Exploiting a Vulnerable Web Application

User Generated

fcureb

Computer Science

Description

Please do lab Exploiting a Vulnerable Web Application, follow the instruction.

Unformatted Attachment Preview

Cover Page Title: Using Public Key Encryption to Secure Messages Laboratory Number: 1 Team Number: 5 Team Member Names: Team Member 1: Joshua Comia (Overall Grade: 72.5) Team Member 2: Yi Liu (Overall Grade: 72.5) Team Member 3: Bisheng Zeng (Overall Grade: 72.5) Instructor’s Name: Dr. Anthony Joseph Date(s) of Experiment: September 25, 2021 Date of Laboratory Report Submission: September 28, 2021 Grades: Lab Report Grade: 70 Comment: There was no evidence of actionable lab results shown. Lab Experiment Grade: Joshua Comia: 75 Comment: There is no evidence of lab results as would be shown in number and quality of screenshots. Yi Liu: 75 Comment: There is no evidence of lab results as would be shown in number and quality of screenshots. Bisheng Zeng: 75 Comment: There is no evidence of lab results as would be shown in number and quality of screenshots. Note: Please refer to the comments in each section below. 1. Abstract This experiment is mainly using PKI to generate a certificate for a student and administrator and using PKI to encrypt and decrypt a file. Administrator account obtained files sent from student accounts on different operating systems by decrypting them. Afterwards, three other student accounts were "cascaded" to obtain and send passwords to the next student account in a cascading manner. The decrypted form makes the transfer of files to and from each other more private and at the same time more protected. The cascading "password break-in type" makes the transfer of files between multiple people more secure. 2. Introduction Encryption is a technique for protecting data and communication channels from hackers. Encryption is the process of encoding a message to protect it from being seen by hackers. This experiment protects data and sensitive information by using encryption. Data protection is essential for companies and organizations. Encryption is used as part of a layered security architecture in an organization's network. Experiment with Kleopatra to generate public and private keys and act as a certificate authority. This experiment uses Public Key Encryption. Public key encryption uses an asymmetric encryption algorithm that requires two keys - a public key that is distributed to others and a private key that must be kept secret and will not be shared. There is a public key infrastructure (PKI) that allows people to obtain these keys from a trusted organization called a certificate authority. One of the applications of Public Key Cryptography Infrastructure is to encrypt messages sent from person to person. Protecting communications is used to provide confidentiality. Meanwhile, experiments also use Digital Signature. Digital signature is one application of the Public Key Encryption to authenticate the sender. Public key Commented [T1]: INTRODUCTION: SHOULD - Set the background to the question, using the literature (Why is it interesting / important?) - State the question, hypotheses and predictions. (What are you investigating?) - Briefly state what the study does (What is in this paper?) SHOULD Include: - Statement of the hypothesis (an idea or concept that can be tested by experimentation). You need to verify it throughout the lab and conclude by refuting or confirming it. - An explanation of the different techniques and why they are used. - A statement of the objectives - what you hope to achieve. Should ANSWER the questions: - What was the purpose or objective of the lab? - Why was the lab conducted in a particular manner? - Why was the lab important in a broader context? Commented [T2]: Both the sentences have same meaning. encryption and digital signatures satisfy two of three objectives of CIA: confidentiality and integrity The experiment will generate student and administrator certificates on the Windows client, export them, and then import them into Windows for encryption/decryption. The experiment will use Opera (free email client software) mail to send the messages. 3. Theory Public key cryptography, also called asymmetric (key) cryptography, belongs to the secondary discipline of network security under communication technology, refers to the encryption method consisting of a corresponding pair of unique keys (i.e., public key and private key). It solves the problem of key distribution and management, and is the core of commercial cryptography. Non-stacked encryption is a pair of encryption key and decryption key, which are mathematically related, and the information obtained after encrypting with a certain user's key can only be decrypted with that user's decryption key. If one of them is known, it does not compute the other one. Therefore, if one of the pair of keys is made public, it does not jeopardize the secret nature of the other one. The public key is called the public key; the non-public key is the private key. Kleopatra is a certificate manager and GUI for GnuPG. The software stores your OpenPGP certificates and keys. It is available for Windows and Linux. PGP is a cryptographic method that lets people communicate privately online. When you send a message using