首页 > > 详细

辅导FIT 2093 Assignment 2讲解php程序

 
Monash University
 
FIT 2093 Introduction to Cyber Security 
Assignment 2: Web Hacking Challenge 
 
In this assignment, your goal is to do security testing of a mini web application to try find vulnerabilities 
in it using techniques covered in our Web security lecture, and exploit them to break the app’s security. 
You can access the web application at the following URL: 
 
http://13.54.173.115/brokenapp.php 
 
This web app give access to registered members of a `Broken App’ group to access some information 
common to the group members (provided using the PHP server script at brokenapp.php) as well as 
personal private information for each group member (via the script at brokenapp-personal.php 
on the same domain). 
 
Visit the web application URL above using your web browser. If all is well, the browser should display 
a page that looks like this: 
 
 
 
Tasks. Your task is to perform the following security tests on this web application. 
 
Part A: Personal Private Information Security Test 
 
In this part, your aim is to do security testing of the personal private information part of the web app. 
For this, you are given member 1’s password, namely: 
 
Ro4mvSemq45xfepvaEr24 
 
 
 
(1) Here, we consider an attack against member 1 by some outsider (non-member) attacker. Try 
logging in with the given member 1 password, and examining that member’s private information. 
Based on the application behavior, where on this page could there be a possible point where a 
reflected XSS vulnerability might exist? Why? Perform a test to see if an XSS vulnerability exists 
for an attack against member 1, and explain your test, its results, and conclusion on why/why not 
such a vulnerability exists and can be exploited. (1 mark) 
 
(2) Test the application against an attacker who is one of the authorized group members, in particular 
the member with ID number 1. Can that member gain unauthorized access to another member’s 
personal private data? If so, explain the vulnerability you found and how member 1 can exploit 
it, show any private member data exposed by the attack, and briefly explain how the vulnerability 
could be eliminated. In any case, explain the tests you did, the results, and your interpretation of 
them. (2 marks) 
 
 
 
Part B: Shared Group Private Information Security Test 
 
In this part, your aim is to do security testing of the shared group private information part of the web 
application, from the point of view of an outsider (non-member) attacker trying to reveal the group 
private information. Although you are not given the shared group password, you are given the php code 
for the relevant script brokenapp.php (available for download on Moodle). 
 
(3) Look at the details in the brokenapp.php PHP script available on Moodle to see how user 
input is read in from the user's browser request and how the authentication check is performed. 
You should read the PHP documentation on the PHP functions used in the script, see 
http://php.net/manual/en/ and search for the relevant functions. The shared group password, 
whose cryptographic hash is hard-coded in the script, was generated using the php function call 
password_hash(pwd, PASSWORD_DEFAULT),where pwd is the password to be hashed 
(note that the hash includes also a salt value generated at random). To help your security tests, 
you are also given a simple PHP script called password_hasher.php (the code is available 
on Moodle, it can be run by pointing your browser to http://13.54.173.115/password_hasher.php ; 
alternatively, you could run it by copying it into the web server folder /var/www/html/ of 
your FIT2093 Ubuntu-64 VM and then pointing your VM Firefox browser to 
http://localhost/password_hasher.php ). The script takes an input password from a user and 
displays its hash value (generated using the php function call above) when the user clicks the 
small button below the text box. 
 
Using the above information/tools, attempt to identify a vulnerability in brokenapp.php. If 
you found a vulnerability, explain how it can be exploited, provide any secret information 
revealed, and briefly explain how the brokenapp.php code could be modified to eliminate 
this vulnerability. In any case, explain what tests you did, the results, and your interpretation of 
them. (2 marks) 
 
 
Note: You should assume the attacker will NOT have any network eavesdropping/modification access 
(the current web application under test is running on an unencrypted http connection, but to protect 
against network eavesdropping/modification will be implemented over an encrypted https connection in 
the final production version). 
 
Submission 
 
Submit a report consisting of your answers to tasks (1), (2), (3). You may include screen shots and any 
code used to solve each part of the task. The page limit for the report is 5 pages. 
 
Upload the file in PDF format on Moodle by 11:59pm GMT, Sunday 21 June, 2020. 
 
The 5 marks full grade allocated for this assignment will be distributed among the tasks as indicated 
above. For each of those tasks, 80% of the marks will be based on correctness of the vulnerability 
identification and/or exploitation technique (as appropriate) and the remaining 20% to the written answer 
editorial quality (clarity, accuracy, style). 
 
IMPORTANT: This is an INDIVIDUAL assignment for students to complete on their own. You MUST 
NOT work with any other student (or person) on this assignment. 
 
 
联系我们
  • QQ:99515681
  • 邮箱:99515681@qq.com
  • 工作时间:8:00-21:00
  • 微信:codinghelp
热点标签

联系我们 - QQ: 99515681 微信:codinghelp
程序辅导网!