Demonstration of penetration testing tools

 

Assessment Details and Submission Guidelines
Trimester T2 2019
Unit Code MN623
Unit Title Cyber Security and Analytics
Assessment Type Individual Assessment (Assignment one)
Assessment Title Demonstration of penetration testing tools
Purpose of the assessment (with ULO Mapping) Students should be able to demonstrate their achievements in the following unit learning outcomes: a. Implement and evaluate security testing tools in a realistic computing environment
Weight 15%
Total Marks 100
Word limit 1000 – 1500 words for the report and the length of the video should be no more than 8 minutes
Due Date   11:55 PM, Wednesday Week 7 (30/08/2019) 
Submission Guidelines All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.  The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2.54 cm margins on all four sides of your page with appropriate section headings.   Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style.
Extension • If an extension of time to submit work is required, a Special Consideration Application must be submitted directly on AMS. You must submit this application three working days prior to the due date of the assignment. Further information is available at:  http://www.mit.edu.au/about-mit/institute-publications/policiesproceduresandguidelines/specialconsiderationdeferment  
Academic Misconduct     • Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at:http://www.mit.edu.au/about-mit/institute-publications/policiesprocedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy- Procedure.For further information, please refer to the Academic Integrity Section in your Unit Description. 

July, 2019

Assignment Description

For this assignment, you will evaluate two password cracking tools and write a report with video presentation on how you will perform penetration testing on the eCommerce platform and Linux-based FTP webserver to identify their security vulnerabilities and breaches.

Marks will be awarded based on the sophistication and the difficulties the demonstration explored.

Your task is to complete and make a video presentation and writing a report on the following:

  1. Download and install (on your computer or on MIT Virtual box) any two of the password cracking tools from Table 1.
  • Outline of your presentation should include description of the tools.
  • Demonstrate how to use these tools to crack the password.  Your demonstration should include:
    • Discussion on        the       password         cracking           counter

                                                     Measures, and                     

  1. Explanation of how to use these tools to crack the password.
  • Comparison of the tools that you used in this work. Your comparison could include:
  1. Time is taken to crack the password
    1. Ease of usage 
  • Analyse the following scenarios and give your opinion on which of the tools that you investigated could be more suitable for these scenarios. In your analysis, please consider the following:
  1. Discuss how you will perform penetration testing on the eCommerce platform and Linux-based FTP webserver to identify their security vulnerabilities and breaches.
  • You should appear in the video at the first and last 30 secs to introduce yourself and draw a conclusion on your experience with the security tool. 

Case Scenario:  Your client is Mr. Daniel Gromer who runs a chain of clothing shops in Australia. Mr Gromer runs over 50 clothing shops in Sydney and Melbourne targeting female customers in their early twenties with moderate budget. Mr. Gromer has recently taken an interest in online business as he realized that many of his competitions have moved onto the online platforms reducing their expenditure significantly. Mr. Gromer has hired a team of web developers (located overseas) to develop and their new online shop is ready to launch in May 2019. Mr. Gromer has no IT background but he is aware of many cases where the websites were hijacked and lost fortunes alongside ruining their digital reputations. 

Mr. Gromer has approached the PureHacking.com to assess his new eCommerce website and report any vulnerabilities ahead of its launch as Mr. Gromer is aware that he may get only one chance at the online success and if the website security is breached, he can face major loss in his investment.

Mr. Gromer informs: his eCommerce website is using WooCommerce plugin implemented on the WordPress website platform and the entire website is running on Linux webserver. The website developers have been using FTP to upload the website contents to the Linux webserver.

Length of Video: Introduction (30 secs approximately, your appearance should be in the video) + Outline of the presentation (30 secs approximately) + Demonstration of the task (260 seconds approximately) + Comparison of the Tools (30 seconds approximately) +Analysis of the scenario (40 secs approximately) + Conclusion (30 secs approximately, with appearance). The total length of the presentation should not more than 8 minutes (mark would be deducted for over-length presentation). 

