Ethical Hacking and Defence (CSI6204)
Portfolio Assessment 2: Develop Program for Port Scanner and Password Cracker
Weighting:15% (marked out of 30 marks, averaged to 15 marks) of the final mark of the unit
Due Date:Monday, 21st September 2020, 1400 AWST
Word count:Not applicable. You should not submit an ECU cover sheet with the assignment.
Before you read the assignment instructions, please complete the following activities available on Blackboard under Assessment:
- Watch the academic integrity video from the Associate Dean Teaching and Learning (ADTL), School of Science.
- Read the academic integrity requirement for commencing students.
- Carefully read the ‘Academic Integrity Tick-Before-Submit Checklist’ to ensure you are fully aware of your responsibilities. Remember to complete this before you submit your final attempt. This checklist is also available towards the end of this document.
- Read the academic integrity document related to this unit.
- Review the ‘Exemplar Assignment’. This exemplar should enable you to better understand how a report could be structured. Note: you cannot use any of the written content from the exemplar. Your final submission/work should be your own incorporating your own perspective and creative aspect. Copying content and ideas from the exemplar would be considered academic misconduct and would lead to a serious penalty. This is further elaborated on Blackboard under the Assignment Exemplar link.
- Read and ensure you understand the rubrics available under ‘My Grades’ on Blackboard (also available at the end of this document). In particular, note the first criterion related to ‘Originality and Student Voice (Academic Integrity)’. Please be aware that scoring low in this criterion may also affect your marks in other criteria of the rubrics and possibly result in a report for Academic Misconduct.
Programming is an essential skill for an ethical hacker or a pen-tester; therefore, having an understanding of this skill is considered an advantage. The aim of this portfolio assessment, along with the relevant lecture/reading materials, is to provide students with the skills that enable them to understand different programs/utilities, and to find vulnerabilities in order to rectify them before an unethical hacker can take advantage of such loopholes.
The assessment will enable you to achieve Unit Learning Outcome (ULO) 1 and the Course Learning Outcome (CLO) 2.
Task: You are required to write two simple custom-built programs/scripts: one for a ‘Port Scanner’ and the other for a ‘Password Cracker’. To undertake this task, you will be provided with pseudocodes for both programs/scripts at the start of the semester. Note the following essential requirements/important information:
- The port scanner must be written for and run against the given Pen-Testing Investigation machine. The output of your port scanner can be compared to the output of ‘nmap’.
- The password cracker must be written and executed against the ‘shadow’ file of the given Pen-Testing Investigation machine. This file will be made available by Week 5 of the semester. You will be required to understand the concept of wordlists, such as ‘RockYou’ and ‘darkc0de’. However, while executing the program, you are allowed to create a subset of the wordlist file containing a maximum of 200 entries.
- Students are free to use programming language and a platform of their choice; however, Python is recommended for those who are new to programming.
- Students must provide instructions for compiling and executing both scripts as per the chosen programming language and platform.
- In addition to pseudocodes, related readings and lecture materials should be sufficient for students to complete this portfolio assessment.
- You must make use of comments in your source code. If you have taken help from any online source or a book, you must acknowledge that in your comments.
- Support from your tutor/lecturer will only be available on the Kali Linux platform and coding in Python programming language.
Note: The entirety of the Port Scanner can be written in less than 15 lines, and the Password Cracker in less than 25 lines (although implementing optional additions may result in a program longer than this).
You are required to provide the following for this portfolio assessment in a report format as follows:
- A PDF document that includes the following sections:
- Title Page
- Introduction to the assignment stating the requirements, platform and language chosen.
- Source Code including ‘comments’. Please note that the ‘comments’ should be in a different colour to the actual source code, preferably green. Do not include screenshots of your source code in the report.
- Instructions for source code compilation and execution. You must provide exact commands to execute the code. Clearly state command-line parameters/prompts/arguments and be very specific about the dependencies if any.
- Output (screenshots) of the program after the execution (when tested against the given Pen-Testing Investigation machine and the shadow file).
- Reference lists – you must acknowledge the sources used to develop both the programs as per APA 7th edition requirements.
- Separate files for:
- port scanner source code,
- password cracker source code, and
- custom-built wordlist used for the password cracker.
- Overall, you are required to submit separately (non-adherence to this may result in zero marks):
- One PDF file
- One .zip file containing port scanner source code, password cracker source code, custom-built wordlist used for executing/testing the password cracker.
- The ECU Assignment Cover Sheet must not be included with the PDF document. You must include your name and student number on top of both the source codes using comments. You should make sure that your work complies with ‘Academic Integrity Tick-Before-Submit Checklist’.
- Start early and plan ahead.
- Carefully read the marking rubric. You should consider the descriptors as you will be evaluated against them. If in doubt about any of these, you should ask your lecturer or tutor before the submission.
- The report must use an appropriate structure with clear, concise headings, and ideas must flow logically.
- The style of writing should be appropriate for the purpose and the audience, including third- person objective voice i.e. avoid the use of first-person (‘I’, ‘my’, ‘we’) and second (‘you’) person.
- Appropriate discipline-specific terminology and vocabulary must be used in the report.
- Sentence structure, spelling, punctuation and grammar should be correct for the report.
You may be able to find developed programs/scripts from various sources; however, you should not rely or use such programs/scripts. Follow the given pseudocodes and produce work that is your own.
You should make sure that your work complies with ‘Academic Integrity Tick-Before-Submit Checklist’.
Common Observations in the submissions from previous semester:
The following pointers are presented to make you aware of the common mistakes that students have made in the previous semesters. You should read and understand all of them to avoid them in your submissions:
- Some students did not follow the submission instructions given in the assessment brief resulting in significant loss of marks.
- Source code did not run due to syntax errors resulting in loss of significant marks. Some consideration was given by looking at the functionality of the code, but marks were significantly affected.
- Code appeared to be partially written, causing errors when trying to run.
- Most of the core requirements of the program were incomplete/missing/not working.
- No code was submitted.
- No comments were written in the source code.
- Meaningful variable names wherever possible were not used. Overly generic, or overly short names made it difficult to understand the variable's purpose.
- The submissions contained significant amounts of unreferenced code from Internet sources/books or was almost identical to the submissions of other students. These issues constituted plagiarism and collusion, and hence 0 marks were awarded and the process for breach of academic misconduct was initiated.
- The submissions lacked correct in-text and end-text formatting, according to APA 7th edition conventions. It was evident that students have not used EndNote or any other referencing software. While this was not the a mandatory requirement, using a referencing software saves ample amounts of time and allows you to focus on your core work.