PGP, the message is converted into unreadable ciphertext on your device before it passes over the Internet. Only the recipient has the key to convert the text back into the readable message on their device. Social Engineering Toolkit: Tools that can be used by an attacker to exploit victims Commented [T3]: The statement of hypothesis is missing. You should include Statement of the hypothesis and verify it throughout the lab and conclude by refuting or confirming it. Refer to the above “Introduction” formatting guidelines. Certificate: An electronic document used to authenticate ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate. Opera: A free browser and e-mail client. Commented [T4]: The theory should be in a narrative form and not just defining every term. It should include all theoretical relationships that will be used to interpret your results in later sections. 4. Methods and Materials Basically, the purpose is just to establish the context of the experiment and state, for reference, the relations you will be using in analyzing your data. For this experiment, the use of a computer with Google Chrome (preferably) was required to simulate a Windows 10 and Windows Server virtual machine. Inside Windows 10, the software Kleopatra was used to create a certificate for a “student” user with the email address “student@campus.edu” with a resulting unique ID and fingerprint for said user. This certificate used a specific passphrase to be created/accessed. The certificate/public key was saved as a file and emailed to “administrator@campus.edu” using Opera Mail. Next, the person performing the experiment accessed the “administrator” user in Windows Server to open the email that was previously sent. The student’s public key was then saved onto Windows Server. Afterwards, Kleopatra was utilized again to create a certificate for the “administrator” user with the email “administrator@campus.edu”, and the student’s saved certificate/public key was imported into the software. Still within Windows Server, the performer of the experiment created a text file that said, “The Secret is that I like Green Eggs and Ham.” This text file was encrypted for both the “student” and “administrator” using their certificates. The encrypted file was then sent from the administrator to the student’s email address. After this was done, the experiment performer switched over to Windows 10 to open the email under the “student” account. The encrypted file within the email was saved onto the desktop and decrypted using the student’s passphrase which resulted in the file being able to read normally. Figure 1: These are the virtual machines for Windows Server and Windows 10. Figure 2: The software Kleopatra was used to create the certificates/public keys of the “student” and “administrator” in the experiment. Figure 3: The software Opera Mail was used to exchanges emails that contained the “student” public key and encrypted file between the “student” and “administrator”. Commented [T5]: RESULTS: Figure 4: The text file that was encrypted in this experiment contained this message which would later be decrypted. 5. Results and Uncertainties The results of the experiment came back as expected. The text file was able to be decrypted and read normally on the student’s end. There were no abnormalities or uncertainties in this experiment. In the results you are aiming to provide a clear account of the material factual findings of the investigation, using a combination of text, summarized data, and screenshots. No result should just be presented just as a screenshot with no corresponding statement in the text, you need to lead the reader through the information, bringing out the important features. SHOULD Include: - Pictures and screenshots - Tables and graphs whenever practical. - Brief statements (written in past) of the results in the text (without repeating the data in the graphs and tables) - Refer to each picture, graph or table, parenthetically e.g. (Figure 1) SHOULD NOT Include: - Discussion of the meaning or implications of the results. Commented [T6]: This is too short. Where is the data in the form of screenshots? It’s unclear what you have done since it’s not shown. Screenshots and corresponding statement with the text are missing. Refer to the above “Results” formatting guidelines. Commented [T7]: ANALYSIS OF RESULTS/DISCUSSION: The function of the discussion is to consider the meaning of the results and the light they throw on the original question; to assess the results in the context of other studies; and, if appropriate, to consider the limitations of the work and future directions for study. Figure 5: This is confirmation that the text file was able to be decrypted successfully. 