Access the Cyber Security laboratory by following the instructions in the
coursework manual file and act as an ethical hacker for a company. Note that an
ethical hacker is an expert who attacks a security system on behalf of its owners,
seeking vulnerabilities that a malicious hacker could exploit.
You are challenged to identify flaws in a potential SQL database server by breaking
its crypto components and retrieve an encrypted credit card secret code of an ecommerce company. The crypto algorithm used to encrypt the credit card secret
code is the RSA, but with weak security parameters. More information on the
scenario and the detail steps you need to follow consult the Coursework Manual
file found in MOODLE.
It is expected to document in detail your methodology and work plan to achieve
your goals. Your submitted report should have the following structure and include
the following information:
- Network discovery
In this section identify the system (e.g., IP addresses of the devices that exist in the
network, services running, OS software installed etc.) you will attack. Create a map
of the network in a diagram form with your findings.
- Breaking the system (2000-3000 words)
In this section discuss your attacking methodology. For example,
a) Perform a dictionary attack in the admin password to gain access to the SSH
server. Justify your answer. Clever solutions will earn full marks (e.g., in reallife environment your dictionary password/username files are very large.)
b) Cryptanalyze (by hand only) the encrypted email to gain useful information.
Provide details. Clever solutions will earn full marks (e.g., let’s assume you
don’t have access to online resources.). Justify your answers.
c) Brute force the admin account in the SQL server to access your database
folder. Clever solutions will earn full marks (e.g., assume the database is
d) Retrieve the credit card secret code from the accessed folder and calculate the
decryption RSA key (i.e., private key d). You will need the RSA encryption
key (i.e., public key e) and you can calculate it using Shamir’s secret sharing
scheme (more details are found in the Coursework Manual).
e) Decrypt credit card’s secret code using the SageMath tool. Clever solutions
will earn full marks (e.g., discuss in the report how would you decrypt the
code if you didn’t had access to RSA tools)