In-course Assignment Information Sheet

Ethical Hacking (CE01099-5)

Intakes: APT2F1811CYB / APT2F1811FRC
Date Assigend: 17 - June - 2019
Date Due: 30 – August – 2019
Presentation: 26 – August – 2019
Lecturer: Dr. Mohamed Shabbir Hamza Abdulnabi

Assignment Overview
This assignment will contribute 50% towards the incoure marks and consists of one
individual task and one group task as follows:

Section A:
This section is an individual research on latest techniques on ethical hacking and
penteration testing and carries 60% of total assessment marks. Each student should select a unique
title in related domains such as:

1. FootPrinting and Reconnaissance

2. Computer and Network Scanning (Nmap Scripting is preferred)
3. System Enumeration and Hacking
4. Computer and Mobile Malwares (Frameworks to create undetectable viruses is preferred )
5. Social Engineering (Credential Harvester Attack Method in SEToolkit is not accepted)
6. Denial of Service
7. Hacking Mobile Devices (Android platform is preferred)
8. WEB application breaches and attacks (Is highly recommended!)
9. Wireless Hacking (WEP and WPA Cracking is not accepted!)
10. Any other relevant domains!

Each student is requeired to conduct a research and provide a report on any recent technique, tool
or framework that may used by ethical hackers in any of afformentioed domains. The report must
be typed with Times New Roman font and size 12 with maximum length of 3000 words (excluding
diagrams, appendixes and references) in different subsections as follows:
 1. Introduction to the technique/tool/framework that you have selected
2. Create scenario to explain the attack nature if its needed.
3. Impact of the selected technique/tool/framework on the security
4. General functionality of selected technique/tool/framework
5. Step by step tutorial on how to use technique/tool/framework
6. Critical analysis of technique/tool/framework and any countermeasure if applicable.

WARNING: DO NOT try the aforementioned tools or techniques on real systems! You should
test and create your tutorials by using Isolated/Testbed environments such as VMWare,
Metasploitable, DVWA, and etc.)

Section B:
This section is Group task focuses on vulnerability assessment and carries 40% of total
marks. Vulnerability scanning identifies vulnerabilities and weaknesses of a system and network
in order to determine how a system can be exploited. The students provided with a Windows and
Linux OS in a virtual machine format. Each group must use proper scanning tool and
methodologies to locate and remediate vulnerabilities in the given operating systems. In addition
it is required to provide detailed reports as follows:

*Windows Machine:
1- List of discovered vulnerabilities and findings
2- Select six top vulnerabilities and briefly explain them.
3- Select one of the vulnerabilities and explain in details.
4- Use any exploit or technique to hack into the target by using selected vulnerability.
Patch the vulnerability and countermeasure the attack.

*Linux Machine:
1- Linux IP Address. Describe the tool used for identifying the IP Address.
2- List of Open Port(s).
3- List of vulnerabilities (OS or Web Application).
4- Select one of the critical vulnerabilities and explain in detail.
5- Use any exploit or technique to hack into the target by using selected vulnerability.
6- Escalate the user privilege to root.
(Hint: Remember how important the robots.txt is.)
Guidelines for the Report
Document the results of your work in a professional and systematic manner, in the form of a
computerized report. One (1) softcopy and hardcopy of your documentation is to be submitted.

Your completed documentation should meet the following requirements:

1. Table of contents for every detailed chapter/section.

2. Introduction
3. Section A: Title
4. Section B: Title
5. Individual 1: Title
6. Individual 2: Title
7. Conclusion
8. References
9. Appendices
10. Workload matrix.

Submission requirements

1. A CD containing an electronic version of the document.

2. Your report must be typed using Microsoft Word with Times New Roman font. You need use
to include a word count at the end of the report (excluding title, source code of program &
contents pages) Report should be in 1.5 spaces.

3. The report has to be well presented and should be typed. Submission of reports that are
unprofessional in its outlook (dirty, disorganized, inconsistent look, varying colored paper and
size) will not fair well when marks are allocated.

4. Ensure that the report is printed on standard A4 (210 X 297 mm) sized paper. Paper weight of
80 grams and above is highly recommended.

5. The report should have a one (1”) margin all around the page as illustrated below:
 1 inch 1 inch

1 inch

1 inch
The Typed Text

1 inch

1 inch
1 inch 1 inch

6. Every report must have a front cover. A transparent plastic sheet can be placed in front of the
report to protect the front cover. The front cover should have the following details:-

a) Name
b) Intake code.
c) Subject.
d) Project Title.
e) Date Assigned (the date the report was handed out).
f) Date Completed (the date the report is due to be handed in).

7. All information, figures and diagrams obtained from external sources must be referenced using
the Harvard referencing system accordingly.
8. Marking Scheme
Student Name
Section A
Introduction to the selected category (5)

Nobility (15)

Impact (5)
Functionality (10)
Critical Analysis (15)
Presentation (10)
Total Marks (out of 60)

Section B
Windows Machine
List of discovered vulnerabilities and findings (2)
Select six top vulnerabilities and briefly explain them (2)
Select one of the vulnerabilities and explain in details (6)
Use any exploit or technique to hack into the target by
using selected vulnerability. Patch the vulnerability and
countermeasure the attack. (10)
Linux Machine
Linux IP Address (2)
List of Open Port (2)
List of vulnerabilities (OS or Web Application) (2)
Select one of the critical vulnerabilities and explain in
detail (4)
Use any exploit or technique to hack into the target by
using selected vulnerability (5)
Escalate the user privilege to root (5)
Total Marks (out of 40)

Total mark (100)

 0~30
Nobility No new or existing skills
developed or not much on
the way of totally new
learning undertaken
Impact Provides limited discussion
on the impact of selecting
techniques
Functionality No functionality or very
poor development.
Critical Analysis No Critical Analysis or a
weak analysis with no
detail provided.
Presentation No Presentation or a weak
presentation with poor
flow.
Referencing No citation or old citation
provided
31~70 71~100
Some Skills developed The student has shown a
either existing or totally high level of development
new but in basic to related to the selected
moderate level. topic.
Good discussion on the The students has covered
selected topic covers some most of the impacts of
impacts on real systems selected techniques with
justifications
Satisfactory design and excellent design and
implementation presented implementation
by student conducted by students
Suitable critical analysis Detailed critical analysis
given which addresses the covering the assignment
most areas of assignment. and process
Satisfactory presentation The student has
conducted by student conducted and excellent
presentation
Source are current and All citations are
relevant referenced and all
references are cited