6. Analysis of Results/Discussion In the experiment, we chose Google Chrome due to its performance and interface. Windows Server and Windows 10 converted the computer to virtual, allowing us to run an operating system in an app window on our desktop as an entirely different computer. - It is common, and usually helpful, to start the discussion with a short paragraph, or so, summarizing the results. - Consider that whether the results support the hypothesis or suggest it requires modification or rejection. - Discuss the limitations of the study and the appropriate direction for further work - but these may not be required and if they are appropriate, they should be brief and to the point YOU SHOULD - State your interpretation of your findings, comparing or contrasting them with the literature. Reflect on your actual data and observations. - Answer the question "What do the results mean?" - It is an argument based on the YOUR results We installed the Kleopatra software and used it to generate the “student” certificate as “student@campus.edu” email with a resulting unique ID and fingerprint for the user and the “administrator” with the email “administrator@campus.edu.” The certificate/public key for the “student” was imported into Kleopatra software to create the “student” and “administrator” certificates/public keys. The PCK cryptosystem generated paired keys, the public key, and the private key. Cryptography structure grouped the public key to the “student” and a digital document generated and issued a certificate authority (trusted third party). Opera mail transferred emails that contained the “student” public key and encrypted file between the “student” and “administrator. The PKI using two different cryptographic keys performed encryption directly through the generated keys. Kleopatra downloaded the encrypted file and decrypted using the certificate authority. The software protects the data from unauthorized access using a private key that is not shared. The message “The Secret is that I like Green Eggs and Ham” was successfully decrypted and read normally from Windows Server to “student” and administrator securely. Commented [T8]: It’s unclear what the discussion is about because there is no data as would be shown in the screenshots. You must explain the results. Refer to the above “Analysis of Results/Discussion” formatting guidelines. 7. Conclusion Commented [T9]: CONCLUSION Formatting guidelines In conclusion, it was clear that the PKI performs encryption directly through the keys that YOU SHOULD - Sum up your argument for the lab. - Relate back to the Introduction. it generates. Working towards an increasingly automated information society, Cryptography will continue to grow as an essential security mechanism. Data security and sharing applications need improvement for data security and access control. The PKI-generated certificates ensure secure authentication in matters of digital data transfer and security systems. SHOULD - Only consist of a few sentences - Reiterate the findings of your lab. 8. Acknowledgments/if applicable Bisheng Zeng was responsible for the (1) Abstract, (2) Introduction, and (3) Theory. Joshua Comia was responsible for the (4) Methods and Materials and (5) Results and Uncertainties. Yi Liu was responsible for the (6) Analysis of Results/Discussion, (7) Conclusion, and (8) Acknowledgements. Commented [T10]: Include “References” section at the end and specify the references you have used to write the lab report. Title: Securing Data with Encryption to Secure Messages Laboratory Number: 2 Team Number: 5 Team Member Names: Team Member 1: Joshua Comia (Overall Grade: 80) Team Member 2: Yi Liu (Overall Grade: 80) Team Member 3: Bisheng Zeng (Overall Grade: 80) Instructor’s Name: Dr. Anthony Joseph Date of Laboratory Report Submission: October 7, 2021 Grades: Lab Report Grade: 80 Lab Experiment Grade: Joshua Comia: 80 Yi Liu: 80 Bisheng Zeng: 80 Note: Please refer to the comments in each section below. 1. Abstract The experiment was to learn how to secure data with encryption using Secure Shell and public-key encryption. The experiment uses SSH to the x tunnel protocol, creating SSH tunnel and use GNU Privacy Guard to encrypt data. Two protocols are used for remote administration of a server which is Telnet and SSH. SSH is the preferred protocol since it encrypts the communication between two systems which is not the case with Telnet. The secure connections are created by SSH by launching the virtual machine logging in and opening the terminal. To successfully encrypt the data, several ssh commands are used to create a host connection and the password to verify the connections. SSH can encapsulate all the other insecure protocols for them to securely travel inside the packets. SSH is used in the tunnel X protocol. Fedora workstation is used where the tunneling of the X protocol is done inside the SSH protocol. Nautilus command is executed in the background and the X protocol is being tunnelled back to the CentOS Server. -X option is used for the nautilus program to work. Part 3 of the experiment was to create an SSH tunnel to forward insecure protocol SMTP. An Ubuntu server is used where telnet command is used to verify that it cannot connect to the host Commented [T1]: INTRODUCTION: and ssh command is used to forward from the remote system port to the local system port. This SHOULD - Set the background to the question, using the literature (Why is it interesting / important?) - State the question, hypotheses and predictions. (What are you investigating?) - Briefly state what the study does (What is in this paper?) tunnelling type is referred to as port forwarding. -R is used to create a reverse port forwarding to reverse the tunnel direction. 