3809ICT辅导 、Python/Java程序讲解
3809ICT Assignment Specification
Due Time: 23:59, 31th May 2024
Weighting: 50% (Report 40%, Reflection/Peer-Review 10%)
This assignment is worth 50% of the total assessment for the course. It is designed
for a group of four students. The group enrolment has been completed, and no
further group changes should be made in principle.
This assignment aims to gain knowledge and understanding of penetration testing
through research and practical experience. This understanding will be
demonstrated by submitting a formal technical report of a penetration test.
You are also required to peer-assess your final submission and reflect on your
assignment and how each group member has contributed to the final submission.
This allows you to reflect on what you and your team members have learned from
this assignment and what you need to enhance your knowledge and skills in
security and penetration testing. Each group member should be awarded a mark
out of 10 for peer assessment. This will be submitted as a separate assignment.
All group members shall receive the same marks unless in the situation that some
group members had a significantly low contribution to the final report. Your
group is encouraged to keep a working log and all your communication history in
case of a dispute on the peer assessment. Support information for working in
groups can be found here.
Task
The main task is to conduct a penetration test of a network. You will be required
to write a report of your penetration test results. The assignment network will
contain several host machines, and there will be flags (text strings) that you will
need to identify on the machines. Each flag starts with the characters FLG24. For
each flag you locate, you should write up the process you used to access and find
the flag. There are 15 or more flags that are not necessarily evenly distributed on
the targets. The assignment theme is based on the game Elden Ring. And all flag
strings are related to it.
Instructions for Connecting to the Kali VM on MS Azure
You should have gotten an email that asks you to register for the MS Azure lab.
Click the blue button in the email, and you will be taken to a webpage.
Start running the cloud service (1), and then click the “network” button (2). Note
that step 1 may take a while. After clicking the “network” button, your browser
will download a connection file onto your computer.
Install Microsoft Remote Desktop (Google it) if you haven’t done it.
Double click the above connection file, and you will be presented with a log in
window like below.
The password for undergraduate students is #Griffith3809ICT
Enter the password and click “Continue”, and you will log in to a Windows VM,
like below.
Open the Remote Desktop application on the Windows VM (not on your
computer).
In the connection window, enter the IP address 192.168.10.1, which connects to
the Kali VM.
Enter the IP address and click “Connect”, and then you will see a warning
window.
Click Yes, and then you should see the Kali login screen.
The username for Kali is kali, and the password is kali (Same as your Cyber
Range setup). Once logged in, you should see the familiar Kali OS.
The gateway 192.169.10.1 connects to the Internet.
For undergraduate students, the gateway 192.168.11.0/24 is for the assignment
network.
Submission
Please submit your assignment via the Canvas course site's 3809ICT/7809ICT
Assignment Submission point under the Assessment Overview link. A separate
link is also available to upload the peer review forms. The quality of the
presentation of a formal technical report is as important as the quality of the
technical content of the report in the profession.
The submission involves two documents:
• Each group leader should submit a group report via the “3809ICT/7809ICT
Assignment Submission” link. (Please note that only the group leader
needs to submit this report. Please avoid submissions from other
group members.)
• Every student should submit a reflection/peer-review document on the
Peer-Review Form Submission link. (Ensure you submit the correct
assessment items to the corresponding submission links).
Your assignment will be assessed on: 1. The text of both documents should be in 12-point Times New Roman or 11-
point Arial font or something equivalent and in single-line spacing.
2. Page size is A4 with 2cm in margins on all sides.
3. The body text of your group report should be at most 10 pages long,
excluding appendices.
4. The group report is suggested to be organised with a cover page, executive
summary within one page, declaration of contributions of each of your
group members (within one page), table of contents, body text, and
appendices. The presentation and format of your report are worth 2
marks.
5. The body text consists of your overall analysis (open ports, associated
services, operating system) of each host and network map of the network
(4 marks), a description of how each flag was found and obtained (30
marks, 2 marks per flag), and recommendations on how to protect the
network against the attacks (4 marks).
6. The peer-review document should include your group members'
contributions from your point of view. You should give each of the group
members a mark out of 10. Your self-review is worth 3 marks, and the
reviews you get are worth 7 marks.
Academic Integrity
Violation of academic integrity is not acceptable, and the university’s academic
integrity policies and procedures apply. If potential academic misconduct were
identified, the course convenor would investigate through oral exams on the
assignment work to all group members. Academic misconduct (e.g., purchasing a
report or directly copying from the Internet with no proper reference) will result
in a reduced mark in this assessment item.
Individual Assignment Extension
The extension may be given to individuals on the grounds considered by the
University policy. The group should submit the assignment report and peerreview
forms by the deadline, clearly indicating the missing content to be done by
the extension requester. After the missing part is submitted, the two parts of the
assignment report will be marked together.