Task 4.1 [1 mark]: Write a VBScript to run a classic DOS command 'copy' to copy a file from one location to another location programmatically.

Optional: Although this unit uses vbs to demonstrate system administration tasks, we encourages students to try other approriate shell/script languages. You can study how Powershell performs the same task.

Task 4.2 [1 mark]:Write a VBScript that automatically sends a message to another computer user by using “net send” after a few seconds delay.

Task 4.3 [2 marks]: Write a VBScript, named getIPAddress.vbs. The program reads your IPAddress by executing command ipconfig through WSH Shell, replaces the 2nd octet with another number and displays the fake IP address in a MsgBox. Note that the code must be working with arbitrary IP addresses (not merely a fixed one). For this purpose, using regular expression for pattern matching is a better implementation. Marking criteria for this task: full marks if your program is working and regular expression is used for pattern matching. One mark only if your program is working but regular expression is not used for pattern matching.

Project 2:

Subtask 1 [3 marks]: Write a “computer virus” (malware) which can start on a scheduled date, steals a number of local files and share them to a remote network user.

Note:

1. You may not need to think in a real ‘virus’. For instance, your code doesn't have to gain access to victim's computer and install your malware on the victim's machine. we assume the machine you are working on is the victim's machine that you have a full control.

2. The question asks your malware "to steal a number of local files and share them to a remote network user", in case "file transfer to remote network user" is not working in the lab, you can customise the malware action for this exercise: for instance, "copy files locally", "send messages around", etc.

3. Your malware must be scheduled using "JOB SCHEDULING" mechanism and be triggered programmatically.

Subtask 2 [3 marks]: Write a “friendly computer virus”  in VBScript with a special idea (for instance, a piece of prank code).

Note that this project is designed for practicing your script programming skills only. Any action that could lead to producing computer viruses is forbidden in the class. 

Point of interest (Optional Readings): Client-side attacks using Powershell, Tools at Nishang. Please be aware of phishing with Macros and Powershell. Here's an example of an abridged macro in Office documents, which attempts to download a file called 33.exe (containing some exploit code), save it to the user’s temp directory, and execute it. It is not a sophisticated piece of code; there is no effort to detect the recipient’s OS, to create a process, or to schedule a task for persistence. Are you willing to do some enhancement on the macro for penetration test?

Marking criteria:

This Practical and Project will be marked (10% of total marks)

Practical 4 Task 4.1-4.3 will be due in week 5 (in tutorial session, no delay is allowed).

Project 2 tasks will be due in week 6. That is, your work must be ready for checking at the beginning of your tutorial class in Week 6 - no delay is allowed. The project MUST be submitted electronically via the unit website by the due time [penalty for late submission applies otherwise]. For submitting your project 2, check 'Assignments', then choose 'Project 02' where you can attach files and perform submission.

A true and proper attempt must be in evidence. Students' performance regarding the task implementation will be individually checked. Students are encouraged to present programs which are fully tested. Any program language errors, run time errors, and logical errors will detract from the full marks. Common coding features like robustness, extensibility, and flexibility are also taken into account for grading. No marks for the project can be obtained without demonstrating your work during laboratory and submitting your work onto vUWS. Marks will be deducted for late submission.