2. Introduction Data being tunnelled through different systems needs to be secure to reach the desired receiver therefore this data has to be encrypted. There are different ways to encrypt data in a Linux System. In the experiment, Telnet and SSH protocols are used. Telnet has a server and the client where the SHOULD Include: - Statement of the hypothesis (an idea or concept that can be tested by experimentation). You need to verify it throughout the lab and conclude by refuting or confirming it. - An explanation of the different techniques and why they are used. - A statement of the objectives - what you hope to achieve. Should ANSWER the questions: - What was the purpose or objective of the lab? - Why was the lab conducted in a particular manner? - Why was the lab important in a broader context? data transferred between the two parties are in pure text. This causes a security risk while using this protocol. To remotely administer a server without security risk, SSH which uses asymmetrical keys is used for administration via command line or terminal. This protocol can be used for connections to any type of cloud service running Linux. A specific portal is assigned to each protocol to create a connection between the transport and application layers. In a Linux system, the information from the client is encrypted using a public key which is then decrypted by the server using a private key. Simple Mail Transfer Protocol (SMTP) traffic and X Windows protocols transfer unencrypted data making them insecure therefore SSH tunneling or SSH port forwarding is used to create encryption for these protocols. The port forwarding is of three ways: a. Local port forwarding. b. Remote port forwarding. c. Dynamic port forwarding. 3. Theory SSH is typically used in a remote machine and executes commands and it also supports tunneling, forwarding TCP ports, and the X connections. It can also transfer files that are related to the secure copy. SSH is normally a cryptographic protocol for operating network services over the unsecured network. It is composed of the command-line login and the remote command execution; it can be used to secure any network. SSH normally provides a secure channel over an unsecured network by normally using the client-server architecture looking at the SSH client application with an SSH server. SSH is generally used in the Unix-like OS, but it can also be used on Microsoft Windows, OpenSSH, and the default SSJ client and the SSH server. It was generally Commented [T2]: The statement of hypothesis is missing. You should include Statement of the hypothesis and verify it throughout the lab and conclude by refuting or confirming it. Refer to the above “Introduction” formatting guidelines. designed for the replacement of the Telnet and the unsecured remote SSH such as Berkeley, login, and rexec. A tunneling protocol is a network protocol that encapsulates a payload protocol acting as a payload protocol. SSH is mostly used to tunnel insecure traffic over the internet in a secure way. simply. An option -X is required to tunnel the X window protocol with the use of the SSH. Fedora workstation is normally used in the launching of the virtual machine. SSH tunneling is simply a technique used to create a secure connection between the local computer and the remote server. The traffic is encrypted and it is quite safe to connect with the restricted server to control the database or simply the services you need without the need of opening the firewall. We normally use the Ubuntu server in the verification where the telnet command is used. We have different types of tunneling such as forward tunneling and reversed tunneling which is achieved by the use of option -R instead of the option -L together with the ssh command. 4. Methods and Materials In this experiment, users will use secure data with encryption via SSH GnuPG and public key encryption. This experiment requires Cent Os, Fedora Workstation, and Ubuntu server to initialize the encryption by SSH and GnuPG. CentOS is a Linux distribution that provides a free and open-source communitysupported computing platform, functionally compatible with its upstream source, Red Hat Enterprise Linux. In CentOS server, the user makes the first connection to the own host by ssh command “ssh localhost” which is used to establish secure connections between the host. To connect to the correct host, authenticity is important and the OpenSSH implementation of the SSH protocol supports asymmetric key pairs, public and private, created with either RSA or DSA algorithms. The remote user could use the fingerprint of the host’s RSA public key to verify the authenticity. Normally, the ssh command will use the current username when attempting to connect to a remote host. By using the command “ssh root@localhost” with password can connect a different user account on the host. A user identifies can be verified with a key pair by generating a key pair for the administration user. The user’s public key must be appended to the remote user’s ~/.ssh.authorized_keys file for authenticating a user. There is no password requirement because of the step of “ssh-copy-id command” when logging as root@localhost. Then, the key pair using RSA algorithm to create the private key. There is another encryption technique called DSA algorithm which requires creating a passphrase. In the