This assignment has three parts. It is due by 2/15 at 11:59 PM. To submit your homework, please post your responses as either a public note or as a link to your publicly available writeup on Piazza.
There will be a late penalty of 5% off per day late!
Answer the following questions pertaining to the Briong server.
1) What is the IP address of the server? How did you discover this?
2) Which operating system is the server probably running? How did you discover this?
3) Where is the server located? How did you discover this?
4) Who (person's full name) owns the Briong server? How did you discover this?
5) List as much personal information found about the owner of Briong. For each, briefly detail how you discovered them.
6) What ports are open on the Briong server? How did you discover this?
7) What is the domain name associated with the found IP address? How did you discover this?
8) What services are running on the server?
9) List all hidden files you have discovered on the website. For each, briefly detail how you discovered them.
10) What is an SSH fingerprint? What is the SSH fingerprint of the Briong server? How did you discover this?
Use the provided stub code (stub.py) or write your own program in another language to gain access to the Briong server.
Once you have gained access to the Briong server with the correct login credentials, you will be prompted with a Linux bash shell.
Use your knowledge of Linux commands to locate the file flag.txt, read it, and submit the flag found inside of the file.
The format for the flag is CMSC389R-{}.
Note: If you choose to write your own program in another language, please include instructions on how to execute your program including what version of the language you are using. Please add this detail to a README.txt or README.md file. You will NOT receive credit if the TAs cannot run your program.
Note: If you are stuck on this part of the assignment, please let us know. The facilitator staff is open to releasing hints, though we reserve the right to deny releasing specific hints if we deem it appropriate.
Research one OSINT technique outlined either in the 2/2 or 2/9 lecture, as well as the OSINT handbook or any available information gathering tool in Kali Linux and explain how it can be used to discover information related to a certain target (ie. person name, IP address, email address, etc).
Write 1-2 paragraphs (100-200 words) explaining how the OSINT technique works and how you would use in a vulnerability scan, as well as how to potentially counter the discovery of that information via an OPSEC technique.
All three parts should be written in the same blog post, clearly separated. Part 1 and 3 can be answered in bullet form or full, grammatical sentences.
Part 1 is worth 20 points, part 2 is worth 50 and part 3 is worth 30 (15 for OSINT technique, 15 for OPSEC technique). Partial credit for part 2 is available - so show all of your work!
Look through the slides from lecture 2 and 3 for guidance. Let us know if you have any questions.
Good luck!