Table 1: Password cracking tools

Serial # Name of the password cracking tool
1 John the Ripper
2 Rainbowcrack
3 Cain & Abel
4 Ophcrack

You may use any of the available open source software for screen capture. Please find the following as an example.

Software:- http://camstudio.org/ Submission Guidelines:

  1. Name your video with your student number and name.
  2. Upload Video on your Youtube account
  3. Copy the Video Link to a file (word document) and 
  4. Upload it into the MOODLE

To upload on Youtube, you must create your account on youtube. If you have a google account (gmail), you already have one on youtube. Videos must be of one of the following formats: .MOV, .MPEG4, MP4, .AVI, .WMV, .MPEGPS, .FLV, .3GPP, and .WebM. Once you have an account, to upload your video, click on the ‘upload’ button located at the top right-hand corner of your youtube.com webpage. To keep your uploaded video unsearchable by people so that random people cannot view your video(s), you have to select the privacy mode from the drop-down menu on the upload screen to be ‘Unlisted’. This way, your video is viewable by only those who have got the URL of your video. Make sure you copy and paste your video URL in the file submitted on MOODLE for your marker to be able to watch and mark it!

  Marking criteria:

  Example of marking criteria is shown in following table. Marks are allocated as follows:

Section to be included in the report Description of the section Marks
Introduction Student should introduce with his/her physical appearance in the video.  10
Outline Outline of the whole presentation including tool description. 5
Demonstration Demonstrate (narration of your actions recorded by video) all steps from the respective project. 30
Comparison Compare the two tools investigated. 10
Analysis Analysis of the scenario. 15
Penetration test Identifying vulnerabilities in Web and FTP server  15
Conclusion Draw a conclusion on your experience with the Security Software.  10
Reference style   5
  Total 100

Example Marking Rubric for Assignment #: Total Marks 100

Grade Mark HD 16-20 DI 14-15 CR 12-13 P 10-11 Fail <10
  Excellent Very Good Good Satisfactory Unsatisfactory
Introduction /10 Appearance is clear, easy to follow, well prepared and professional Appearance is clear and easy to follow. Appearance is clear and understandable Makes an appearance and provides an introduction. Does not make an appearance in the video at the start of video
Outline /5 Create a very nice bullet point outline and well presented it before the demonstration started A bullet point outline is provided and presented before the start of the presentation   Explained and there is screen showing a written outline but there is room for improvement.   Explained but no screen showing a written outline. The outline is not done properly.
Demonstrati on /30 Very professional, clear and easy to follow. Professional, clear and easy to follow Clear and easy to follow but lacks professionalism Demonstration is done but there is Difficult to follow Tasks have not been demonstrated properly (difficult to follow)
Comparison /10 Clear comparison with valid justification and very easy to follow Clear comparison with some justification and easy to follow Clear comparison with little justification. Some comparison is there but there is room for improvement. The comparison is very poorly done.
Analysis /15 Clear analysis with valid justification and very easy to follow Clear analysis with some justification and easy to follow Clear analysis with little justification. Some analysis is there but there is room for improvement. The analysis is very poorly done.
Penetration test /15 Penetration test is fully performed.   Penetration test is partially performed. Not Clear Very little Not done
Grade Mark HD 16-20 DI 14-15 CR 12-13 P 10-11 Fail <10
Conclusion /10 A very powerful conclusion with full confidence. Very Good Conclusion Appearance made and good conclusion provided  Appearance made and conclusion provided. Barely appear at the end of the video.
Reference /5 Reference list is complete and has been formatted Reference list is complete and generally follows a set of formatting guidelines but there are some minor errors  Reference list is complete and generally follows a set of formatting guidelines but there are many minor errors or omissions  Reference list  is inadequate Reference list  is inadequate because of one or more of the following: It is incomplete, or contains sources not cited. References lack detail required to locate the source. Formatting is inappropriate or inconsistent. References are fabricated.