command line environment, the command “ssh-add” can be used to add any identity files after they have been unlocked once. Finally, users can log in without password after starting ssh agent with eval command. Next, SSH is able to encapsulate other insecure protocols and allow them to travel securely inside the SSH packets by operating in Fedora Workstation virtual machine. User enables tunneling of the X window protocol inside of the SSH protocol from the Fedora Workstation system back to the CentOs server and X protocol is being tunneled back from the CentOS server. Nautilus program can't be running without –X option. In the last VM of Ubuntu Server, the user will create an SSH tunnel to forward insecure protocol SMTP. The tunnel will forward packets from port 25 of the CentOS server to port 2525 on the Ubuntu Server. This tunneling is known as port forwarding where the direction of the tunnel is reversible. Still within Cent OS, to encrypt and decrypt data, users create an asymmetric key pair for use with the Gnu Privacy Guard. A random byte would be generated as keys after the passphrase has been entered because the GnuPG needs to construct a user ID to identify. In the environment of this experiment, an encrypted file will be created, and this file would send to sysadmin@localhost with specifying the recipients by their public key number. To prevent being prompted to overwrite the existing host file, the host's file will be removed because when decrypting a file, the resulting filename will be the same as the encrypted filename with the .gpg extension from the file name removed. Figure 1. These are the virtual machines for Cent OS server, Fedora Workstation and Ubuntu Server. Figure 2. The key’s randomart image Figure 3. Nautilus Window. X protocol is being tunning back from the CentOS Server. Figure 4. -X Option. Nautilus programs can only be running with –X option. 5. Results and Uncertainties Commented [T3]: RESULTS: In the results you are aiming to provide a clear account of the material factual findings of the investigation, using a combination of text, summarized data, and screenshots. The result of the experiment is as expected to be decrypted. No result should just be presented just as a screenshot with no corresponding statement in the text, you need to lead the reader through the information, bringing out the important features. SHOULD Include: - Pictures and screenshots - Tables and graphs whenever practical. - Brief statements (written in past) of the results in the text (without repeating the data in the graphs and tables) - Refer to each picture, graph or table, parenthetically e.g. (Figure 1) SHOULD NOT Include: - Discussion of the meaning or implications of the results. Commented [T4]: It’s too Short. In the results you are aiming to provide a clear account of the material factual findings of the investigation, using a combination of text, summarized data, and screenshots. First, you should write the summarized data and then when you add screenshot, you must explain about it. Refer to the above “Results” formatting guidelines. Figure 5. SSH-AGENT UTILITY is by generating the new DSA keys. Commented [T5]: With every screenshot, give some information about it. No result should just be presented just as a screenshot with no corresponding statement in the text, you need to lead the reader through the information, bringing out the important features. Figure 6. Port Forwarding. Forwarding the remote system port 25 to local system port 2525. Figure 7. Public Key number. Other user can encrypt data with this public key number. Figure 8. Decrypting a File. Remove the hosts file from home directory. Figure 9. This is the confirmation that the file has been decrypted successfully. 6. Analysis of Results/Discussion Figure 5: SSH Agent Utility In the picture, a pair of keys was successfully generated using a DSA algorithm (Digital Signature Algorithm). A passphrase will be required each time a user would like to use these keys. A similar process was done to generate keys using an RSA algorithm (asymmetric cryptography algorithm) apart from the need for a passphrase. The keys were generated for a specific user who can use them to send encrypted messages to another person. Figure 6: Port Forwarding An SSH tunnel was successfully created to forward an insecure protocol SMTP. This allowed the user to use the tunnel as a bridge between the CentOS Server and Ubuntu Server. The tunnel can securely forward packets from port 25 of the CentOS Server to port 2525 of the Ubuntu Server. Figure 7: Public Key Number The figure displays a resulting public key number after the user generated a pair of keys for a specific identity using gpg commands. This public key number can be shared with other people if you want them to encrypt data using your key. You can publish your key to public servers for others to see using specific gpg commands. Other commands can allow a person to download your key as well. Figure 8: Decrypting a File & Figure 9: Confirmation The user was able to decrypt the file using the passcode that was entered when the keys were initially generated for the specific identity we created in the certificate. This shows how keys are useful when two people want to communicate with each other securely. The keys can be used to encrypt and decrypt files which adds better security measures. 