7809ICT 2020 T1
Assignment Specification
Due Date: 23:59, 5th June 2020
Weighting: 40% (Report 30%, Reflection/Peer-Review 10%), marked out of 40.
This assignment is worth 40% of the total assessment for the unit. It is designed
for a group of four students. While a group of three is also acceptable, groups of
two require strong justifications and are highly discouraged. A group of two or
individual attempts may be accepted only in exceptional cases and upon preapproval by the Convener. You will be assessed on this assignment from that
group.
The objective of this assignment is to gain knowledge and understanding of
penetration testing through research and practical experience. This
understanding is to be demonstrated by submission of a formal technical report
of a penetration test.
You are also required to peer-assess your final submission and reflect on your
assignment and how each member of your group has contributed to the final
submission (this will remain confidential). This gives you the opportunity to show
an ongoing reflection of what you and your team members have learned from this
assignment, and also on what you need to enhance your knowledge and skills on
security and penetration testing. Each member of the team should be awarded a
mark out of 10 for peer assessment. This will be submitted as a separate
document.
Forming Groups
First of all, you need to form groups and let your convenor and tutor know the
group members by sending an email to Qinyi Li (qinyi.li@griffith.edu.au) copying
to Reza Behbahani (r.behbahani@griffith.edu.au). The email should include the snumber, full names, lab day and time, and the campus of all your group
members. The email must be sent by 13th May otherwise you may be assigned
randomly to a group. You have freedom of the way you want to contact and
interact with group members.
Task
The main task is to conduct a penetration test of a network. You will be required
to write a report of your penetration test results. The assignment network will
contain several host machines and on the machines there will be flags (text
strings) that you will need to identify. Each flag starts with the characters FLAG.
For each of the flags you locate you should write up the process that you used to
access and find the flag. Note that some flags are encrypted, and you will need to
decrypt them.
You should set your Kali machine’s local IP address to 192.168.45.1.
Link to the virtual machines:
Host 1: https://cloudstor.aarnet.edu.au/plus/s/8rSLVAGdjioEPkM
Host 2: https://cloudstor.aarnet.edu.au/plus/s/gnqWo8XqNl6eYIX
Host 3: https://cloudstor.aarnet.edu.au/plus/s/IK5bDjmgrHzKh3O
Host 4: https://cloudstor.aarnet.edu.au/plus/s/hXr1fVLsBpm1lnc
You can verify whether your downloaded files are correct by checking the
following:
Host Checksums
| OVA File | MD5 checksum | Size |
| AssignmentHost1.ova | 57172f2e99141051d3b11aff2936687e | 3.8GB |
| AssignmentHost2.ova | 059c24a1a8c4a57afc25ca40a592f58b | 3.8GB |
| AssignmentHost3.ova | 45086f22187a2fb655a971a17dd60ca3 | 0.83GB |
| AssignmentHost4.ova | 254302751c84852f4377bb3988fe6d5d | 1.3GB |
Overview of the hosts:
Host 1: 3 flags. Difficulty: Normal.
Host 2: 3 flags. Difficulty: Hell.
Host 3: 3 flags. Difficulty: Inferno.
Host 4: 3 flags. Difficulty: Nightmare.
Submission
Please submit your assignment on the Learning@Griffith website under the
Assessment section. The submission involves two documents:
• Each group leader should submit a group report via the “Assignment
Report” link. (Please note only the group leader needs to submit this
report. Please avoid submissions from other group members.)
• Every student should submit an individual reflection/peer-review
document via the “Reflection-Peer-Review Report” link. (Make sure you
submit the correct assessment items to the corresponding
submission links).
Your assignment will be assessed on:
1. The text of both documents should be in 12-point Times New Roman or 11-
point Arial font or something equivalent, and in single space.
2. Page size is A4 with 2cm in margins on all sides.
3. The body text of your group report should be no more than 10 pages in
length excluding appendices.
4. The group report is suggested to be organised with cover page, executive
summary within one page, declaration of contributions of each of your
group members (within one page), table of contents, body text, and
appendices. The presentation of your report is worth 2 marks.
5. The body text consists of your overall analysis (open ports, associated
services, operating system) of each host and network map of the network
(2 marks, 0.5 marks per host), description of how each flag was found and
obtained (24 marks, 2 marks per flag), and recommendations on how to
protect the network against the attacks (2 marks, 0.5 marks per host).
6. The peer-review document should include the contributions of your group
members from your point of view. You should give each of the group
member a grade out of 10. Your self review is worth 3 marks, and the
reviews you get are worth 7 marks.
An example network map is given below, you need to discover the IP addresses
(and other useful information) of the target hosts using Nmap (note that it may
not resemble the exact network structure of this assignment):
Name_of_local_
machine
192.168.?.?
Name_of_local_
machine
192.168.?.?
Internet
192.168.?.?
The post 7809ICT Assignment Specification appeared first on My Assignment Online.
