Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
4 views6 pages

MASP Alternative Assessment

Uploaded by

EL Capitan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views6 pages

MASP Alternative Assessment

Uploaded by

EL Capitan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Malicious Software and Security Programming Final Exam Page 1 of 6

Answer ALL Questions


Answers will be awarded marks based on student’s justifications and respective criteria.

Question 1:

You are one of the members in the CERT for MASPCo. You have recently received an incident
with the following characteristics.

MASPCo CERT has just been alerts that its Apache web server, hosting http://masp.com has
been unavailable for the last 5 minutes. The web server sits behind a reverse proxy, which sits
behind a firewall. You host the infrastructure inside your own data centre. The data connection is
provided by XYZ.com. Upon checking, you found out that the web server itself is running at
100% CPU. Attempts to connect to the web server from an external connection often result in a
failure to receive any response back. You can see many, many log entries from thousands of IP
addresses in your Apache log file. A small extract is below:

10.1.8.31 – [22/Jan/2012:16:00:36 +0700] “GET /search.php?q=p4yME

HTTP/1.0” 200 2326 “hEn9rY client”

10.64.21. 1 – [22/Jan/2012:16:00:36 +0700] “GET /search.php?q=p4yME

HTTP/1.0” 200 2326 “hEn9rY client”

10.1.8.32 – [22/Jan/2012:16:00:36 +0700] “GET /search.php?q=p4yME

HTTP/1.0” 200 2326 “hEn9rY client”

10.109.10.222 – [22/Jan/2012:16:00:37 +0700] “GET /search.php?q=p4yME

HTTP/1.0” 200 2326 “hEn9rY client”

10.99.1.82 – [22/Jan/2012:16:00:37 +0700] “GET /search.php?q=p4yME

HTTP/1.0” 200 2326 “hEn9rY client”

You could see some of your internal IP addresses in the 192.168.0.0 range are also
attempting to connect to http://masp.com/search.php?q=p4yME hundreds of times per

Level 3 Asia Pacific Institute of Information Technology 2022 08


Malicious Software and Security Programming Final Exam Page 2 of 6

minutes. After some examination, you could see that these internal machines are also
connected to 10.8.2.1:6667.

MASPCo’s servers are hosted on 192.168.0.0/16, and attacking hosts are coming from “the
rest of the Internet” on 10.0.0.0/8.

Answer the following questions:

a) Analyse and identify the category of attack being received. Justify your answer.
(5 Marks)
b) Analyse and identify where the attacks are likely coming from? Justify your answer.
(5 Marks)
c) Discuss on the countermeasures that can be implemented to stop this attack in the short
term.
(10 Marks)
d) Discuss on the solutions that you would do to lower the risk from having the same
problem again.
(10 Marks)

Level 3 Asia Pacific Institute of Information Technology 2022 08


Malicious Software and Security Programming Final Exam Page 3 of 6

Question 2:
You are given the code below:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int check_authentication(char *password) {

int auth_flag = 0;
char *password_buffer;
char *dept;

password_buffer = (char *) malloc (16);


dept = (char *) malloc(10);

strcpy(password_buffer, password);

if(strcmp(password_buffer, "AsiaPacificInst") == 0){


printf("Your Department:");
gets(dept);
printf("\nUser from Department:\n");
printf(dept);
if(strcmp(dept,"NSF")==0) {
auth_flag = 1;
}
}

else if(strcmp(password_buffer, "AsiaPacificUni") == 0){


printf("Your Department:");
gets(dept);
printf("\nUser from Department:\n");
printf(dept);
if(strcmp(dept,"TM")==0) {
auth_flag = 1;

}
}
else {
auth_flag = 0;

return auth_flag;

Level 3 Asia Pacific Institute of Information Technology 2022 08


Malicious Software and Security Programming Final Exam Page 4 of 6

int main() {
char errmsg[512];
char outbuf[512];
char user[20];
char password[20];
printf("Username: ");
gets(user);

if (strcmp(user,"Adm1n") == 0){
printf("Authorised User\n");
sprintf(errmsg, "Authorised User %400s",user);
sprintf(outbuf,errmsg);
printf("Password: ");
gets(password);

if(check_authentication(password)) {

printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
printf(" Access Granted.\n");
printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
} else {
printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
printf("\nAccess Denied.\n");
printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
}
}
else {
printf("Unauthorised user!\n");
exit(0);
}
}

Perform the static and dynamic code analysis to:

a) Identify Four (4) vulnerabilities that exist in the code and discuss on the possible
attack that can be performed to the code.
(10 Marks)
b) Simulate on the attack and show detail evidence(s) on how the attack can be done
with screenshot and detail explanation.
(20 arks)
c) Amend the code to provide solution in preventing the attack that being simulated
in b) and explain in detail the solution(s) provided.
(10 Marks)

Level 3 Asia Pacific Institute of Information Technology 2022 08


Malicious Software and Security Programming Final Exam Page 5 of 6

Question 3:
You are given three (3) different codes as below. Analyse each piece of the codes given and
explain what the bad and good implementation in the codes are if any. The explanation may
include the vulnerability of the code, good coding implementation in preventing certain kind of
attacks and any discussion that relevant to secure coding.
(30 marks)
CODE 1:

CODE 2:

Level 3 Asia Pacific Institute of Information Technology 2022 08


Malicious Software and Security Programming Final Exam Page 6 of 6

CODE 3:

(Total: 100 marks)

Level 3 Asia Pacific Institute of Information Technology 2022 08

You might also like