CNET331-Section 2 and 3

Project
Due Dates: Max Marks: 5%
Proposal: 04-Feb-2023
Milestone Report 1: 04-Mar-2023
Milestone Report 2: 18-Mar-2023
Project Report: 08-Apr-2023.
Project Presentation: 09-Apr-2023

INSTRUCTIONS
Complete the following assignment individually in the and submit it on eCenttenial no later than the due dates. Every
day of late submissions will be penalized by deduction of 10%. If submitted later than 3 days, the assignment will not be
considered and you will receive a marks of zero.

This must be your own original work. Plagiarism and cheating are both penalized with a grade of zero at minimum.

Project Description
The objective of this project is to build your own ethical hacking platform, expand this platform and test within a
virtualized environment. This includes the following virtual machines:

1. An offensive virtual machine: This could be based on Kali Linux, Parrot, or any other linux distribution. Extra
points will be given if you choose to build your own from scratch (using a generic distro like Ubuntu and building
all the tools).
2. A target Linux machine: Based on Metasploitable 2.
3. A target Windows machine: based on Metasploitable 2.

For virtualization, you could use either VirtualBox, HyperV or VMWare Workstation Pro.

During the project, you will be required to research and install 5 new tools that do not exist in your offensive VM. These
tools could be used in any stage of ethical hacking, such as reconnaissance, enumeration, exploitation,..etc.

Project Stages
1. Building the virtual environment (3 VMs: 1 attack, and 2 victim VMs)
2. Extend the virtual environment: Research, install, and demonstrate 5 new ethical hacking tools.
3. Perform a formal ethical hacking engagement on the two victim VMs, and exploit 5 different vulnerabilities (2
exploits on one VM, and 3 exploits on the other).
Deliverables
1. Project Proposal (2%): A report showing research done to compare different offensive operating systems and
explaining why you chose a particular one (Kali, Parrot, ..etc.)
2. Milestone Report 1 (1%): A short report showing what you have done so far.
3. Milestone Report 2 (1%): A short report showing the progression that you’ve achieved since the first milestone
report.
4. Project Report (8%): A detailed report showing all the steps of each project step with appropriate screenshots
and explanation of each step. Each screenshot, must contain an evidence that it is yours and not obtained
somewhere else (this can be a small notebook page with your name and student ID included within the
screenshot).
5. Project Presentation (8%): A recorded 15 minute presentation where you briefly explain what you have done
and demonstrate the exploitation of one vulnerability.

Detailed Deliverable Description

Deliverable 1: Project Proposal
Your proposal is expected to cover the following sections:

• Title Page
Your name, course, section, date, the professor’s name.
• Introduction (1 to 2 paragraphs)
A brief description of what you’re going to do in the project.
• Comparison of Offensive Operating Systems (1-2 pages)
Provide a technical comparison of different offensive security operating systems. This comparison can be in the
form of a table or flowing text.
• Your choice and Why (1 page)
Provide details of OS you picked to use and what are the technical reasons behind your choice.
• Chosen Vulnerabilities (5 pages)
A detailed description of 5 different vulnerabilities within the Metaploitable 2 Linux and Windows machines that
you plan to exploit. These five vulnerabilities need to be split into 3 from one machine and 2 from the other
machine.
• Project Plan (1-2 Pages)
A detailed list of steps that you will take to achieve project goals with dates of execution.

Deliverable 2: Milestone Report 1

Your milestone report is expected to cover the following sections:

• Title Page
Your name, course, section, date, the professor’s name.
• Introduction (1 to 2 paragraphs)
A brief description of what you’re going to do in the project.
• Review of Executed Steps (2 pages)
Detailed description of the steps that you have performed in the project since the beginning.
• Challenges Faced (1 page)
Explain the challenges you’ve faced or currently facing, and how you have approached them or planning to
approach them.
 • Updated Project Plan (1 page) (Optional)
If you need to make any updates to the project plan or the dates mentioned in your proposal, place your
updated plan here.

Deliverable 3: Milestone Report 2

Your milestone report is expected to cover the following sections:

• Title Page
Your name, course, section, date, the professor’s name.
• Introduction (1 to 2 paragraphs)
A brief description of what you’re going to do in the project.
• Review of Executed Steps (2 pages)
Detailed description of the steps that you have performed in the project since the submission of Milestone
Report 1.
• Challenges Faced (1 page)
Explain the challenges you’ve faced or currently facing, and how you have approached them or planning to
approach them.
• Updated Project Plan (1 page) (Optional)
If you need to make any updates to the project plan or the dates mentioned in your proposal, place your
updated plan here.

Deliverable 4: Project Report

Your milestone report is expected to cover the following sections:

• Title Page
Your name, course, section, date, the professor’s name.
• Introduction (1 to 2 paragraphs)
A brief description of what you’re going to do in the project.
• Project Plan (1 pages)
The final version of the project plan.
• Challenges Faced (1 page)
Explain the challenges you’ve faced and how you have approached them.
• Selected Offensive Machine (1 page)
A brief description of the selected offensive operating system with a description of the 5 new tools.
• Selected Vulnerabilities (2 pages)
A brief explanation of the selected five vulnerabilities.
• Project Execution (20-30 pages)
A detailed section showing all the steps of each project step with appropriate screenshots and explanation of
each step. Each screenshot, must contain an evidence that it is yours and not obtained somewhere else (this can
be a small notebook page with your name and student ID included within the screenshot). Screenshots without
your name will be discarded.
Deliverable 5: Project Presentation
Your project presentation is expected to adhere to the following requirements:

• The presentation is to be pre-recorded and your uploaded to YouTube as an unlisted video, or any other hosting
platform. You need to submit only the link to the video, not the whole video. Make sure that the link works.
• Your presentation can be recoded using Zoom, Teams, or any other tool.
• Presenter’s face must be visible during all of the presentation. Part of the evaluation is based on presentation
skills.
• Your presentation is expected to last from 12-15 minutes. Presentations longer than 15 minutes will be stopped
at 15 minutes, and the remaining parts will be considered incomplete.
• Your presentation is expected to cover the following:
o 10 minutes to describe the offensive OS chosen, the 5 tools installed, and the 5 vulnerabilities selected.
In addition, you should briefly explain the steps taken to perform all tasks.
o 5 minutes to demonstrate the exploitation process of one vulnerability.

Reports Formatting:

Your report must be double-spaced in 12pt font with one-inch margin. The report will be submitted online and should
be in pdf file format.

Note: Please proofread to ensure that all words, including names and technical terms are spelled correctly.

Marks Distribution

Deliverable 1:
Criteria Points
Title page 5
Introduction 10
Comparison of Offensive Operating Systems 30
Your choice and Why 15
Chosen Vulnerabilities 20
Project Plan 20
Total 100

Deliverable 2:
Criteria Points
Title page 0.5
Introduction 0.5
Review of Executed Steps 5
Challenges Faced 4
Updated Project Plan 0
Total 10
Deliverable 3:
Criteria Points
Title page 0.5
Introduction 0.5
Review of Executed Steps 5
Challenges Faced 4
Updated Project Plan 0
Total 10

Deliverable 4:
Criteria Points
Title page 5
Introduction 5
Project Plan 15
Challenges Faced 10
Selected Offensive Machine 5
Selected Vulnerabilities 10
Project Execution 50
Total 100

Deliverable 5:
Criteria Points
Presentation Skills 2
Adequacy of Presented Information 2
Demonstration of exploitation 3
Project Execution Quality 3
Total 10