辅导案例-COMP90074: -Assignment 1
School of Computing and Information
Systems
COMP90074: Web Security
Assignment 1
Due date: No later than 11:59pm on Sunday 5th April 2020
Weight: 12.5% Marked out of 100

Grading
This assignment is worth 12.5% of the total subject score. Note the ​hurdle requirement​:
Students must obtain a minimum mark of 50% for Assignment 1 and 2 combined.

This assignment is broken down into three parts, as detailed below:
1. XSS ​→​ LocalStorage stealing (33%)
2. XSS ​→​ Scrape page ​→​ API AJAX call (33%)
3. Subdomain Takeover (GitHub Pages) ​→​ Logging ​→​ Get flag from logs (34%)

Submission
This assignment is an individual assignment, no collaboration is allowed. Plagiarism is taken
very seriously and will be dealt with in accordance with university policies. If in doubt, please
ask the lecturer.

To submit the assignment, please provide a document including identification of the
vulnerabilities, how they were exploited, how the listeners were set up, payloads used
to exploit the vulnerabilities, and any code used throughout the assignment. Also,
provide an explanation for all of the above, ensuring that we can verify your
understanding. ​Submit this document as a zip file with all code in separate files,
clearly referenced in the document. This is to be submitted via Canvas.


Part 1 (33%)
XSS → LocalStorage stealing
XYZ Corporation has engaged you as a Penetration Tester to perform a security
assessment on their website. The website is currently under development and due to some
programming mistakes, has a few security vulnerabilities.

Your task is:
1. Visit the website (​http://chall1.unimelb.life​)
2. Perform a manual Penetration Test and identify the following vulnerability:
a. XSS
3. Use the vulnerability to exploit the following:
a. LocalStorage stealing
4. Document your findings ​with full details and screenshots​ so that XYZ Corporation
can reproduce these findings. Note: It is critical that the findings are written up clearly
and in a reproducible manner. Without this write up you will receive 0 marks for this
section. If in doubt, please ask the lecturer prior to the due date.
Scope
Testing must only be performed on ​http://chall1.unimelb.life
Testing must be manual only. Manual tools may be used (Burp, Zap, etc).
No automated scanning or automated tools can be used.
No load testing, denial of service (DOS) or distributed denial of service (DDOS) attacks.

Part 2 (33%)
XSS → Scrape page → API AJAX call
XYZ Corporation has engaged you as a Penetration Tester to perform a security
assessment on their website. The website is currently under development and due to some
programming mistakes, has a few security vulnerabilities.

Your task is:
1. Visit the website (​http://chall2.unimelb.life​)
2. Perform a manual Penetration Test and identify the following vulnerabilities:
a. XSS
b. CSRF bypass
3. Use the vulnerabilities to exploit the following:
a. DOM stealing extracting the CSRF token
b. Perform the API call using the CSRF token
4. Document your findings ​with full details and screenshots​ so that XYZ Corporation
can reproduce these findings. Note: It is critical that the findings are written up clearly
and in a reproducible manner. Without this write up you will receive 0 marks for this
section. If in doubt, please ask the lecturer prior to the due date.
Scope
Testing must only be performed on ​http://chall2.unimelb.life
Testing must be manual only. Manual tools may be used (Burp, Zap, etc).
No automated scanning or automated tools can be used.
No load testing, denial of service (DOS) or distributed denial of service (DDOS) attacks.

Part 3 (34%)
Subdomain Takeover (GitHub Pages) → Logging → Get flag from
logs (34%)
XYZ Corporation has engaged you as a Penetration Tester to perform a security
assessment on their external infrastructure. The infrastructure is very old (legacy) and some
old applications have been removed. Some of the security staff may have forgotten to
remove the DNS records.

Your task is:
1. Visit the website (http://.unimelb.life, ​e.g. if your username is
hello, then the URL is hello.unimelb.life​)
2. Perform a manual Penetration Test and identify the following vulnerability:
a. Subdomain takeover
3. Use the vulnerability to log victim user’s information. This logging will occur on the
root domain, e.g. http://.unimelb.life/?flag=example
4. Document your findings ​with full details and screenshots​ so that XYZ Corporation
can reproduce these findings. Note: It is critical that the findings are written up clearly
and in a reproducible manner. Without this write up you will receive 0 marks for this
section. If in doubt, please ask the lecturer prior to the due date.
Scope
Testing must only be performed on http://.unimelb.life
Testing must be manual only. Manual tools may be used (Burp, Zap, etc).
No automated scanning or automated tools can be used.
No load testing, denial of service (DOS) or distributed denial of service (DDOS) attacks.

Note: Attacking another website outside of your own username will result in serious
penalties. Assume it is unauthorised, making it illegal.

Grading Scheme
Marks will be awarded as follows, if a student provides the required code and explanations:
XSS → LocalStorage stealing (33%)
Task / Subtask Percentage Awarded on
Full Completion
Accumulated Percentage
Identify XSS 50% 50%
Access localStorage 25% 75%
AJAX stealing localStorage 25% 100%
XSS → Scrape page → API AJAX call (33%)
Task / Subtask Percentage Awarded on
Full Completion
Accumulated Percentage
Identify XSS 25% 25%
Victim’s page scraping 10% 35%
Reliably extract CSRF token 35% 70%
Logic of AJAX to API call 15% 85%
CSRF bypass and flag
stealing
15% 100%
Subdomain Takeover (GitHub Pages) → Logging → Get flag from
logs (34%)
Task / Subtask Percentage Awarded on
Full Completion
Accumulated Percentage
Perform subdomain
takeover
60% 60%
Log victims information 30% 90%
Obtain flag from logs 10% 100%

51作业君 51作业君

Email:51zuoyejun

@gmail.com

添加客服微信: ITCSdaixie