Te Aromatawai Tuarua - Assignment 2

Due: 23:59 Friday 8 October 2021 (late days apply)

This assignment consists of three separate parts. Part 1 is for you to setup your virtual machine on AWS. Part 2 focuses on a classic buffer overflow. Finally, part 3 focuses on cross-site scripting.

Overall this assignment should take about 20 hours. It does not require much programming although the challenge is to understand what is going on and learning the framework.

Technical details related to these parts will be covered in the lectures so check out the relevant lecture notes (lectures notes in week 7 (already online) and lectures notes in week 10 (to be published later)). These lectures are really important to understand what is happening.

Part 1 - Setup your virtual machine

This is worth 10% of the overall grade.

Follow these instructions (getting-started.pdf) and submit a PDF report called instance.pdf that contains a screenshot of your EC2 console showing the running instance.

Once setup you can use github to download the files you will be working for the assignment (the following command must be executed in your EC2 instance).

git clone https://github.com/ianwelch/cybr271-public.git

Part 2 - Buffer overflow attack

This is worth 45% of the overall grade.

Follow these instructions (buffer-overflow-attack.pdf) and submit a report as a PDF report called buffer-overflow.pdf that answers the 16 questions in the assignment description.

Part 3 - Cross Site Scripting (XSS) attack

This is worth 45% of the overall grade.

When doing this part please create another Virtual Machine from an AMI with this ID ami-01184eabe2de86a55.

Follow these instructions (xss.pdf) and submit a report as a PDF report called xss.pdf that answers the 10 questions in the assignment description.

Getting help

You can seek help on this assignment from our tutors during a helpdesk session (from week 8 to week 12). More information about the helpdesk schedule can be found in here (https://ecs.wgtn.ac.nz/Courses/CYBR271_2021T2/HelpdeskSchedule).

You can also email Aaron (aaron.chen@ecs.vuw.ac.nz) for help.