7. Conclusion In conclusion, messages can be sent between two people using Commented [T6]: CONCLUSION Formatting guidelines YOU SHOULD - Sum up your argument for the lab. - Relate back to the Introduction. encryptions and decryptions along with public and private keys that can enable these communications to be secure. SSH (secure shell) tunneling or SSH port forwarding is a method used to create an encrypted SSH connection that can send unencrypted data using unsecured protocols like SMTP (simple mail transfer protocol) and X Windows. Public key encryption utilizes an asymmetric encryption algorithm that requires two keys: a public key that can be shared with others and a private key that must be kept secret. These asymmetric key pairs can be used with the GnuPG (GPG) to be able to encrypt and decrypt data. 8. Acknowledgements/if applicable The online lab simulation of Lab 2: Securing Data with Encryption on Linux System was provided by Infosec Learning. Yi Liu was responsible for the (1) Abstract, (2) Introduction, and (3) Theory. Bisheng Zeng was responsible for the (4) Methods and Materials and (5) Results and Uncertainties. SHOULD - Only consist of a few sentences - Reiterate the findings of your lab. Joshua Comia was responsible for the (6) Analysis of Results/Discussion, (7) Conclusion, and (8) Acknowledgements. Commented [T7]: Include “References” section at the end and specify the references you have used to write the lab report. https://lab.infoseclearning.com/labs Username: yl58558p@pace.edu Password: study888 Click the sixth one, Exploiting a Vulnerable Web Application. Follow the instruction of the Lab. There will have few Challenge Questions, remember to do them. You only need the finish part 4 5 for the Lab report below. Thank you! GUIDELINES FOR LABORATORY REPORT WRITING Layout for a Laboratory Report Body of Laboratory Report 1. Abstract It should briefly explain what the experiment is about, and give a concise summary of the results and their significance. 2. Introduction This contains the background to and aims of the experiment, or set of experiments. The background to the work needs to be clearly described in the context of existing knowledge/research on the topic. 3. Theory This section should include all theoretical relationships that will be used to interpret your results in later sections. 4. Methods and Materials Describe the experiment, produce and refer to figures of the experimental layout, programs, software designs, response to computer commands, etc., as necessary. Each figure and table must be numbered and they must also have an accompanying caption or title. You must list important apparatus or equipment used. 5. Results and Uncertainties This is where you put your data, without any significant analysis. It is not necessary both to tabulate and to graph data; one or the other is preferred and is sufficient. Let the context determine. Graphs/tables should be labeled, and the units of measure must always be included where appropriate. 6. Analysis of Results/Discussion Analyze, interpret, and discuss each result in some detail. Compare with theoretical expressions and known values where appropriate. Discrepancies must be adequately addressed, not just noted, e.g. where there is an unexpected result from the data analyses, is it validated by the theory? 7. Conclusion This is not a rehash of the summary, but an overview of the experiment. State what you have found as well as where further investigation might be needed. 8. Acknowledgements/if applicable Those who have contributed to the experiment must be acknowledged. Each team member’s contribution must be clearly stated (e.g., which steps the each team member completed in the experiment, and/or what sections he/she wrote in report, etc.). LAB REPORT PRESENTATION CS XXX Department of Computer Sciences PACE UNIVERSITY LAB REPORT ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ ⚫ Title page Acknowledgment Abstract Introduction Theory Methods and Materials Results Analysis/Discussion Conclusion References TITLE PAGE Pace University Department of Computer Science CS XXX/Computer Course 1 Assignment: Type/Number xxx Assigned Task/Problems: Assigned Task/Problems Completed: Instructor: Dr. Joseph Team Number: xxx Team Member Names: First initial Last name 1, First initial Last name 2 Grade: ACKNOWLEDGMENT → Clearly specify the contribution of each team member. → For the purpose of these labs you need to put this section after the cover page i.e before the abstract ABSTRACT → Comes first in a report → Written last, after you have the results and conclusions. → An informative summary of what you did and what you found out. ABSTRACT Should Include: ⚫ ⚫ ⚫ → Objectives → A brief reference to the Materials and Methods. → A summary of the results and conclusions ABSTRACT → Objectives (Lab-01): Explore the BIOS (Basic Input/Output System), CMOS (Complementary Metal-OxideSemiconductor) Setting utility, and various other tools (Device Manager, DirectX Diagnostic, etc.) for identifying computer hardware components. ABSTRACT → A brief reference to the Materials and Methods: CMOS Setting Utility Device Manager System Information Utility DirectX Diagnostic Tool