlight the authentication process in Windows, like the hashing function, encryption standard etc.   answer with in 4-6 line       answer with in 4-6 line

Attacker VM Operating system: Linux (Kali) In this project, you need to perform http DDoS attack to make the web server unresponsive to the client. To do so, you need to install an attack tool such as Hulk or GoldenEye on the attacker VM and configure the tool to launch the http DDoS attack.

Computer Science in linux An important concept in computer security is the principle of least privilege. Each user must be able to access only the information and resources that are necessary for legitimate purposes and activities. With the “principle of least privilege” in mind, how would you configure your Unix/Linux system to designate a small set of users as printer admins? For example, users steve and bob will need to perform printer administration tasks. This includes running the lpadmin, cupsaccept, cupsreject, cupsenable, cupsdisable, cancel and lprm commands as root. How will you configure the system to allow these printer admins to do their jobs without having any other kind of root user access? Provide the relevant config file entries. (Absolute pathnames required for commands)

Instructions: 1. Read: Computer Security Fundamentals, 4th edition (Chapter Eight) 2. Answer: Answer the following questions: • Question 1: It is easy to use encryption to hide messages inside of other objects. Steganography is the art of hidden writing. You can get Hide In Picture (HIP) at https://hide-in-picture.soft112.com/.. You can then encrypt a message or even a program that can be extracted by using an encryption key. Download HIP, hide a text message in a picture, and send the picture and key to your classmate to see whether he can extract the secret message. How could you detect hidden messages in web page images? Individual Assignment 2 • Question 2: ROT13 is an interesting encryption algorithm in that it has no key. It uses a form of the Caesar cipher to encrypt text. Try encoding a message by entering text in the box at http://www.rot13.com/. Exchange your encrypted message with someone else in class. Then enter their coded message you've received into the text box.…

Write a bash script using GREP to detect the following scenario: display all Users who have logged in during non-office hours (8:00AM to 5:00PM).

Are you in agreement with the statement that "there is no idea of client and server sides of a communication session" while using an application that facilitates peer-to-peer file sharing? There are both positive and negative reasons for doing this.

Could you please tell me more about the security measures that you intend to use on the Linux servers?

Help with Python coding issue    The Linux operating system is a very popular server OS. A network administrator has to protect the login/password files stored on the servers. In Linux there are two important files: /etc/passwd And it contains rows that look like this: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin user1:x:15:51:User One:/home/user1:nologin user2:x:15:51:User One:/home/user1:nologin user3:x:15:51:User One:/home/user1:nologin This file contains login information. It's a list of the server's accounts that has userID, groupID, home directory, shell and more info. And the second file /etc/shadow, contains rows that look like this: root:$1$TDQFedzX$.kv51AjM.FInu0lrH1dY30:15045:0:99999:7::: bin:*:14195:0:99999:7::: daemon:*:14195:0:99999:7::: adm:*:14195:0:99999:7::: ftp:*:14195:0:99999:7:::…

How to remove the item from the cart if the quantity is 0? I have included my code below that I am confused about how to implement this on.   <?php   session_start();   $page = 'cart';   //DATABASE CONNECTION INFO   include_once ('includes/database.php');   include_once ('includes/header.php');   if(!isset($_COOKIE['loggedIn']))   {     header("location: login.php");   }   if (isset($_POST['update']))   {     for ($x = 0; $x < sizeof($_SESSION['quant']); $x++)     {       $quant_id = 'quant_'.$x;       if($_POST[$quant_id] > 0)       {         $_SESSION['quant'][$x] = $_POST[$quant_id];       }       elseif($_POST[$quant_id] == 0)       {         //HOW DO I REMOVE THE ITEM FROM THE CART IF QUANTITY IS = 0?       }       else       {         echo "Quantity must be greater than 0 to purchase.";       }     }   }   if(isset($_POST['remove']))   {     //HOW DO I REMOVE THE ITEM FROM THE CART IF THE "REMOVE" BUTTON IS CLICKED?   }   if(isset($_POST['submit_order']))   {…

When dose buffer overflows occur     Buffer overflows occurs when we do not properly account for the size of the data input into an application.     When there is an escalation of privilege in an application     When there is no appropriate authentication mechanism     When authorization is not implemented on a given application.

Winona has set up AppLocker rules to protect computers on the company network from being infected by malware. Despite this, one of the computers is infected by malware. She identifies that the malware infected the computer when a user ran a malicious .exe file. Which of the following prevented the AppLocker rules from being evaluated?   a. A Path rule does not allow software to run from C:\Program Files\.   b. The Windows Installer rules are not configured.   c. The Executable rules are enforced and not audited.   d. The Application Identity service is configured for Manual startup.

: Can I spoof my address during an exploit that uses reverse port-bindingshellcode?

Knoppix is a Linux distribution that can run entirely from a CD or DVD. Discuss the possibility of using Knoppix (or other similar distributions) as a forensic boot disk.

The fingerprint-based voting application can recognize users based on their fingerprint patterns. Since fingerprint authentication is unique for each person, the system can quickly identify the voters using their fingerprints. Naturally, a voter can vote for a candidate only once. The Admin adds all the names and photos of the candidates nominated for the election. The Admin then authenticates users by verifying their identity proof, and after verification, the voter is registered in the system. Furthermore, the Admin even enters the data when the election will end, after which the system will automatically delete the names and photos of the candidates and voters. The users can log in to the system via the unique user ID and password given by the Admin and then use their fingerprints to vote for their preferred candidate. Once the election is over, and the votes are counted, Both the Admin and users can view the election result using the election ID.   In the capacity of a System…