Python CMD and IP address
Description
Unformatted Attachment Preview
CSCI 4621/5621 INTRO TO CYBER SECURITY
Lab Assignment 3: Webshell client
Due: Dec 2, 11:59pm
Goal
The purpose of this lab is to create a couple of simple scripting tools that automate access to a known
vulnerable target.
Part 1: webshell client [50pt]
The target VM template is 4621-web4pt1; you may choose to work on a local VM using the
VM/web_for_pentester_i386.iso image from the class repo.
Specifically, you are targeting one of code injection examples (presumably Example 1 as the easiest).
As demonstrated in class, we have full remote shell execution, but the interface is clunky and not suitable
for scripting and automation.
CSCI 4621/5621 Fall 2022
1/3
Task 1
reate an interactive shell client named lab3sh that allows normal remote shell similar to what you
get from bash.
t should take one command parameter 4he IP address of the Web for Pentesters I VM and should
provide a REPL (Read-Eval-Print Loop)
xample interaction:
bash>./lab3sh 10.1.2.3
lab3sh> whoami
www-data
lab3sh> pwd
/var/www/codeexec
lab3sh> cat /etc/passwd
art 2: sqli client [50pt]
The target VM template is 4621-web4pt1; specifically, you are targeting one of SQL injection examples
(presumably Example 1 as the easiest).
As demonstrated in class, we have full SQL injection compromise, but we aim for something suitable for
scripting and automation.
CSCI 4621/5621 Fall 2022
2/3
Task 2
Create an interactive shell client (REPL) named lab3sqli that takes the IP address of the target as its
single parameter and supports the following commands:
¤bs ? list databases
´ables ? list tables for given DB
£olumns ? list columns for given DB and table
¤ump ? dump table content
Part 3 (bonus/graduate): [25pt] 4his part is
optional for 4621 students and provides up to 25% extra credit
mandatory for 5621 students.
Task 3
Add the
download
upload
commands to your Part 1 (or Part 2) implementation, which allow you to download/upload files.
Deliverable
he main deliverables of your work are your code/scripts and a (brief) report explaining your
approach.
ython is the recommended implementation language, although other mainstream languages are
also acceptable
his is a tool development exercise, so your audience for the report is technical, a fellow pentester,
for example. Make sure you document example runs of your tools.
Evaluation
You may work on this assignment either individually, or in groups of two. In the latter case, make sure
that you:
clearly state the group membership in the front page of your report; and
submit the (same) report via Moodle on behalf of each member.
You may consult all available on-/off-line resources, but you may not actively solicit help; e.g., you can
read a discussion on Stack Overflow, but you may not post a question related to the assignment.
Submission
Place your entire submission in a single zip archive and submit via Moodle
Grading
20% of final grade
CSCI 4621/5621 Fall 2022
3/3
Purchase answer to see full
attachment
Lab Assignment 3: Webshell client
Due: Dec 2, 11:59pm
Goal
The purpose of this lab is to create a couple of simple scripting tools that automate access to a known
vulnerable target.
Part 1: webshell client [50pt]
The target VM template is 4621-web4pt1; you may choose to work on a local VM using the
VM/web_for_pentester_i386.iso image from the class repo.
Specifically, you are targeting one of code injection examples (presumably Example 1 as the easiest).
As demonstrated in class, we have full remote shell execution, but the interface is clunky and not suitable
for scripting and automation.
CSCI 4621/5621 Fall 2022
1/3
Task 1
reate an interactive shell client named lab3sh that allows normal remote shell similar to what you
get from bash.
t should take one command parameter 4he IP address of the Web for Pentesters I VM and should
provide a REPL (Read-Eval-Print Loop)
xample interaction:
bash>./lab3sh 10.1.2.3
lab3sh> whoami
www-data
lab3sh> pwd
/var/www/codeexec
lab3sh> cat /etc/passwd
art 2: sqli client [50pt]
The target VM template is 4621-web4pt1; specifically, you are targeting one of SQL injection examples
(presumably Example 1 as the easiest).
As demonstrated in class, we have full SQL injection compromise, but we aim for something suitable for
scripting and automation.
CSCI 4621/5621 Fall 2022
2/3
Task 2
Create an interactive shell client (REPL) named lab3sqli that takes the IP address of the target as its
single parameter and supports the following commands:
¤bs ? list databases
´ables ? list tables for given DB
£olumns ? list columns for given DB and table
¤ump ? dump table content
Part 3 (bonus/graduate): [25pt] 4his part is
optional for 4621 students and provides up to 25% extra credit
mandatory for 5621 students.
Task 3
Add the
download
upload
commands to your Part 1 (or Part 2) implementation, which allow you to download/upload files.
Deliverable
he main deliverables of your work are your code/scripts and a (brief) report explaining your
approach.
ython is the recommended implementation language, although other mainstream languages are
also acceptable
his is a tool development exercise, so your audience for the report is technical, a fellow pentester,
for example. Make sure you document example runs of your tools.
Evaluation
You may work on this assignment either individually, or in groups of two. In the latter case, make sure
that you:
clearly state the group membership in the front page of your report; and
submit the (same) report via Moodle on behalf of each member.
You may consult all available on-/off-line resources, but you may not actively solicit help; e.g., you can
read a discussion on Stack Overflow, but you may not post a question related to the assignment.
Submission
Place your entire submission in a single zip archive and submit via Moodle
Grading
20% of final grade
CSCI 4621/5621 Fall 2022
3/3
Purchase answer to see full
attachment
Explanation & Answer:
Worksheet
User generated content is uploaded by users for the purposes of learning and should be used following our honor code & terms of service.
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."
Complete the 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.