Resource Monitor → All tools and utilities used on Windows 7 ABSTRACT → A summary of the results and conclusions - The BIOS instructs the computer on how to perform a number of basic functions. - The CMOS Setup utility allows BIOS settings to be viewed and configured. - Windows built-in system-management utilities control many essential functions of both software and hardware. Can be used to test memory, manage processes, change how the operating system starts, and more. ABSTRACT Should NOT Include: ⚫ → Literature citations. ⚫ → Formulae and abbreviations. ⚫ → References to tables. INTRODUCTION The purpose of the Introduction is to put the reader in the picture and place the research/experiment within a context. INTRODUCTION Should Include: → Background about the analysis to be carried out. → Reason/s why the research was undertaken. INTRODUCTION Should Include: → Statement of the hypothesis (an idea or concept that can be tested) What happens in a computer if the hardware is faulty? How many operating systems are loaded on a generic computer? How do different parts of a computer know how to work together? INTRODUCTION Should Include: → An explanation of the different techniques and why they are used. Why are you using DirectX Diagnostic Tool (Dxdiag.exe) and Resource Monitor not PING or TRACEROUTE? INTRODUCTION Should Include: → A statement of the objective/s - what you hope to achieve. If there is a program or utility that notifies when a computer hardware is faulty. How many operating systems are loaded on a generic computer. How do different parts of a computer know how to work together. INTRODUCTION Should NOT Include: Any results or conclusions. THEORY → Contains definitions of terms behind the experiment. What is BIOS, CMOS, Device Manager, System Information Utility, DirectX Diagnostic Tool, Resource Monitor? MATERIALS AND METHODS → Is a description of the materials and procedures used - what was done and how. 1.Windows 7 machine (Use dxdiag to check the specs) 2.Tools and Utilities: BIOS, CMOS, Device Manager, Resource Monitor,CMD, etc. 3.Commands: msinfo32 4.Programs: MIS Utilities Free PC Audit MATERIALS AND METHODS If you followed a set of written instructions, you may not need to write out the full procedure - state briefly what was done and cite the manual. - Infosec Learning Virtual Lab: Examining PC Hardware RESULTS The following will be included in your Results: ⚫ → Screenshots → Brief statements of the results in the text → Use parenthesis to refer to each screenshot e.g. (Figure 1) RESULTS RESULTS Figure 1. The figure represents default CMOS printout in a generic windows computer BIOS is a pre-installed program on windows based computer systems as shown in (Figure 1) BIOS is used to start the computers. RESULTS Should NOT include: → What you expected to find or what you were supposed to have observed. → References to other works (published data or statements of theory). → Use the Discussion section of the report for these. DISCUSSION → State your interpretation of your findings, perhaps comparing or contrasting them with the literature. Reflect on your actual data and observations. - When we power on a computer, the CPU approaches the BIOS to find out all Input-Output devices and to look over if all hardware connections are properly functioning. DISCUSSION The Discussion must answer the question: "What do the results mean?" → It is an argument based on the results. CONCLUSION → This is the summing up of your argument or experiment/research, and should relate back to the Introduction. → The Conclusion should only consist of a few sentences, and should reiterate the findings of your experiment/research. - BIOS is the first program installed in computers even before the operating system. - The primary function of BIOS is to check whether computer hardware is functioning properly and there is no issues with the hardware. INTRODUCTION - CONCLUSION If there is a program or utility that notifies when a computer hardware is faulty. How many operating systems are loaded on a generic computer. How do different parts of a computer know how to work together. - BIOS is the first program installed in computers even before the operating system. - The primary function of BIOS is to check whether computer hardware is functioning properly and there is no issues with the hardware. REFERENCE Cite any references that you have used, ensuring that each item in the reference list has an in-text citation, and every in-text citation has a full reference in the reference list at the end of your paper. END
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

Exploiting A Vulnerable Web Application
Methods and Materials
The lab involves using the Windows 10 PC to perform Kali Linux Lab tests Kali Linux. To log
in to InfoSec Learning, we used the login user name and password. The practice involved
running some of the InfoSec Learning Virtual Lab programs: Exploiting a Vulnerable Web
Application. The lab topology was composed of Kali Linux, which was made up of Windows
Server 192.168.1.10 and the Metaspoitable 192.168.1.30, linked to other subgroups composed
of pfsense 192.168.1.254 and the Kali 2 Attack Machine with ...


Anonymous
Awesome! Perfect study aid.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags