There are two problems in this assignment: Problem 1 (stack-based exploitation). You are given a binary (implementing a parser for Intel HEX format for binary files), containing one or more vulnerabilities. You are asked to exploit these vulnerabilities, using stack-based exploitation methods, to achieve a number of objectives, culminating in an arbitrary code execution. There are 4 (four) subproblems within this problem, with increasing difficulty. The subproblems are designed in a way that helps you in building exploit primitives that would eventually lead to arbitrary code execution. Problem 2 (heap-based exploitation). There are two binaries in this problem, with similar functionalities but different exploit mitigations in place. You are asked to find heap-related vulnerabilities (use-after-free and double-free) and exploit them to achieve a number of objectives. This problem is divided into 7 (seven) subproblems with increasing difficulty. Just as in Problem 1, these subproblems are designed to help you building the necessary primitives for the final goal of achieving arbitrary code execution. To see the details for each problem, read the instructions in the respective folders (./stack for Problem 1 and ./heap for Problem 2). There are two components to this assignment: Artefact: This consists of python scripts implementing the exploitation steps. Report: This is a PDF document explaining how you solve the assignment problems. The report file must be named following the convention: _report.pdf, e.g., u1234567_report.pdf. Limit your report length to around 3500 words. Execution environment This assignment assumes all the associated binaries are run inside the lab VM. You need to install two additonal software packages to run and test these binaries: socat and libreadline-dev. Install them in the lab VM using the following commands: bash $ sudo apt install socat libreadline-dev Testing your solution scripts Each subproblem requires you to write a python script to launch the exploit. For the purpose of assessment, you must assume that the binaries will be run in a remote server, so in particular you have no direct visibility into the program states (so, e.g., you cannot run gdb and inspect the buffer addresses or libc addresses while executing your attacks). To assist you in testing your solution, to make sure that they comply with this requirement, each problem comes with a script to run the binary as a local server application that interacts only through the (localhost) network socket. Your submitted solution scripts must interact with the binaries only through the network sockets. This can be done through pwntools’s remote() command. You are, however, free to use the process() command to interact with the binaries while you are developing your solutions, but in the final submission, the process() command must be replaced by the remote() command. COMP3703 assignment 2 : Code Help Programming Help :#The Solution needs to be customised that’s why we didn’t attach the solution For the Programming Help for this solution email or whatsapp me at: [email protected] Whatsapp : +1 419 877 7882
OpenBSD VHD Kernel Driver – Filing the System Submission: Git Code submission is marked in your prac session in week 131Academic Integrity au/current-students/guidelines-and-policies-students/student-conduct 1.1 Use of AI Toolshttps://.com All assessment tasks evaluate students’ abilities, skills and knowledge without the aid of generative Artificial Intelligence (AI) or Machine Translation (MT). Students are advised that the use of AI technologies to develop responses (e.g. code generation) isAdd assignmentchefstrictly prohibited and 2 Background This assignment extends the OpenBSD kernel to add support for using VHD disk images as block devices. This is similar to the existing functionality provided by the vnd(4) driver, which supports using files containing a disk image as a block device. The purpose of this assignment is to exercise concepts of low-level disk operations and caching in an operating system kernel environment. From a high-level point of view, a physical disk device presents a sequence of bytes that can be written to or read from, with the ability to quickly seek an arbitrary position and read and write at that point. Note that this is a simplification that ignores that disks address and provide access to blocks of bytes, not individual bytes. A file on most operating systems offers similar features, i.e., a sequence of bytes that can be accessed by address. Because of these similarities, it is possible for an operating system to provide a common set of operations on both files and disks (e.g., open, close, read, write, seek, etc.) and allow them to be used interchangeably. For example, you could use tar to write an archive to a file in a filesystem, or directly to a disk device. dd, cp, cat, etc can read the bytes from a raw disk into a file or visa versa. However, operating systems generally provide extra functionality on top of disk devices such as the ability to partition disks and mount filesystems from them. 2.1 vnd(4) The vnd(4) driver in OpenBSD provides a ”disk-like interface to a file”. This means the OpenBSD kernel can open a file and present it as a block device to the rest of the system, which in turn allows for the creation and use of filesystems on these disk images. The vnd(4) driver currently only supports using raw disk images as backing files. There’s a oneto-one mapping of data offsets for data in the end disk device and the byte offset of that data in the underlying file. This makes the implementation very simple, with the downside that the backing file has to be the same size as the disk vnd is presenting. If you have a 32G disk image, the file will be 32G regardless of how much data is actually stored inside a filesystem mounted on top of it. Similar functionality exists in the loop driver in Linux, and the lofi driver in Solaris and Illumos. 2.2 Virtual Hard Disk (VHD) The same file can be found on Blackboard. This specification differs from the official Microsoft specification in that it includes annotations for ease of understanding and contains corrections to errors in the official specification. The official VHD format is documented by Microsoft in Virtual Hard Disk Format Spec_10_18_06.doc. 3 Instructions To complete the assignment, you will need to do the following: 1. Download the base code patch 2. Create the a3 branch cd /usr/src git checkout -b a3 openbsd-7.5 3. Apply the base code patch 4. Install the includes cd /usr/src/includedoas make includes 5. Build the kernel cd /usr/src/sys/arch/amd64/compile/GENERIC.MP make obj make configAssignment Project Exam Help make -j4 doas make install 6. Reboot doas reboot 7. Build and installAdd assignmentchefvhdctl cd /usr/src/usr.sbin/vhdctl make obj make doas make install 8. Create vhd(4) device node 0 doas cp /usr/src/etc/etc.amd64/MAKEDEV /dev cd /dev doas chmod 755 MAKEDEV doas ./MAKEDEV vhd0 4 Specifications You will be extending the OpenBSD kernel to add support for using VHD files as a backend for a vhd(4) virtual block device. vhd(4) is roughly based on vnd(4). Boilerplate code for the device entry points and command line utility will be provided, but you will be implementing the handling of the file and the VHD file format within the provided kernel driver. Only a subset of the VHD functionality listed in Microsoft’s specification of the file format is required. The following functionality is required: • Read support • Fixed-size images • Write support • Dynamic images Differencing images do not need to be supported. In addition to supporting the VHD file format, the kernel should implement the following: • Deny attaching VHD files which are invalid, corrupted or contain features not supported by your kernel driver. • Deny detaching VHD files when the disk is open unless the force flag is passed to the VHDIOCDETACHioctl. • Return the name of the VHD file the device was attached to for the VHDIOCFNAMEioctl. • Populate a struct stat for the currently attached VHD file for the VHDIOCSTATioctl. 4.1 VHD Disk I/O Reads and writes against the vhd block device should be mapped to vn_rdrw() against the VHD backing file. Writing to theAssignment Project Exam Helpvhd device must not corrupt the backing VHD disk image. Caching of VHD structures (e.g., footer, dynamic disk header and block allocation table) andhttps://.com data blocks should be implemented for dynamic images, for improved performance. For example, if you read a sector from block 0x3301 and immediately read another sector from the same block, you should not need to read the backing VHD file twice. Same goes for mixedAdd reads and writes, for example, read on block 0x3010 followed by a write on the same block should result in one read and one write (not 2 reads and 1 write). The number of data block cached, the cache replacement algorithm (if you intend on caching 2 or more blocks) and the implementation details of the caching is up to you to decide, as long as some form of caching is implemented. 4.2 ioctl interface The following ioctls should only work on the raw partition of the character device associated with each vhd disk. Except for VHDIOCATTACH, they should only work when a vhd disk is attached to a backing file. VHDIOCATTACH Specify the VHD file to attach as a block device, and parameters for using the disk in the kernel. The vhd_attach struct contains the following fields: • vhd_file – The name of the VHD file to attach a vhd disk to. • vhd_readonly – The vhd disk can be written to when set to 0, and if the VHD file is readonly, the vhd disk should fail to attach. The vhd disk should be read-only when set to a non-zero value, and the VHD file should be opened read-only. VHDIOCDETACH This ioctl requests the block device be detached, and the backing file closed. If the disk is in use, the request should fail with EBUSY unless the unsigned int ioctl argument is set to a non-zero value. A non zero value requests the forced removal of the block device and close of the backing VHD file. VHDIOCFNAME This ioctl requests the name of the VHD file used for the currently attached block device. The name should be the same as what was passed as the filename in the VHDIOCATTACHioctl. VHDIOCSTAT This ioctl is equivalent to an fstat(2) system call against the backing file. 5 Provided Tools/Files 5.1 vhdctl The patch includes source for aAssignment Project Exam Helpvhdctl utility that uses the ioctls defined above to control vhd devices. It is similar to vnconfig. The source can be found after the patch is applied in src/usr.sbin/vhdctl. -rw-r–r– 1 root wheel 10 Oct 4 21:37 comp3301.txt drwxr-xr-x 2 root wheel 512 Oct 4 21:39 folder/ -rwxr-xr-x 1 root wheel 6496 Oct 4 21:40 hello* -rw-r–r– 1 root wheel 94 Oct 4 21:40 hello.c -rw-r–r– 1 root wheel 13 Oct 4 21:36 hello.txt -rw-r–r– 1 root wheel 2739 Oct 4 21:38 test.txt 5.2 rawtest.img This is a raw disk of size 10 MiB which contains a filesystem with the following files:Add Download: 5.3 fixedtest.vhd This is a fixed-size VHD version of rawtest.img. Download: 5.4 dynatest.vhd This is a dynamic VHD version of rawtest.img. Download: 5.5 vhdtool This tool is not available yet. It will allow you to create VHD files and convert disk images between raw and VHD. It will also allow you to perform basic consistency checks on VHD files. You do not need this tool at the current stage, it will be released later. 6 Misc. Requirements 6.1 Code Style Your code is to be written according to OpenBSD’s style guide, as per the style(9) man page. 6.2 Reliability, Robustness, Portability and Modularity 6.3 Compilation 7 Git Submission Submission must be made electronically by committing and pushing your changes to your course-provided Git repository on source.eait.uq.edu.au. Code checked into any other branch in your repository or not pushed to the a3 branch (i.e., left on your VM) will not be marked. As per the source.eait.uq.edu.au usage guidelines, you should only commit source code and makefiles. Please do not commit cscope outputs, core dumps or base code patch files. Your a3 branch should consist of: • The OpenBSD 7.5 base commit (provided) • The A3 base patch commit (provided) • Commit(s) for adding the required functionality (by yourself) 7.1 Marking 7.2 Demo Session It is your responsibility to ensure that your code compiles and operates correctly. Code that fails to compile or code that crashes the kernel upon boot results in your submission not being marked for functionality. 8 Recommendations 8.1 Backups It is highly recommended that you use Git to regularly backup your assignment code. Beware that corruptions to your file-system can happen in the event of kernel crashes, and will require you to start from scratch if there is no backup. Regularly committing code to Git and pushing to origin ensures that your code will not be lost in the event of a file-system corruption. It is also recommended that you take a snapshot of your virtual machine (VM) before you attempt the programming aspect of this assignment. This can be done by running snapshot in your VM Control. 8.2 Relevant Manual Pages • vnd(3) – vnode Disk Driver • vnode(9) – vnodes • vfs(9) – Kernel Interface to File Systems • ioctl(2) – Control Device • MAKEDEV(8) – Create System and Device Special Files • malloc(9) – Kernel Memory Allocator • RB PROTOTYPE(3) – Red-Black Tree Macros • KASSERT(9) – Kernel Assert Routines 8.3 Testing Sample commands and expected outputs will be posted onto the Ed discussion board as students progress through the assignment. You are expected to conduct testing yourself and create yourhttps://.com own test cases. 9 Specification ClarificationsAdd All clarifications made since the initial release of this specification are coloured red in this document.
1. Assignment Overview Assignment Contribution: Contributes 15% to the final grade Submission Requirements Files to Submit: Mset.c, MsetStructs.h, and analysis.txt Submission Method: Command line ($ give cs2521 ass1 Mset.c MsetStructs.h analysis.txt) or give’s web interface Notes: Multiple submissions are allowed, and only the last one will be marked. Check after submission. Grading Criteria Correctness (75%) Includes the correctness of basic operations (such as insertion, deletion, getting size, getting total count, getting element count, printing, etc.) and advanced operations (such as union, intersection, inclusion check, equality check, getting most common elements, etc.), as well as the correctness of related operations after updating the balanced binary search tree and cursor operations. Each operation has a corresponding score percentage, and there will be deductions for memory errors/leaks. Complexity Analysis (15%): The correctness of the complexity analysis in analysis.txt and the quality of explanations. Code Style (10%): Evaluation includes indentation, space usage, function usage, code decomposition, and comments. 2. Assignment Content 2.1 Multiset Abstract Data Type (ADT) A collection that allows duplicate elements, where each element has a count indicating the number of times it appears in the collection. It is an abstract data type, and the focus is on the set of operations. The implementation details are not important as long as the desired behavior is presented to the user. Operation Requirements Basic Operations (Part 1) MsetNew: Creates a new empty Multiset with a time complexity requirement of $O(1)$. MsetFree: Frees all memory allocated to the Multiset with a time complexity of $O(n)$. MsetInsert: Inserts one element into the Multiset. If the element is equal to UNDEFINED, nothing is done. The time complexity is $O(h)$. MsetInsertMany: Inserts a given number of elements. If the element is equal to UNDEFINED or the number is 0 or less, nothing is done. The time complexity is $O(h)$. MsetDelete: Deletes one element from the Multiset with a time complexity of $O(h)$. MsetDeleteMany: Deletes a given number of elements with a time complexity of $O(h)$. MsetSize: Returns the number of distinct elements in the Multiset with a time complexity of $O(1)$. MsetTotalCount: Returns the sum of the counts of all elements in the Multiset with a time complexity of $O(1)$. MsetGetCount: Returns the count of an element in the Multiset. If the element is not in the Multiset, it returns 0. The time complexity is $O(h)$. MsetPrint: Prints the Multiset to a file. The elements are sorted in ascending order and in the format of {(element, count),…}. The time complexity is $O(n)$. Advanced Operations (Part 2) MsetUnion: Given two Multisets, returns their union. The count of each element in the new Multiset is the maximum of its counts in the two original Multisets. The time complexity needs to be analyzed and written in analysis.txt. Methods like converting the tree to an array or list and then processing are not allowed. MsetIntersection: Given two Multisets, returns their intersection. The count of each element in the new Multiset is the minimum of its counts in the two original Multisets. The time complexity needs to be analyzed and written in analysis.txt, and certain processing methods are prohibited. MsetIncluded: Given two Multisets, determines if one is included in the other based on element counts. The time complexity needs to be analyzed and written in analysis.txt, and certain processing methods are prohibited. MsetEquals: Given two Multisets, determines if they are equal based on whether the elements and counts are exactly the same. The time complexity needs to be analyzed and written in analysis.txt, and certain processing methods are prohibited. MsetMostCommon: Given a Multiset, an integer, and an array, stores the most common elements in the Multiset in descending order of count into the array and returns the number of elements stored. The time complexity needs to be analyzed and written in analysis.txt. Balanced Binary Search Tree (Part 3) Update the implementation to use a height-balanced binary search tree so that MsetInsert, MsetInsertMany, MsetDelete, and MsetDeleteMany have a worst-case time complexity of $O(log n)$, and ensure that the underlying binary search tree of any Multiset is always height-balanced. Cursor Operations (Part 4) MsetCursorNew: Creates a new cursor for a given Multiset, initially positioned at the start of the Multiset. MsetCursorFree: Frees all memory allocated to a given cursor. MsetCursorGet: Returns the element at the cursor’s position and its count. If the cursor is at the start or end of the Multiset, it returns {UNDEFINED, 0}. MsetCursorNext: Moves the cursor to the next largest element. If there is no next largest element, it moves to the end of the Multiset. If the cursor is already at the end, it does not move. Returns false if the cursor is at the end after the operation, otherwise returns true. MsetCursorPrev: Moves the cursor to the next smallest element. If there is no next smallest element, it moves to the start of the Multiset. If the cursor is already at the start, it does not move. Returns false if the cursor is at the start after the operation, otherwise returns true. All cursor operations should have a worst-case time complexity of $O(1)$ or $O(log n)$. The design and implementation and how the time complexity requirement is met need to be explained in analysis.txt. 2.2 Assignment File Description Initial Files Makefile: A set of dependencies used to control compilation. Mset.h: The interface to the Multiset ADT, which cannot be modified. Mset.c: The implementation of the Multiset ADT (initially incomplete). MsetStructs.h: The definition of structs used in the Multiset ADT (initially incomplete). testMset.c: A main program containing some basic tests for the Multiset ADT. analysis.txt: A template for entering the time complexity analysis of selected functions. Struct Usage Requirements Must use struct node for binary search tree nodes. The elements of the multiset must be stored in the elem fields of struct node, and their counts must be stored in the count fields. The left and right pointers are used to connect a tree node to its left and right subtrees and cannot be used for other purposes. The tree field must point to the binary search tree that stores all the elements of the multiset. 2.3 Testing and Debugging Testing The testMset.c is provided as a basic test program. It can be compiled by make and run by ./testMset. The tests are assertion-based, and a failed test will cause the program to exit. A test can be ignored by commenting out the corresponding test function. It is recommended to add your own test functions. Debugging Students are expected to know basic debugging methods, such as using print statements, basic GDB commands, and running Valgrind. The use of GDB and Valgrind can be learned in relevant lab exercises. 3. Background Knowledge Prerequisite Knowledge Requirements: Recursion, analysis of algorithms, abstract data types, binary search trees, balanced binary search trees (including AVL trees) Multiset Related Concepts Similar to the concept of a set but allows duplicate elements, and each element has a count. It can be represented in the form of elements and their counts enclosed in curly braces, such as {(1, 3), (4, 2)}, indicating that element 1 appears 3 times and element 4 appears 2 times. Related symbolic notations are defined, such as cA(x) representing the count of element x in multiset A, and if x is not in A, then cA(x)=0. The empty multiset is denoted by ∅. :#The Solution needs to be customised that’s why we didn’t attach the solution For the Programming Help for this solution email or whatsapp me at: [email protected] Whatsapp : +1 419 877 7882
Module Convenor(s)Assessment Name Coursework 1 Weight 40% We As Em Description and Deliverable(s) Q htt This coursework has THREE parts, as detailed below: Part 1 focuses on Elementary Logic Gates Part 2 focuses on Combinatorial & Sequential Circuits Part 3 focuses on The Hack Computer Important Notes For this coursework, all tasks are made as a MINI GROUP WORK. You are encouraged to divide the different tasks among yourselves, within the group. You should finish your tasks faster this way. However, you must maintain a healthy Chat: cstutorcs 2. You MUST maintain the provided folder structures. All files for Parts 1, 2 and 3 will be under THREE folders. Three additional sub-folders will be added for part 3 to reflect sections 3.1, 3.2 and 3.3. Please be observant to this and abide to signment Project Exam Help the provided zip file as well as its folder and sub-folder structure and file names. Files to DownloadCW1-Files.zip provides all the skeleton .hdl and .asm (as well as most of the related ail: [email protected] .tst and .cmp files). 1. Download the zip file, from the “Coursework 1” area on Moodle. 2. Extract the files and fill in the required HDL and Assembly codes, as per the detailed instructions given in this assessment sheet. Q: 749389476ps://tutorcs.comPart 1 focuses on Elementary Logic GatesTessa is a talented baker who wishes to open her own café in 2025. In order to realise her dreams, she needs to secure a location whereby her café can be open, purchased relevant furniture, enlist several helpers, and prepare a set of delightful choices for the customers to choose from. For the short-term, she will be happy to successfully fulfil two to three of the four conditions, namely a location and furniture or menu.2. Based on the truth table in (1), write out the pre-simplified expression followed by the simplified expression using the Basic Identities of Boolean Algebra in Figure 1. You are required to show your working details (Boolean Function, Boolean Expressions, Simplifications, …, etc.) in the Truth Table and Simplification.docx.程We As Em Q htt Based on your answers in (1) and (2), respectively, implement a Tessa decision chip that prioritise what she needs to address to ensure a timely opening of her café. NOTE: to ensure that your test cases are aligned with our test cases, please only use 1-bit input.Chat: SUBMISSION: cstutorcsSUBMIT *your* completed Tessa.hdl file. (and all associated testing scripts & compare files) and Truth Table and Simplication.pdf. NOTE: we’ll also use our own test versions during marking.Part 2 focuses on Combinatorial & Sequential Circuits signment Project Exam Help ail: [email protected]. Table 1 shows the functions (Output), as per the required order and the 5 control bits (C4, C3, C2, C1, C0) with some samples of their values (you are required to complete them according to the Decimal values in the left column).3. The .hdl skeleton is provided, but you will need to create your .tst and .cmp Q: 749389476files for this chip.Table 1: MyALU Functions (Output) Decimal s://tutorcs.comof Cs C4 C3 C2 C1 C0 Output 0 0 0 0 0 0 0 1 12 -1 3 0 0 0 1 1 X 4 Y 5 0 0 1 0 1 X’ 6 Y’ 7 -X 8 -Y 9 X+1 10 Y+1 11 X-1 12 Y-1 13 X+Y 14 X-Y 15 Y-X 16 X AND Y 17 X OR Y 18 X XOR Y 19 X XNOR YSUBMISSION: SUBMIT your answers, i.e., completed MyALU.hdl files. (And all程 We As Em Q htt 序代写代做 CS 编程辅导 associated sting scripts & compare files).Part 3 focuses on The Hack ComputerAdditional Information In your lab sessions, we used combinatorial and sequential logic circuits to construct many of the various core logic circuits that form the basis of a CPU and Memory. This part concludes all the effort by completing the construction of the HACK Computer, i.e., putting it all together and have the HACK Computer working & executing instructions. (i). Firstly, the MEMORY will be built according to the HACK architecture. (ii). Secondly, the CPU will combine the ALU and other circuits. But you’ll need to develop the “Control Unit” that manages the data flow and execution of instructions. (iii). Finally, all are connected as one chip (the “Computer”). Chat: cstutorcs• More lab reading resources are available at www.nan2tetris.org/05.php. In signment Project Exam Helpparticular, “Chapter 5” and its relevant appendices.SECTION 3.1: Assembly CodeIn section 3.1, you are required to provide two Assembly programs (for the HACK ail: [email protected]) performing the following tasks:a) An Assembly code that does Power:• Implement an Assembly program to calculate the exponential power of a Q: 749389476given number m, P(m, e). For example: if m = 2 and e = 5 then P(m, e) would be 2*2*2*2*2 = 32. • The user should enter the value of the number m into R0, i.e., RAM[0] and e into R1, e.g., RAM[1].ps://tutorcs.com• The result P(m, e) should be saved in AM[2]. • SPECIAL CASE: In ne – if e is ZERO, your program should store 1 in RAM[0] and end the program.b) An Assembly code that does Factorial:• Implement an Assembly program to calculate the factorial of a given number, n, F(n). A factorial of a number is given by: F(n) = n*(n-1)*(n-2)*…*2*1 • The user should enter the value of the number n into R0, i.e., RAM[0]. • The factorial result F(n) should be saved in RAM[1].SUBMISSION: SUBMIT your answers, i.e., completed Power.asm & Factorial.asm files. (And associated tst & cmp files).SECTION 3.2: The HACK ComputerTask A: Memory• Implement the Memory Chip. Chapter 5. Note that you would have to use RAM16K, Screen and Keyboard“parts” (built-in, but you should refresh yourself with its interface specifications程 We As Em Q htt 序代写代做 CS 编程辅导 in Chapter 5, the latter two).• If you make no progress. You need to understand what makes a memory chip SUBMISSION: SUBMIT your answers, i.e., completed Memory.hdl file (And Task B: CPU• Implement the CPU chip. Chat: cstutorcsCPU implementation (framework) is given in 5.3.1. In general, the CPU as a complex logical gate would fetch and execute instructions in their corresponding A- and C-Instruction codes (16-bits long).• If you make no progress. Look at the Chip diagram of CPU implementation in signment Project Exam Helpthe cture and in Chapter 5. Adopt a divide-and-conquer approach, that is, try to solve the problem by parts. Use this skeleton and compare with the Chip diagram:// Instruction decode ail: [email protected]// Use a combination of elementary logical gates to decode the instructions // You should first decode between A and C-Instructions, // then the computation and destination : And (a=cInst, b=instruction[4], out=destD); Q: 749389476:// A register and input mux Mux??(…); (…); ps://tutorcs.comARegister (…);D register DRegister(in=aluOut, load=destD, out=dReg);// ALU and input mux Mux16 (…); ALU (…);// PC with jump test // Use a combination of elementary logical gates to implement the truth table for // jump functions, given in lectures. // For example, try to figure out why one implementation would make use of: // Or (a=jle, b=jgt, out=jump); : : PC (in=aReg, reset=reset, inc=true, load=jump, out[0..14]=pc);SUBMISSION: SUBMIT your answers, i.e., completed CPU.hdl file. (And associated tst & cmp files). See section 3.3 for details of additional tasks.Task C: Computer程 We As Em Q htt 序代写代做 CS 编程辅导• Implement the Computer chip. Hint: This is easy and as a bonus only 3-lines of code:CPU (inM=??, instruction=??, reset=??, WriteM=??, outM=??, address=??, pc=??); Memory (in=??, load=??, address=??, out=??); ROM32K (address=??, out=??); The provided zip file contains a couple of test files (e.g., ComputerMax, ComputerAdd, ComputerRect), to test your Computer chip. Make sure to utilise them and properly test your chip before submission. SUBMISSION: SUBMIT your answers, i.e., completed Computer.hdl file. (And associated tst & c mp files) . SECTION 3.3: Circuitry Diagram and JustificationIn section 3.2 – task B, you would have designed a circuitry diagram prior to implementing the CPU chip. As such, you are required to submit your full circuit Chadiagram of your CPU implementation, t: cstutorcsalong with a 2-page summary justifying your signment Project Exam Helpdetailsail: tuSUBMISSION:[email protected] SUBMIT your answers, i.e., completed Circuitry Diagram.pdf and Justification.pdf files.Final Submission InstructionsQ: 74938Each group will have 94ONE submission 76 ONLY (performed by one nominated member of the group).We reserve the right to ask all/some students to explain any/all of your ps://tutorcs.commark. submitted work at any time. Failure to explain it properly could affect YOURCompress the whole folder structure/tree only (see the provided zip file, for an example). Avoid compressing each individual folder/file. Nested compression will prevent the marking process and could result in marking scripts failing. Should this occur to your submission, your entire coursework 1 mark WILL be awarded a 0%. So, please be careful!The group submission must be submitted via Moodle as a ZIP archive file. Any other archive file formats WILL result in a penalty of a 5%-mark deduction of your group’s overall mark. Within your ZIP archive, it should contain all the requested files (same folder structure as per the downloaded files). Name that ZIP file as CSF-CW1-XXX.zip, where the “XXX” is your Group Number (i.e., 001, 020, 043). Incorrect naming of the ZIP file WILL result in a penalty of a 10%-mark deduction of your group’s overall mark. So, your attention to detail is pivotal here.All the files should have the (EXACT) file names, and arranged under the (EXACT) subfolder name/structure as detailed below:PART 1: Tessa.hdl Tessa.tst Tessa.cmp Truth Table and Simplication.PDF程 We As Em Q htt 序代写代做 CS 编程 导 PART 2: yALU.hdl (And all associated testing scripts & compa filesPART 3: Factorial.asm ) Factorial.cmp Factorial.tst (All associated tst & cmp files) Power.asm Power.cmp Power.tst Add.hack Computer.hdl ComputerAdd.cmp ComputerAdd.tst ComputerMax.cmp Chat: cstutorcsComputerMax.tst ComputerRect.cmp ComputerRect.tst CPU.cmp PU.hdl signment Project ExaCPU.tst m Helpax.hack emory.cmp Memory.hdl Memory.tst ail: [email protected] k within the “Coursework” (All associated tst & cmp files) section3.3_Circuit Diagram and Justification: separately for Circuit Diagram.PDF sessment” link onQ: 749389476Justification.PDFOn Moodle, please click on the “Coursework 1 to perform your group’s submission.ps://tutorcs.comAdditionally, each ll need to make an additional submission, your peer assessment form. Please click on the “ Moodle to perform this submission.Assessment Criteria IMPORTANT NOTE: 1. You are advised to add relevant comments to the code (in the .hdl files) to indicate your understanding of the implementation. As the implementation become more and more complex, those comments become extremely useful for you (especially when we ask you). 2. You are allowed to use Built-in chips, for chips/gates where relevant (except any of those that are required, to be developed in this coursework 1 itself).程 We As Em Q 3. Marking & checks will be done through scripts, which expects specific file name 序代写代做 CS 编程辅导(case 4. All chips will be tested through automated testing scripts. 5. Missing any required file(s), using different formats, naming, …, etc. will attract penalty of 10% of your overall mark. 7. Chips that are unable to run will result in 0% being awarded for that task.CW1 Assessment Breakdown: Correct Truth Table 5 Correct Simplification 5 Chip structure & executes correctly 5Part 1 ( 1 5% ):Part 2 (10%): MyALU – Correct chip structure & executes correctly 10 Chat: cstutorcs Part 3: 3.1 – Assembly Code (10%): Power Program 5 Factorial Program 5 signment Project Exam HelpTask A – Memory.hdl 5 Task B – CPU.hdl 5 Task C – Computer.hdl Pass “Add” test 5 Pass “Max” test 5 Pass “Rect” test 5 3.2 – HACK Computer (25%): ail: [email protected] Q: 749389476 3.3 – Circuitry Diagram & Justification (40%): Circuitry Design 15 Justification of Circuitry Design 25
Bubble Sort The function bubble sort sorts an array by iteratively swapping two adjacent elements if they are not in the right order. Starting from the left, this has the effect of “bubbling†the largest element to the rightmost position of the array. This is then repeated, but excluding the last (largest) element. method bubble_sort (a: array) modifies (a) //ensures sorted(a) { var i: int := 0; while (i < a.Length) { var j : int := 0; while (j a[j+1] { a[j], a[j+1] := a[j+1], a[j]; } j := j + 1; } i := i + 1; } } Think about what the outer loop achieves after zero, one, two, etc. iterations of the loop body. As a comment in your Dafny code, specify what the outer loop as achieved after k ≥ 0 iterations in terms of which part of the array is sorted, and how the elements in the sorted part relate to those not in the sorted part. Translate the description given above into a loop invariant for the outer loop. State the loop invariant as part of the Dafny code. Think about what the inner loop achieves after zero, one, two, etc. iterations of the loop body. As a comment in your Dafny code, specify what the outer loop as achieved after k ≥ 0 iterations. Translate this description into a loop invariant for the inner loop. Give the loop invariant as a part of the Dafny code. Uncomment the specification (the requires clause) and prove that bubble sort meets its specification, possibly byann otating the code with more invariants or assert statements. COMP1600 COMP6260 Bubble Sort : Code Help Programming Help :#The Solution needs to be customised that’s why we didn’t attach the solution For the Programming Help for this solution email or whatsapp me at: [email protected] Whatsapp : +1 419 877 7882 :#The Solution needs to be customised that’s why we didn’t attach the solution For the Programming Help for this solution email or whatsapp me at: [email protected] Whatsapp : +1 419 877 7882
Writing a dynamic storage allocator Introduction IMPORTANT: You will be required to show a demo as part of this assignment. The demo will show 3 parts: 1. Design comments at the top of mm.c 2. Code comments throughout mm.c 3. Demonstrate your heap consistency checker code running See the rubric towards the end of the README for details on signing up for the demo and expectations. IMPORTANT: Read through the ENTIRE document. The heap consistency checker description is meant to help you understand how consistency checking is a critical debugging tool to help you find bugs in your code. The rubric is long, but is meant to help you understand how to write good documentation. There are many hints at the end for how to work on the assignment. The README is long because it is meant to give you a lot of help and guidance with the project, so please take the time to read ALL of it carefully. In this lab, you will be writing a dynamic storage allocator for C programs, i.e., your own version of the malloc, free, and realloc functions. You are encouraged to explore the design space creatively and implement an allocator that is correct, space efficient, and fast. The only file you will be modifying is mm.c. Modifications in other files will not be used in the grading. You will be implementing the following functions: – bool mm_init(void) – void* malloc(size_t size) – void free(void* ptr) – void* realloc(void* oldptr, size_t size) – bool mm_checkheap(int line_number) You are encouraged to define other (static) helper functions, structures, etc. to better structure your code. Description of the dynamic memory allocator functions mm_init: Before calling malloc, realloc, calloc, or free, the application program (i.e., the trace-driven driver program that will evaluate your code) calls your mm_init function to perform any necessary initializations, such as allocating the initial heap area. You should NOT call this function. Our code will call this function before the other functions so that this gives you an opportunity to initialize your implementation. The return value should be true on success and false if there were any problems in performing the initialization. malloc: The malloc function returns a pointer to an allocated block payload of at least size bytes. The entire allocated block should lie within the heap region and should not overlap with any other allocated chunk. If you are out of space and mm_sbrk is unable to extend the heap, then you should return NULL. Similar to how the standard C library (libc) always returns payload pointers that are aligned to 16 bytes, your malloc implementation should do likewise and always return 16-byte aligned pointers. free: The free function frees the block pointed to by ptr. It returns nothing. This function is only guaranteed to work when the passed pointer (ptr) was returned by an earlier call to malloc, calloc, or realloc and has not yet been freed. If ptr is NULL, then free should do nothing. realloc: The realloc function returns a pointer to an allocated region of at least size bytes with the following constraints. if ptr is NULL, the call is equivalent to malloc(size) if size is equal to zero, the call is equivalent to free(ptr) and NULL is returned if ptr is not NULL, it must have been returned by an earlier call to malloc, calloc, or realloc. The call to realloc changes the size of the memory block pointed to by ptr (the old block) to size bytes and returns the address of the new block. Notice that the address of the new block might be the same as the old block, or it might be different, depending on your implementation, the amount of internal fragmentation in the old block, and the size of the realloc request. The contents of the new block are the same as those of the old ptr block, up to the minimum of the old and new sizes. Everything else is uninitialized. For example, if the old block is 8 bytes and the new block is 12 bytes, then the first 8 bytes of the new block are identical to the first 8 bytes of the old block and the last 4 bytes are uninitialized. Similarly, if the old block is 8 bytes and the new block is 4 bytes, then the contents of the new block are identical to the first 4 bytes of the old block. These semantics match the the semantics of the corresponding libc malloc, realloc, and free functions. Run man malloc to view complete documentation. Heap consistency checker IMPORTANT: The heap consistency checker will be graded to motivate you to write a good checker, but the main purpose is to help you debug. Dynamic memory allocators are notoriously tricky beasts to program correctly and efficiently. They are difficult to program correctly because they involve a lot of untyped pointer manipulation and low-level manipulation of bits and bytes. You will find it very helpful to write a heap checker mm_checkheap that scans the heap and checks it for consistency. The heap checker will check for invariants which should always be true. Some examples of what a heap checker might check are: – Is every block in the free list marked as free? – Are there any contiguous free blocks that somehow escaped coalescing? – Is every free block actually in the free list? – Do the pointers in the free list point to valid free blocks? – Do any allocated blocks overlap? – Do the pointers in a heap block point to valid heap addresses? You should implement checks for any invariants you consider prudent. It returns true if your heap is in a valid, consistent state and false otherwise. You are not limited to the listed suggestions nor are you required to check all of them. You are encouraged to print out error messages when the check fails. You can use dbg_printf to print messages in your code in debug mode. To enable debug mode, uncomment the line #define DEBUG. To call the heap checker, you can use mm_checkheap(__LINE__), which will pass in the line number of the caller. This can be used to identify which line detected a problem. Support routines The memlib.c package simulates the memory system for your dynamic memory allocator. You can invoke the following functions in memlib.c: void* mm_sbrk(int incr): Expands the heap by incr bytes, where incr is a positive non-zero integer. It returns a generic pointer to the first byte of the newly allocated heap area. The semantics are identical to the Unix sbrk function, except that mm_sbrk accepts only a non-negative integer argument. You must use our version, mm_sbrk, for the tests to work. Do NOT use sbrk. void* mm_heap_lo(void): Returns a generic pointer to the first byte in the heap. void* mm_heap_hi(void): Returns a generic pointer to the last byte in the heap. size_t mm_heapsize(void): Returns the current size of the heap in bytes. size_t mm_pagesize(void): Returns the system’s page size in bytes (4K on Linux systems). void* memset(void* ptr, int value, size_t n): Sets the first n bytes of memory pointed to by ptr to value. void* memcpy(void* dst, const void* src, size_t n): Copies n bytes from src to dst. Not all of these functions will be needed (only mm_sbrk is truly necessary), but they are provided in case you would like to use them. Programming Rules You are not allowed to change any of the interfaces in mm.c. You are not allowed to invoke any memory-management related library calls or system calls. For example, you are not allowed to use sbrk, brk, or the standard library versions of malloc, calloc, free, or realloc. Instead of sbrk, you should use our provided mm_sbrk. Your code is expected to work in 64-bit environments, and you should assume that allocation sizes and offsets will require 8 byte (64-bit) representations. You are not allowed to use macros as they can be error-prone. The better style is to use static functions and let the compiler inline the simple static functions for you. You are limited to 128 bytes of global space for arrays, structs, etc. If you need large amounts of space for storing extra tracking data, you can put it in the heap area. Evaluation and testing your code Additionally, there is a required minimum utilization and throughput where you will get a 0 for the entire checkpoint if either metric is below the required minimum. The performance goals in checkpoint 2 are significantly reduced compared to the final submission. Space utilization (60%): The space utilization is calculated based on the peak ratio between the aggregate amount of memory used by the testing tool (i.e., allocated via malloc or realloc but not yet freed via free) and the size of the heap used by your allocator. You should design good policies to minimize fragmentation in order to increase this ratio. Throughput (40%): The throughput is a performance metric that measures the average number of operations completed per second. As the performance of your code can vary between executions and between machines, your score as you’re testing your code is not guaranteed and is meant to give you a general sense of your performance. There will be a balance between space efficiency and speed (throughput), so you should not go to extremes to optimize either the space utilization or the throughput only. To receive a good score, you must achieve a balance between utilization and throughput. [100 pts] Final submission: This part of the assignment is graded similarly to Checkpoint 2, except that the grading curve has not been significantly reduced as is the case with Checkpoint 2. With the recommended design and optimizations, you should be able to get approximately 85-90 pts, and if your design performs better, it is possible to get 100 points. This is meant as a challenge for students who want to enhance their designs and experiment with inventing their own data structures and malloc designs. To test your code, first compile/build your code by running: make. You need to do this every time you change your code for the tests to utilize your latest changes. To run all the tests after building your code, run: make test. To test a single trace file after building your code, run: ./mdriver -f traces/tracefile.rep. Each trace file contains a sequence of allocate, reallocate, and free commands that instruct the driver to call your malloc, realloc, and free functions in some sequence. Other command line options can be found by running: ./mdriver -h To debug your code with gdb, run: gdb mdriver. Rubric for demo LOGISTICS Next is the grading rubric, which gives more details on what is considered a quality solution and provisions for a bit of extra credit. DESIGN: design_score = min(design_comments, design_explanation) * 4 Design Comments You should place your design comments at the top of the file as specified in the starter code. 3.5 (above expectations; bonus points) = Well-written and easy to understand 3 (meets expectations; full score) = Understandable, but not easy to read and/or slightly incomplete design description 2 (below expectations; partial credit) = Difficult to understand or lacking in key design points 1 (major issues) = Minimal effort or incorrect The design comments are not about the design or they significantly lack in describing the design. Examples would include only describing briefly what the design is without describing how the design works and the benefits/drawbacks of the design. This rating also applies to design comments that are significantly different from your actual code. 0 (missing) = Missing file/design comments Did not write design comments. Design Explanation 3.5 (above expectations; bonus points) = Clear, succinct explanation of key design points and the benefits/drawbacks of your approach 0 (missing) = Did not show up for grading CODE: code_score = min(code_comments, code_explanation) * 4 Code Comments 3.5 (above expectations; bonus points) = Well-written and easy to understand The code already clearly indicates that head is being set to NULL. Instead, you should say something like: // Initializes global variables to reset the malloc data structure to its initial state This explains both what the code is doing and why the code is needed. 2 (below expectations; partial credit) = Difficult to understand or lacking in key design points Minimal comments or the comments significantly lack in describing the code. This rating also applies to comments that are significantly different from your actual code. 0 (missing) = Missing code comments Did not write code comments beyond the starter code comments. Code Explanation 3.5 (above expectations; bonus points) = Clear, succinct explanation of key parts of the code and some of the key challenges in making your code work correctly 0 (missing) = Did not show up for grading HEAP CHECKER: heap_checker_score = min(heap_checker_code, heap_checker_demo) * 8 Heap Checker Code Your heap checker should check for many invariants in your code to help in your debugging. Invariants are things you can test for that are always true in a valid malloc data structure. Writing these tests will both help you in debugging your code as well as improve your skills in writing test code. This is an invaluable tool for detecting bugs early when they occur rather than many malloc/free calls in the future after a chain of memory corruptions. 3.5 (above expectations; bonus points) = Reasonably complete in checking invariants and the heap checker code is easy to read 2 (below expectations; partial credit) = Only tests part of your design and lacks important checks Includes basic checks for some aspects of your design, but lacks important checks in key aspects of your design. Only implementing the suggested checks in the handout would be consistent with this rating level. The handout only provides a very small list of examples, whereas there are dozens of additional checks that one should think about and implement. 1 (major issues) = Minimal effort or incorrect The heap checker hardly contains any checks and/or has major correctness issues. This would also apply to heap checker code that does not build. 0 (missing) = Missing heap checker Did not write a heap checker. Heap Checker Demo You should demo your heap checker usage by calling your heap checker in appropriate places in your code and showing how you can use gdb to step through the heap checker in a few instances of your code. You should explain what your heap checker is doing as you go through the code to demonstrate that your heap checker code is correct. Note that since your malloc code should be correct, you do not need to introduce bugs for your heap checker to find. You just need to demo that your heap check can successfully validate that your malloc data structure is in a good state in a few scenarios (i.e., after some malloc/free calls so that you don’t have an empty heap). 3.5 (above expectations; bonus points) = Clear, succinct explanation of your heap checker and how you used it to find some of the most challenging bugs TIMELINESS 2 (meets expectations) = prepared and ready to go with your linux environment, code, and demo ready 1 (below expectations) = delays in getting set up 0 (missing or major issues) = did not show up or significant delays in setting up Handin Additionally, please input the desired commit number that you would like us to grade in Canvas. You can get the commit number from github.com. In your repository, click on the commits link to the right above your files. Find the commit from the appropriate day/time that you want graded. Click on the clipboard icon to copy the commit number. Note that this is a much longer number than the displayed number. Paste your very long commit number and only your commit number in this assignment submission textbox. Hints Refer to the lectures for an overview of a recommended malloc design. While you are not required to use the design, our suggestions give you a good starting point. We recommend starting with an implicit free list design (i.e., headers and footers with splitting and coalescing) for checkpoint 1 so that you have a baseline version that works. If this is working correctly, it’ll likely be very slow (taking half an hour to hours depending on your machine). See the later hints for debugging tips. For checkpoint 2, you should then build on top of the implicit free list design to embed a linked list within the free block space. This is known as an explicit free list design, and it should improve throughput and possibly utilization. The linked list is embedded within the free block space and allows a quick way to find all the free blocks in the heap. At this point, we recommend going from 1 linked list to multiple linked lists for the free blocks, where each linked list represents a range of sizes for the free blocks in the list. This is known as a segregated free list design and will drastically Draw pictures. Pictures are a great way of visualizing the memory layout, and you should make sure you draw complete and accurate pictures. Your pictures should be detailed enough to include example addresses, sizes, and content within the memory. Go through the malloc practice quiz until you understand it. The practice quiz is meant to help you draw pictures of the memory. You can repeat the practice quiz until you truly understand what should be happening. The textbooks have detailed malloc examples that can help your understanding. You are allowed to reference any code within the textbooks as long as you cite the source and only reference code that is physically printed in the textbook. However, looking for or using any code online even if it is textbook related is strictly forbidden. Encapsulate your pointer arithmetic and bit manipulation in static helper functions. Pointer arithmetic in your implementation can be confusing and error-prone because of all the casting that is necessary. You can reduce the complexity significantly by writing static helper functions for your pointer operations and bit manipulation. The compiler should inline these simple functions for you. Use clear names for indicating what a pointer points to. There is a difference between whether a pointer points to the beginning of a block or if it points to the beginning of the user payload space. Using good variable/parameter names will help avoid misinterpreting what a pointer points to. Write a good heap checker. This will help detect errors much closer to when they occur. This is one of the most useful techniques for debugging data structures like the malloc memory structure. Avoid copying/pasting code between functions. Anytime you duplicate your code, you duplicate your bugs, and you duplicate your maintenance work for updating the code. If you think you need to copy/paste code, then you should think about how to design your code with additional functions to avoid duplicating code. Design your code in modules that can be used as building blocks. Malloc is fundamentally just a complex data structure built up of multiple data structures. You should design your code to be modular by separating out sets of related functions that perform a specific task. For example, you could isolate all linked list code and have a set of functions that simply manage a linked list. You can then embed the linked list in the memory blocks and call these functions to help insert/remove without having all the insertion/removal logic mixed together with all the malloc logic. That way, any code that splits and coalesces blocks can just reuse your common linked list code without worrying about whether there’s a linked list bug, and your linked list code would not need to worry about how it is used. Use git to track your different versions. git will allow you to track your code changes to help you remember what you’ve done in the past. It can also provide an easy way to revert to prior versions if you made a mistake. Use the mdriver -v and -V options. These options allow extra debug information to be printed. Start early! Unless you’ve been writing low-level systems code since you were 5, this will probably be some of the most difficult and sophisticated code you have written so far in your career. So start early, and good luck! CMPSC473 Malloc Lab
Learning Outcomes The two coursework of this module address the following learning outcomes: – Use SQL and XML to define data applications appropriate to a specified problem. – Use a conceptual modeling language to specify and analyze data requirements and apply database design principles to map a set of system requirements to an efficient (e.g., normalized) database. – Explain and design transaction : -based processing in database systems. – Exploit techniques for storing and querying XML data.IMPORTANT INFORMATION – This coursework is to be carried out individually. – You have been given one DTD file (transactions_sample) and three XML files (transactions_sampleQQ: 749389476, retail_customers, and retail_transactions) to be used for the coursework.COURSEWORK OUTLINE You work for a company that has a large visitor attraction with several gift shops located on-site. The retail system creates a list of transactions made. The company has engaged a 3rd party vendor to do data analysis who has requested that they be sent the transaction data combined with the customer data. The data is to be sent as XML files. It is decided to create a single submission file that can be uploaded via FTP (the files will be dropped into an FTP folder on the client’s server) to both systems. The company is now looking to employ the advantages of the JSON format to enhance data management, interoperability, and seamless integration with various systems across the company. Accordingly, the information should also be consolidated into a single JSON document following the above criteria for further in-depth analysis and exploration.You have been asked to: 1) Spot the errors in the given ‘transactions_sample.dtd’ file. You should provide: a. An image of the DTD with the errors circled in red, along with a brief note of each error. The file should be called ‘1_DTD_sample_Errors.jpeg’. b. A corrected version of the external DTD file. The file should be called ‘2_Corrected_sample.dtd’. c. Provide a screenshot called ‘3_Validation_sample.jpeg’ after validating the ‘transactions_sample.xml’ file against the corrected external DTD through a validator, proving that they validate with no errors : .2) Submit two XSLT transformation and output files, one to export the XML data, and the other to export the JSON data. Your XSLT files must be correctly formatted and be able to run against the XML files (retail_customers, and retail_transactions) supplied by the company. The following specifications must be followed:a. XML: I. The XSL file must be called ‘4_Transformation_to_XML.xsl’. II. It must use XSLT v1.0 as requested by the company. III. You have to provide comments to explain your reasoning and work. IV. The XML output file must contain a root element called ’Transactions’. VI. The provided XML file must be called ‘5_Output.xml.’ VII. A related external DTD must be automatically referenced in the output.xml file and not be manually added. VIII. DTD Details: Create a new external DTD file that describes the output XML file. So that the 3rd party vendor can validate the XML output file and ensure it is correct. The DTD must adhere to the following requirements: 1. It must follow a logical structure of the data as follows: Transactions Shop Transaction …Transaction and customer details Transaction …Transaction and customer details Transaction …Transaction and customer details Shop Transaction …Transaction and customer details Transaction …Transaction and customer details2. Well : -written external DTD structure. 3. Logical naming convention of elements and attributes. 4. Nested elements correctly declared. 5. At least one attribute should be used. 6. The DTD file must be called ‘6_Structure.dtd’. 7. It should be validated against the output XML file through a validator, and a screenshot called ‘7_Validation_XML.jpeg’ should be attached, showing that they validate with no errors.b. JSON: I. The XSL file must be called ‘8_Transformation_to_JSON.xsl’. II. You have to provide comments to explain your reasoning and work. III. Ensure that the content of the JSON file accurately represents the data from the XML files and save the converted file as ‘9_Output.json’. IV. Validate the JSON file, capture a screenshot of the validation, and save it as ’10_Validation_json.jpeg’ to demonstrate that the file has no errors.Submission bundle The specification for the structure of the submission is as follows: a. A ZIP file should be uploaded via the online portal. b. The ZIP bundle must be named ‘Coursework1_StudentID.zip.’ c. File names must be EXACT, including the specified file extension.JPEG file Image with DTD errors + errors description 1_DTD_sample_Errors.jpeg 2 DTD file Your corrected DTD file 2_Corrected_sample.dtd 2 JPEG file Image of your XML validation 3_Validation_sample.jpeg 1 XSL file Your XSL to XML transform file 4_Transformation_to_XML.xsl 4 XML file The result : cstut of your XML transform orcs5_Output.xml 1 DTD file The DTD that validates the XML output file 6_Structure.dtd 3 JPEG file Image of your XML validation 7_Validation_XML.jpeg 1 XSL file Your XSL to JSON transform file 8_ Transformation_to_JSON.xsl 4 JSON file The result of your JSON transform t Project Exa p9_Output.json 1 m JPEG file Image of your JSON validation 10_Validation_json.jpeg 1程序代写代做 CS 编程辅导
Learning Outcomes The two coursework of this module address the following learning outcomes: – Use SQL and XML to define data applications appropriate to a specified problem. – Use a conceptual modeling language to specify and analyze data requirements and apply database design principles to map a set of system requirements to an efficient (e.g., normalized) database. – Explain and design transaction : -based processing in database systems. – Exploit techniques for storing and querying XML data.IMPORTANT INFORMATION – This coursework is to be carried out individually. – You have been given one DTD file (transactions_sample) and three XML files (transactions_sampleQQ: 749389476, retail_customers, and retail_transactions) to be used for the coursework.COURSEWORK OUTLINE You work for a company that has a large visitor attraction with several gift shops located on-site. The retail system creates a list of transactions made. The company has engaged a 3rd party vendor to do data analysis who has requested that they be sent the transaction data combined with the customer data. The data is to be sent as XML files. It is decided to create a single submission file that can be uploaded via FTP (the files will be dropped into an FTP folder on the client’s server) to both systems. The company is now looking to employ the advantages of the JSON format to enhance data management, interoperability, and seamless integration with various systems across the company. Accordingly, the information should also be consolidated into a single JSON document following the above criteria for further in-depth analysis and exploration.You have been asked to: 1) Spot the errors in the given ‘transactions_sample.dtd’ file. You should provide: a. An image of the DTD with the errors circled in red, along with a brief note of each error. The file should be called ‘1_DTD_sample_Errors.jpeg’. b. A corrected version of the external DTD file. The file should be called ‘2_Corrected_sample.dtd’. c. Provide a screenshot called ‘3_Validation_sample.jpeg’ after validating the ‘transactions_sample.xml’ file against the corrected external DTD through a validator, proving that they validate with no errors : .2) Submit two XSLT transformation and output files, one to export the XML data, and the other to export the JSON data. Your XSLT files must be correctly formatted and be able to run against the XML files (retail_customers, and retail_transactions) supplied by the company. The following specifications must be followed:a. XML: I. The XSL file must be called ‘4_Transformation_to_XML.xsl’. II. It must use XSLT v1.0 as requested by the company. III. You have to provide comments to explain your reasoning and work. IV. The XML output file must contain a root element called ’Transactions’. VI. The provided XML file must be called ‘5_Output.xml.’ VII. A related external DTD must be automatically referenced in the output.xml file and not be manually added. VIII. DTD Details: Create a new external DTD file that describes the output XML file. So that the 3rd party vendor can validate the XML output file and ensure it is correct. The DTD must adhere to the following requirements: 1. It must follow a logical structure of the data as follows: Transactions Shop Transaction …Transaction and customer details Transaction …Transaction and customer details Transaction …Transaction and customer details Shop Transaction …Transaction and customer details Transaction …Transaction and customer details2. Well : -written external DTD structure. 3. Logical naming convention of elements and attributes. 4. Nested elements correctly declared. 5. At least one attribute should be used. 6. The DTD file must be called ‘6_Structure.dtd’. 7. It should be validated against the output XML file through a validator, and a screenshot called ‘7_Validation_XML.jpeg’ should be attached, showing that they validate with no errors.b. JSON: I. The XSL file must be called ‘8_Transformation_to_JSON.xsl’. II. You have to provide comments to explain your reasoning and work. III. Ensure that the content of the JSON file accurately represents the data from the XML files and save the converted file as ‘9_Output.json’. IV. Validate the JSON file, capture a screenshot of the validation, and save it as ’10_Validation_json.jpeg’ to demonstrate that the file has no errors.Submission bundle The specification for the structure of the submission is as follows: a. A ZIP file should be uploaded via the online portal. b. The ZIP bundle must be named ‘Coursework1_StudentID.zip.’ c. File names must be EXACT, including the specified file extension.JPEG file Image with DTD errors + errors description 1_DTD_sample_Errors.jpeg 2 DTD file Your corrected DTD file 2_Corrected_sample.dtd 2 JPEG file Image of your XML validation 3_Validation_sample.jpeg 1 XSL file Your XSL to XML transform file 4_Transformation_to_XML.xsl 4 XML file The result : cstut of your XML transform orcs5_Output.xml 1 DTD file The DTD that validates the XML output file 6_Structure.dtd 3 JPEG file Image of your XML validation 7_Validation_XML.jpeg 1 XSL file Your XSL to JSON transform file 8_ Transformation_to_JSON.xsl 4 JSON file The result of your JSON transform t Project Exa p9_Output.json 1 m JPEG file Image of your JSON validation 10_Validation_json.jpeg 1程序代写代做 CS 编程辅导
Assignment Requirements Independent Completion : This assignment is an independent work and accounts for Implementation level and quality of requirement 5 (10%) Implementation level and quality of requirement 6 (20%) Implementation level and quality of requirement 7 (15%) Implementation level and quality of requirement 8 (10%) 5. Celebrity News Mobile App Celebrity News is a UK-based company that works with celebrities in sports, music, film, and the internet. As part of its client service, the company sends birthday gifts to celebrities and maintains a mobile app that showcases celebrity birthdays to its fan community. The app is intended for both the general public and its fans. For the general public, the app displays a birthday calendar of partner celebrities. Fans can register and select their favorite celebrities, customizing the calendar view to display only their chosen birthdays. The mobile app’s specific functional areas need to be designed and developed for fan users, with the following requirements:
Assessment Guideline:SummaryType: Individual Computer-based Assessment Learning Objectives Assessed: 3, 4 Deliverable: One electronic file must be submitted via the Blackboard Assignment Submission Tool consisting of a single Excel file. Weight: 35%Task Description Requirements The purpose of this assignment is to test the student’s ability to operate, manage, and interpret Add business data in spreadsheets.The assignment MUST be done individually.This is a difficult assignment worth 35% of your course grade, and you should start working on the assignment early in the semester.Guideline Expectation / Microsoft Excel 365 based on the specification provided in the UrbanEats Delivery (UED) Assessment Case Specification. This document is a companion to a template Excel workbook that contains several sheets you are to develop as part of this assessment. The specification relates to UrbanEats Delivery (UED), which is a franchise business that deliver daily groceries by the box to homes and businesses in nearby suburbs (their ‘franchise area’). The case has four main requirements for you to develop: • Summarize the data using database functions in a summary table. ii. Undertake a Solver Analysis on Business Franchise AreasAdd : • Use Excel’s Solver tool to analyze and reallocate franchise areas to minimize the distance travelled from each store. iii. Undertake a Scenario Analysis for Saving Monthly/Fortnightly: • Analyze different scenarios for saving money either monthly or fortnightly to fund the construction of a new store, estimating the required amount in a few years. iv. Provide Business-Focused Comments: • Offer insights and recommendations based on the spreadsheet analysis, focusing on the business impact and environmental benefits. More details on the specific requirements of the case are contained in the Case Specification. The Excel template of the expected worksheets will be made available on the BISM7202 Implementation GuidancePlease develop your solution based on the provided files. In general, you are not allowed to insert any other columns or tables.When you develop your solution, you should aim to use the functions and features you were taught in the tutorials as appropriate. However, if you need functions or techniques that are not addressed explicitly in tutorial exercises, you should explore your pre-tutorial reading materials and preparation exercises or refer to the help component of Excel or other online resources. Aspects of the assignment have purposefully been designed to train and test a student’s selflearning ability with a software application, and thus these have not been included directly in a tutorial exercise.Formatting and professionalism UrbanEats Delivery (UED) is operated in a professional manner, and it is expected that your Excel workbook will be used by other staff, and potentially updated in the future by others. Add Therefore, you would be well advised to make your work uniqueness quality. (e.g., freeze panes to long pages, use named ranges where appropriate, use lookup functions instead of nested IFs where appropriate, use hard coding only where appropriate, use appropriate fonts and colors, graph axes and titles, etc.). You should use meaningful Named Ranges whenever referring to a Cell on a separate worksheet.Keep in mind, however, that your work will be judged primarily on the quality of your solution rather than upon its appearance.Submission Your Excel Workbook file MUST be named in the format of BISM7202_StudentLastName_StudentID.xlsx.If your ID is 41724245 and your surname is Smith, the name of your files would be BISM7202_Smith_41724245.xlsx.It is understandable that students talk with each other regularly and discuss problems and potential solutions. However, it is expected that the submitted assignment is unique. document – all parts of the assignment are to be completed solely by the individual student. The best practice to avoid misconduct is to not look at another student’s file and not show your solution to another student.AddAdministrative Requirements Consultation Sessions Questions regarding your assignment can be answered if they are related to the understanding of the concepts and/or techniques of Excel. will endeavor to respond to all questions within 2 business days.Submission Datehttps://.comFor each calendar day (i.e., including Saturdays and Sundays) Add assignmentchefor part of after the submission5.3 of the relevant Electronic Course Profile (ECP).• Supporting documentation such as a medical certificate, funeral notice etc. must be provided. Scanned or photographed copies should be attached to your email. A request for an extension based on medical grounds can use a statement of circumstances signed by the student as its supporting documentation. • For an application on medical grounds, the medical practitioner must not be a near relative or close associate. Examples of near relatives are partner, child, brother, sister, parent. Examples of close associates are close friends, neighbors and partners or children of colleagues. • Extension criteria are applied consistently for equity reasons. • Applications on medical grounds will be approved for the number of calendar days the medical certificate indicates you were unfit for study. You are expected to act in a timely manner and must make an appointment as soon as your condition impacts on your ability to study. • If you have a continuing condition, Add assignmentchefyou should contact Student Services to arrange a Student Access Plan (Disability) [SAPD]. You must still submit the application form.• holiday arrangements (including overseas travel). • social and leisure events. • moving house. • pressure of work/competing deadlines. • computer issues.(100) Basic and needs improvement Meets reasonable expectation OutstandingFormulas & Functions Assignmen25 tPr0 – 2 – oject wcod hat pEx12 20elp20 – 25PivotTables, Pivot htt Charts and Charts ps://15 po0 – 7 er.c7 – 1212 – 15 Ad Database and advance functions d15 WeC0 – 7 owc7 – 1212 – 15Solver 15 0 – 7 7 – 12 12 – 15What-If Analysis 15 0 – 7 7 – 12 12 – 15General50 – 22 – 44 – 5Recommendations100 – 55 – 88 – 10Add
5/5 - (2 votes) Assignment: Complete the Splunk Boss of the SOC exercise, answering as many questions as possible. While this is an individual assignment, we do encourage collaboration. Feel free to pose questions on Ed Discussion and to help your fellow students, but do not give away answers. Background: The purpose of this project is to build a foundation of log analysis which is a necessary skillset for executing incident response activities. System and security log analysis helps incident responders to determine what actions to take to identify, contain, eradicate, and recover from an incident. There are many tools available for performing log analysis, but for this class we will leverage Splunk which is one of the most popular tools available. For this exercise, we will be leveraging the Splunk Boss of the SOC exercise. This exercise will give you familiarity with logs, log analysis, and Splunk. The exercise is a series of questions within the provided Splunk environment. The provided logs must be searched to identify answers to the provided questions. Instructions: Log into the Splunk environment: You must first connect to the Georgia Tech VPN: https://vpn.gatech.eduLinks to an external site. Then, log into the Splunk environment: https://splunk.class.security.gatech.edu/en-US/app/SA-ctf_scoreboard/welcomeLinks to an external site. Log in to Splunk using your normal Georgia Tech login/password The Splunk navigation bar at the top of the application will help you move around the Splunk environment. Click on the “Questions” link in the navigation bar to see what the questions are for this assignment that you will be answering. Click on “Search” link in the navigation bar to be taken to the Splunk Search tool and start querying the available logs to try and answer the questions for the assignment. All relevant logs for this project are located in the “botsv3” index. Add index=botsv3 to your searches and make sure to search over “All time.” To change to All Time, on the far right side of the search bar, click the box that says “Last 24 hours” In the dropdown that appears, click “All time” under “Other” Submit answers on the “Questions” page. What to submit: The Splunk Capture the Flag application will keep track of your answers. We will utilize your score in Splunk to grade the assignment. Since this is a capture the flag competition, the amount of points you earn for each question you answer will decrease the longer it takes for you to answer and also by how many hints you utilize. Please note that the basis of your grade will be calculated by number of correct answers, NOT the points you receive in Splunk. Bonus points will be awarded based on standing for a percentage of students to be determined. Hints: You can see which log types are available by looking at the list of “sourcetype”s: index="botsv3" | stats count by sourcetype While we have changed the questions and answers from the originals, you can find some helpful walkthroughs of the original exercise by searching Google for “Boss of the SOC version 3.” Resources: Note that the “How to Search” section in the Splunk Seach tool provides resources to help you learn Splunk Splunk makes many courses available for free to students at https://workplus.splunk.com/universities Many of the questions you will need to answer will require separate research on the log format and how to interpret logs for various types of systems. If you enjoyed this and want to do more similar exercises, Splunk has more available at https://bots.splunk.com
Table of Contents VM Errata / Updates………………………………………………………………………………………………….. 3 Learning Goals………………………………………………………………………………………………………….. 3 Submission:………………………………………………………………………………………………………………. 4 Project 1: Introduction to Penetration Testing………………………………………………………………. 5 Introduction……………………………………………………………………………………………………………… 6 Virtual Machines……………………………………………………………………………………………………….. 6 x86 Version of PenTesting VM………………………………………………………………………………….. 7 VMWare Users on x86…………………………………………………………………………………………….. 7 ARM-based Version of PenTesting VM………………………………………………………………………. 8 Minimum Hardware to Run the Project 1 VM:…………………………………………………………… 8 A Word on IP Networks………………………………………………………………………………………………. 9 Connecting from your Host Through SSH……………………………………………………………………… 9 Understanding the Network Setup…………………………………………………………………………… 9 Option 1: VM GUI (Direct Access)……………………………………………………………………….. 10 Option 2: SSH from Your Host…………………………………………………………………………….. 10 VirtualBox Networking Considerations……………………………………………………………………. 10 NAT Mode (Default)………………………………………………………………………………………….. 10 Bridged Networking………………………………………………………………………………………….. 10 Networking in Docker……………………………………………………………………………………………. 11 Environment Setup:…………………………………………………………………………………………………. 11 Steps for x86 VM users (Windows, Intel-based Macs, Linux on PCs):………………………….. 12 Steps for ARM-based Mac Users (Apple Slicon, not Intel-based Macs)………………………… 12 Project Tasks (100 points):………………………………………………………………………………………… 13 Setup………………………………………………………………………………………………………………….. 13 Task 1: Network Scanning (10 points)……………………………………………………………………… 16 Task 2: Exploit the Shellshock Vulnerability (20 points)……………………………………………… 17 Task 3: Brute Force with Metasploit (20 points)……………………………………………………….. 18 Introduction to Metasploit………………………………………………………………………………… 19 Task 4: Privilege Escalation (20 points)……………………………………………………………………. 25 Explaining SetUID……………………………………………………………………………………………… 26 Task 5: Password Cracking (30 points)…………………………………………………………………….. 27 Background on Using John the Ripper…………………………………………………………………. 28 Task 5.0 Demonstration of John the Ripper – Not For Credit………………………………….. 28 Overview of Tasks 5.1 and 5.2……………………………………………………………………………. 29 Part 1: Cracking task51.zip…………………………………………………………………………………. 29 Part 2: Cracking task52.gpg………………………………………………………………………………… 30 Task 6: There is No Task 6, Ignore it in the Submission File……………………………………………. 32 Rubric…………………………………………………………………………………………………………………….. 32 Reminders:……………………………………………………………………………………………………………… 33 Acknowledgments:………………………………………………………………………………………………….. 33 Appendix 1 – Resources / Links…………………………………………………………………………………. 33 Appendix 2 – Running an x86-based VM on an ARM-based Mac……………………………………. 35 Emulation on ARM-based Macs……………………………………………………………………………… 35 Emulating x86/x64 on Apple MX Chipset………………………………………………………………… 35 Disclaimers………………………………………………………………………………………………………. 36 Requirements…………………………………………………………………………………………………… 36 Obtaining the Virtual Disk Image from the OVA……………………………………………………. 36 Creating the Emulated Virtual Machine………………………………………………………………. 36 Configuring the Emulated Virtual Machine………………………………………………………….. 37 Completing Course Projects via SSH……………………………………………………………………. 37 Obtaining the VM’s IP address……………………………………………………………………………. 38 Completing Project 1 over SSH…………………………………………………………………………… 38 Appendix 3 – VirtualBox Networking………………………………………………………………………….. 39 NAT Networking……………………………………………………………………………………………….. 39 Bridged Networking………………………………………………………………………………………….. 40 Restarting VM Networking…………………………………………………………………………………. 40 Forwarding Ports to Your Host……………………………………………………………………………. 40 Appendix 4 – VM Troubleshooting…………………………………………………………………………….. 42 X86-based VM……………………………………………………………………………………………………… 42 ARM-based VMs…………………………………………………………………………………………………… 45 Closing……………………………………………………………………………………………………………………. 45 IMPORTANT: For the command part of Task 4, the root shell command, the ARM-based answer is different, as noted in the docs in that section. For now, the autograder is not correctly accepting answers for ARM-based VM users. We’ll fix this ASAP, we expect on Friday.The x86 version of the VM shipped in Bridged networking mode, we recommend you switch to NAT mode unless you need to take the additional risk of working in Bridged networking mode. See the Settings–>Network pane in the settings and Appenxis 3 for more information.It may be solved, but you may need to chmod +x task52 once you extract it from the task52.gpg file, to make it executable.Note the VM’s don’t run the default gnome UI for Ubuntu, instead we installed Ubuntu server and put xfce4 on the x86 version and KDE on the ARM version.The x86 VM is rather large, at 14GB we did zero out empty disk space and used VBoxManage –compact to minimize the VM size. We believe the size is the result of Ubuntu 24.04 Server size + Docker containers for Project 1 and Project 4, and applications like PyCharm and VScode, all of which are installed on the VM.Project 4 is also set up on the VM, but we will probably release a separate VM for Project 4 as there are desired changes that we couldn’t get in by Project 1 release time. For now, just ignore the snort-related users on the x86 VM. If you happen to login to the snortstudent account and start the Snort server, make sure you shut it off, because it takes some resources in the VM.In this project, you will: You have unlimited submissions on Gradescope, please don’t abuse it, we reserve the right to limit submissions in case of abuse. In this case, abuse would be using the autograder to brute force an answer by trying many or all combinations possible.Submit to Gradescope:To be clear, the autograder only requires the single assignment_questionnaire.txt file, and the filename must be exactly that.The README.txt is optional, but there for a reason: we want you to follow a methodical process. For example, when trying different attacks, keep a list of what you tried. This is incredibly valuable because then you won’t repeat things that haven’t worked. We believe that keeping this file up to date with your approaches and attempts will help you focus. But it’s optional, we don’t grade it. Important: Figure 1 – Submitting to Gradescope Figure 2 – Activate Your Best Submission Security Notice / WarningThis project involves port scanning and the programmatic creation of network attacks and other hacking techniques. Be certain that you always direct attacks to the Docker container ONLY. Accidentally scanning outside your local network could have serious consequences. The Docker network is on 172.22.0.0/24 (CIDR notation) in the VM, do not scan other networks!Penetration testing is an important part of ensuring the security of a system. This project introduces some of the common tools used in penetration testing, while also exploring common vulnerabilities. You will learn to have (if you don’t already possess) some familiarity with Linux and IP networking concepts that will help you navigate future projects in Network Security. In this project, you will gain hands-on experience by exploiting a server running inside a Docker container, hosted within a virtual machine (VM). You will better understand the Shellshock vulnerability, how privilege escalation can occur, and how to crack weak passwords — all crucial elements in penetration testing.This project is intended to be a gentle on-ramp to the course — the future projects are more difficult. This project will help identify where there might be gaps in your fundamental knowledge related to Linux and networking.For this semester’s project we are releasing an updated virtual machine (VM) for x86 designed for Windows PCs, Intel Macs and Linux on PCs.We also have a brand-new VM for the newer ARM-based Macs. This new ARMbased version runs natively under virtualization, instead of using much slower emulation.Please note: at this point we only have the ARM-based VM for Project 1, thePenetration Testing project. There are other projects that require emulation on anARM-based Mac. This is much slower. In some cases, we can offer a cloud-based VM, in other cases you can install project tools locally. The point is, please reach out to course staff early if you have problems with VM performance.If we need to setup a cloud VM for you for Project 3, we need several days to get that set up for you, so make sure you start that project early, at least to setup and test the VM.This version is x86-based, using Ubuntu 24.04 which uses the xfce user interface. This is done to require less processing power than the Gnome-based full Ubuntu release for graphical user interface (GUI) users.One GUI note about xfce, if you try to grab the lower corners of windows it’s hard to grab and resize diagonally. It’s much easier to grab and drag the upper corners of windows.This VM has the toolsets (Guest Additions for VirtualBox, openvm-tools and openvm-tools-desktop for VMWare) to work with two popular virtualization solutions. We think the VMWare tools will also work with ESXi. Please let us know if you’re using a different solution than VBox, VMWare or ESXi, and how it works.For people using the x86 VM on Windows with VMWare, be aware of an issue with Windows 11 (this is not an issue in Windows 10). Run VMWare as Admin, not as your regular Windows user. To do this, when you bring up the VMWare app in the Windows launch/start menu, right click on it and choose “Run as Administrator”:We found in testing that running as the regular user makes the VM slow/laggy. Running as admin is the fix for this.The ARM-based VM instead runs with the KDE user interface. On this VM we have installed serveral VM toolikits for various virtualization platforms. We provide a qcow2 file for use with UTM and qemu. We also provide a .ova file for use with VirtualBox or VMWare. It should also work for ESXI (Flings) for ARM, however we’ve only tested with UTM, VirtualBox (and perhaps VMWare).There is a video showing the detailed installation steps for each of these platforms, please see Ed Discussion’s main project post, or Canvas.We expect some people to run the x86 VM on older CPUs. There’s no hard line of what the minimum specification is, these are minimum guidelines, your experience may vary: For the ARM-based, newer Mac users, please see Appendix 2 for instructions on how to setup the provided qcow2 file with UTM. If you prefer, you can use the provided ova file with VirtualBox or other virtualization software. We have only tested with UTM and VirtualBox on ARM-based Macs, our ability to support other virtualization packages is limited.For your convenience we have opened port 22 on the VM. The VM runs the openssh server. In VirtualBox, you can set up Port Forwarding, see Appendix 2 for information. Once you set up port forwarding of the VM port 22 to your chosen port on your host, you can simply use ssh localhost:chosen_port_number to login to the VM from your host.Because we have opened the ssh port on the VM, the VM is only as secure as your network. In theory, your typical home network has a router that uses Network Address Translation and blocks all incoming ports from incoming connections from the outside world. This means in theory, assuming that your router isn’t hacked, attackers on the Internet can try to attack your router’s WAN IP Address, but the router will rebuff any connection that didn’t originate in your network. Also in theory, your ISP is doing something to block these attacks, but some will get through.The minute you open a port on your router for your favorite game, you have opened a can of worms that presents a new attack surface to attackers. We strongly recommend you turn the port forwarding on your router OFF while working on this project. Having said that, we also recommend you turn router port forwarding off all the time.Key Point: Docker container ports are exposed on the VM itself. When using nmap, remember that ports on 172.22.0.1 are VM ports, not individual container ports. We publish these container ports on the VM to enable SSH access for users who prefer working from the command line.Two Ways to Work with This ProjectIf you’re working directly in the VM’s graphical interface, accessing the vulnerable website is straightforward. Simply enter the Docker container’s IP address and port number into the browser. Since the VM has a direct network route to the Docker container, the connection works seamlessly.Some users prefer to bypass the VM’s interface entirely and work through SSH from their host machine. This approach requires understanding your virtualization software’s networking configuration.Your networking setup in VirtualBox affects how you access the vulnerable website from your host:Bottom Line: If you’re working from your host machine rather than the VM GUI, check your VirtualBox networking mode. You need to switch to Bridged networking or configure port forwarding in NAT mode.For more information, see Appendix 3. Relative to the Docker network, remember that the VM has one network interface that talks to your host, and another interface to talk on the Docker network. You’ll see more about this in the details of Task 2. The Docker network is 172.22.0.0/24 on this VM. Google CIDR (related to networking) if this notation doesn’t make sense to you, it’s CIDR notation to denote a network with 254 nodes. The VM Docker interface and the Docker container both live in this network address range.Here we repeat our warning to only use nmap or zenmap for scanning the Docker network (172.22.0.0/24)! Do not scan outside the VM network. You will be provided with a virtual machine (VM) based on Ubuntu 24.04 Linux, pre-installed with necessary tools like Metasploit and John the Ripper. Inside this VM, a Docker container will be run, it has various vulnerabilities that you will attack.Provided File for Windows / x86 / PCs:1.amazonaws.com/CS6262Project1-ARM-VBox-Release-02.ova :The Virtual Machine image (Ubuntu Linux)Sha256:4ff7750b2c1aea564a1025e78c08d3e577bc9579182355489fe7e4e12c2793a0Provided File for ARM-based Macs:1.amazonaws.com/CS6262Project1-ARM-Release-02.qcow2.zip: for qemu/UTMSha256:f9d2d434827add699913ebee6d3d35675b2d3c24bac1dc274e2a021dd9b02ed91.amazonaws.com/CS6262Project1-ARM-VBox-Release-02.ova: — for VirtualBox, VMWare, etcSha256: c417b7361e827b5e5fbf161db28244a924cce7dd3b7cac025eb4f2ad4d13003aProvided File for all:1.amazonaws.com/assignment_questionnaire.txt: Template forfinal submission, you must use this file name for submission! Use wget or curl to retrieve it.NOTE: Use curl/wget/save using browser to get the assignment_questionnaire.txt file, if you create it manually make sure it has the correct name or the autograder will reject it../StartShockServer.shImportant: You are attacking the Docker container, not the VM itself.Note: Once you start the Docker container, it will restart itself if it dies, unless you run the ./StopShockServer.sh script.We provide a qcow2 file, this works directly with UTM. We also provide the vmdk version of this qcow2 file which can be used in VirtualBox.A set up video and links for the VM are shared in Ed for reference as you go through this step.Once you get the VM booted, because we can’t predict that people have big screens, we left the VM display resolution at a lower resolution. UnlikeVirtualBox, UTM may not automatically resize the display. You have to go into the VM Display settings and set it to 1920×1080 or whichever choice is appropriate for your screen.The first step in any penetration test is to gather information about the network and servers you’ll be exploiting. In this task, you will perform network scanning and answer a few questions based on your findings. On startup, the shellshockvulnerable Docker container in the VM runs a webserver and listens to multiple ports for incoming messages.In the VM logged in as penteststudent, open a terminal window.First, before doing anything else, run the command to start up the Docker container that runs the vulnerable services:You should see a message a few moments after the container has started. While it’s not strictly necessary, when you are shutting down or rebooting the VM, you can run the shutdown command first:If you don’t stop the container and reboot the VM, it will be running when you start the vm again.Now, let’s investigate the network. At the command prompt, enter this command:You will see the output pictured in Figure 1 on the next page.In the output you will see various network interfaces. The important ones are:lo — this is the loopback interface, it refers to the VM itself. It’s the same, effectively, as 0.0.0.0 and 127.0.0.1 (with minor differences).enp0s3 — this is the VM interface with your host. If you are trying to ssh into your VM from your host computer, you use this address. You may need Bridged networking for this, see Appendix 2. For Ubuntu24.04, enp0s3 always seems to be the name chosen for the first interface, instead of the traditional eth0.docker0 — this is the default Docker network on 172.17.0.0/24, we will not be using it.br-a795c89aa411 — this is an important interface, it’s the VM’s interface on the Docker network. From this entry you can see the Docker network is 172.22.0.0/24, note this address as it will come in handy for the next steps. It’s possible the interface will use a different br-xxxx ID, though we wouldn’t expect it to. Here you can see the VM’s Docker address is 172.22.0.1. Figure 3 — Output of ip a command shows the different network interfaces’ propertiesThere’s also (when the container is running) a veth-xxxx interface. This is the virtual ethernet interface for the running Docker container. While you could use the IPV6 address you see in the output, for this project you should use IPV4 exclusively, don’t use IPV6 addressing. You may not see this veth- interface, we’re just pointing it out for the educational value, sometimes it doesn’t appear.Now it’s time to get down to the tasks:Find the IP address of the vulnerable Docker container on the NAT network using nmap or zenmap (the GUI version of nmap). You’ll find both installed in the VM, ignore any GTK errors if you run zenmap from the command line.Remember to limit your scans to the 172.22.0.0/24 network and nodes on that network only! Don’t scan outside the Docker network!You will see some ports exposed on 172.22.0.1, the VM. These simply reflect the ports on the actual Docker container, for people using ssh to complete the project. You can ignore the ports on this 172.22.0.1 address when answering questions in the assignment_questionnaire.txt. The Docker container address is different.NOTE: You have zenmap on the GUI menu to use, it’s more intuitive to use than the command line version. It will complain that it’s not run as root, that’s OK.Use an Intense scan in zenmap to identify all the open ports on the Docker container’s webserver and submit:You can determine the server type in the zenmap output, and with nmap on the command line with the correct options.nmap and zenmap by default only scans the most popular 1000 ports, to scan EVERY port from 1-10000, you need to specify -p 1-10000 in the nmap command. All the ports you’re looking for are lower than port 10000.One suggested workflow for zenmap is to do a “quick scan” of the 172.22.0.0/24 network to identify nodes on the network. Then inspect interesting nodes more closely with further, more intense scans. Don’t forget to use –p as needed to find non-standard ports.If you are scanning and not finding web server ports, did you remember to run ./StartShockServer.sh in your home directory?Deliverables Submit in assignment_questionnaire.txt:NOTE: Use curl/wget/save file in browser to get the assignment_questionnaire.txt file, if you create it manually make sure it has the correct name or the autograder will reject it.In this task, you will launch the Shellshock attack on a remote web server. Many web servers enable Common Gateway Interface (CGI), which is an older method used to generate dynamic content on Web pages and Web applications.Many CGI programs are written using a shell script. Therefore, before a CGI program is executed, the shell program will be invoked first. This can be triggered by a user from a remote computer, typically using the curl command. To access this CGI program on the Docker container from the VM browser or command line, you need to first make sure you started the Docker container using:./StartShockServer.sh Then, you can either use a browser by typing the following URL:http://:/cgi-bin/shellshock.cgi or use the following command line program curl to do the same thing:For this task, your goal is to launch the attack, using curl, through this URL with the proper parameters, such that you can achieve something that you cannot do as a normal remote user. You will be able to execute code remotely, directly on the container, without using ssh to login or even knowing a password!NOTE: Please don’t use nmap’s –script functionality to get this, we want a curl command with the actual “hack string” you need to hack this.You will craft an attack that directly executes the /usr/bin/task2 program(which needs your GT Login as the input: /usr/bin/task2 gburdell3). It will generate the submission hash for you when your attack is correct.PLEASE NOTE: On the x86 VM, there are more attacks that work, you can get a direct shell and then execute the /usr/bin/task2 command in that shell.For some as-yet unknown reason, on the ARM-based VM, these wider attacks don’t work. You need to call /usr/bin/task2 directly in your attack with your GT Login (like /bin/task2 gburdell3) as parameters. So your attack will be a one-liner that returns the hash.It’s also possible on the x86 VM, because you can get a shell, to run attacks using the netcat (nc) listener. We tried setting up a listener with nc –nvlp in one VM terminal window and ran the attack in a second VM window. The listener gets the shell and you can then run /usr/bin/task2 with your GT Login there.One last note about this task, you may notice that /bin/task2 works as well. In past Ubuntu versions, /bin and /usr/bin were separate directories. Now in Ubuntu 24.04 (which the VM is based on), /bin is just a symlink to /usr/bin.Deliverables Submit in assignment_questionnaire.txt:NOTE: Use curl or wget to get the assignment_questionnaire.txt file, if you create it manually make sure it has the correct name or the autograder will reject it. All the project resources are linked in Canvas and Ed. While you have found a way to execute /usr/bin/task2 on the Docker container without a password, the /usr/bin/task3 executable is owned by a different user account that has different privileges. To execute this file and complete the challenge for Task 3, you’ll need to gain access to that user’s login.During a penetration test, weak credentials remain one of the most common vulnerabilities found in systems. Attackers often exploit this by attempting to authenticate using common username and password combinations. That’s where Metasploit’s brute force capabilities come in.Metasploit includes powerful auxiliary modules for password attacks, along with extensive wordlists of commonly used usernames and passwords. For this project, we are going to use Metasploit’s SSH brute force module to identify weak credentials on the Docker container. This will demonstrate how penetration testers systematically identify accounts with poor password hygiene.Metasploit works by automating login attempts against the SSH service, trying different username and password combinations from predefined wordlists. This is a critical skill for penetration testers, as password spraying and credential stuffing attacks are frequently used in real-world scenarios.This approach teaches students about: NOTE: If you are familiar with Metasploit you can skip this introduction and skip to the Task 3 Assignment heading.After a few moments, the Metasploit Framework console (msfconsole) will load. For this project, msfconsole is the main way of accessing Metasploit. While there are other tools and command prompts associated with Metasploit, msfconsole is suitable for the related tasks of this project. It may take a little time for Metasploit to load, you are ready whenyou see the msf6 prompt at the bottom: Figure 4 – Metasploit opening screenThe text-art image will likely be different. You can ignore the warning about Metasploit being more than two weeks old. Wait a minute for the msf > prompt before entering commands. (in msfconsole): Figure 5 – Shows 752 results for search scanner command The reason there are so many results is that “scanner” is a class of auxiliary modules (as seen by there being so many modules beginning with “auxiliary/scanner”). So, searching for “scanner” (or “scan”) will give everything at all related to network or vulnerability scanning. Figure 6 – Narrowed down results for grep portscan search scanner command That seems a little better. Only 7 results. Since we’re scanning for open tcp ports, let’s use: “auxiliary/scanner/portscan/tcp”. To use this metasploit module, you should run the command: You will get this response: Figure 7 – Shows the new prompt with scanner/portscan/tcpYou now see “auxiliary(scanner/portscan/tcp)” after the prompt, indicating you are using the auxiliary(scanner/portscan/tcp) module. Figure 8 – Viewing options such as RHOSTS While each of the options is marked as required, most of the prefilled values work for our purposes. The only one we need to change is RHOSTS. RHOSTS should be the IP address of the host we want to scan. In this case, you should set it to the IP address of the Docker container, that you found in part 1. You can use the command: Now try running options again and ensure the RHOSTS option is set to the correct IP address for the Docker container. Now you’ve seen an example of how to use Metasploit. You’ll follow a similar process when exploiting the vulnerability to run /usr/bin/task3. Make note of the ssh server port found, if you didn’t note it during Task 1. Task 3 Assignment: Normally you would allow some amount of time waiting for the ssh attack to complete, as the attack will try every combination of usernames and passwords in the username and password files. For convenience we have set up these files to finish very quickly, you won’t have to wait long to get in. NOTE: You should keep the reverse shell running after finishing Task 3, as you will need it in Task 4. Submit in assignment_questionnaire.txt: Your goal in Task 4 is to upgrade the privilege for your command shell by exploiting a setUID vulnerability. You will run /usr/bin/task4 with a higher effective user id (euid), not the current user “system_admin”. On the x86 VM: To be clear, once you successfully upgrade your privileges, when you run the id command, you will still see the system_admin user and group. In addition, you will also see an “euid” (effective user id) of 0 (root). This means you have a root shell. On the ARM VM it’s a little different to escalate your privileges, read on. You will learn about various commands in Linux and find one that lets you escalate your privileges to root on the Docker container.NOTE: Remember to keep the shell open from the previous task, or recreate the steps needed to get the shell in Metasploit from Task 3. Advanced users wishing to use ssh directly may use the username and password from Task 3’s brute force attack to gain a shell on the Docker container with ssh (instead of using the Metasploit shell). There will be some surprises that can be overcome by carefully reading errors, the ssh usage (run ssh -h) and reasoning about operating system file permissions.For those not familiar, there is a concept in Linux of running a command as a more powerful user. For example, if you run ls –l /usr/bin/passwd you’ll see the following output in Ubuntu: Note the normal “x” is not there in the fourth position of –rwsr-xr-x. Instead, the fourth position is perhaps unexpectedly an “s”. This means the passwd executable is setUID. There is setUID, setGID, and sticky bits. Here we’re focused on setUID. When a normal user runs a program with setUID permissions, the file runs as if it were run by the file owner. In the case of the passwd executable, the owner is root, so this is a form of privilege escalation.This is because a normal user can’t edit the /etc/shadow file, so they can’t change their own password. A higher privileged user like root needs to make changes there. Thus, executables like the passwd program are setUID to accomplish their purposes.SetGID does the same thing as setUID except the file is run associated with the group that owns it. There’s also the sticky bit, you can read about that, it controls directory permissions.Task 4 Assignment: Assuming you are using the shell you gained in Task 3, as a first step, type the id command in your shell. You should see system_admin which is your user ID. Now, run /usr/bin/task4 gt_login. You will see a permission denied error. That is because /usr/bin/task4 is configured to allow only a privileged user to run it. Thus, you need to find a way to run /usr/bin/task4 as a privileged user. A feasible approach is to spawn a shell running as the “root” user and run task4 through the shell. Useful Resource for the Windows / x86 VM: https://gtfobins.github.io/ NOTE: Make sure you do the following search on the Docker container, not on the VM. You will want to look at the output of ls -l /usr/bin on the Docker container for a program which has a higher privilege than the default user and run /usr/bin/task4 gt_login in the shell spawned. If you run ls –l /usr/bin you’ll get a very long list. Consider piping the output through the less command to see it one page at a time. Better yet, pipe the output of ls –l to grep and search for a pattern that identifies a setUID executable. Alternatively, you could use find with the –perm parameter (research this parameter) to find only setUID programs. This is the typical way of identifying them.For x86 users, also look at the commands featured on the gtfobins.github.io link above. There’s a command on that list that’s setUID on the Docker container. Use ls –l to see permissions on the Docker container and perhaps grep for something that will get you setUID files only in the output list. Your job is to figure out which command in both lists is setUID and find a way to execute it to get a shell.For ARM-based Mac users, for some reason this target program doesn’t work the same way to elevate privileges as it does on x86 Ubuntu. Instead of using the gtfobins.github.com list compared to the list of setUID executables, just look at the list of setUID executables in /usr/bin and you will see an obvious choice to run. Deliverables Submit in assignment_questionnaire.txt:NOTE: Keep your Task 4 root shell open for Task 5.A valuable part of any penetration test is password cracking. While there may be no known vulnerabilities in a system, a weak password could be just as damaging in allowing an attacker to gain access to a system or view sensitive information once they gain access. We’re going to look at two kinds of weak passwords in this task: passwords that are too short, and passwords that can easily be guessed via password scraping.Remember you have learned about the Linux find command. On the shellshock vulnerable webhost, there are two password-protected files. task51.zip is password-protected with zip, while task52.gpg is encrypted with gpg, a common file encryption tool in Linux. GPG is the open-source version of PGP – Symantec owns PGP. It is typically licensed for a fee.We already know the developers of this web server are not very security savvy, since they let a shellshock vulnerability plus a setUID exploit give a high privilege shell on their machine. So, chances are they did not pick very secure passwords for these secret files. Your goal in this task is to crack the passwords of these two files using John the Ripper (a popular password cracker) and cewl (a password scraper).That hash is:Username: myuserPassword: password12Format: MD5-Crypt (–format=md5crypt)john –format=md5crypt -wordlist=/home/penteststudent/rockyou.txt hello.hash There’s no space between — and wordlist. You will see this output:Cracked 1 password hashjohn –show hello.hash The output is:myuser:password123 In these tasks, you will analyze two password-protected files suspected of containing valuable content:These files have been encrypted using weak or guessable passwords. Your job is to recover these passwords using password cracking techniques and tools.To prepare for these tasks, you need to download the files from the Docker container to your VM so you can work on them with John the Ripper tools.Remember you are using your login from Tasks 3 and 4, this is a Metasploit shell.Once you download the files from the Docker container to the VM, be sure to switch to a VM Terminal where you’re not logged into the Docker container anymore. At this point, once you have recovered these two files, you are done with the Docker container.You’ll work with:This task reinforces your ability to:Hint: This will produce a hash line John can use as input.Hint: Try using –incremental to perform a brute-force attack.You can also experiment by using the rockyou.txt wordlist. You must use the rockyou.txt we provide, do not download your own!If you use rockyou.txt, –wordlist doesn’t work, it’s -wordlist. On ARM we found that still doesn’t work if you do –wordlist=filename. So, you need to use –wordlist as a param with no filename, and then append:to the end of the command to feed the rockyou.txt file to john as stdin.Hint: Use the unzip command and supply the recovered password. ./task51 your_gt_login Record the output hash in your assignment questionnaire.Ask yourself: Hint: You will need to set cewl depth parameters to follow links to all profile pages in the series, by default cewl only looks through 2 links before stopping.Hint: Use the -wordlist option and allow default –rules to permute the words.NOTE: It might be –wordlist on the x86 VM, see what works.NOTE: This task can take some time, on my 12th Gen MSI laptop it took about twenty minutes on the x86 VM. On a Mac Mini M4 it took 18 minutes on the ARM VM. It will run faster or slower depending on your computer.TIP: Normally, don’t abuse the autograder. However, here in Task 5.2, you could submit your assignment_questionnaire.txt with your proposed 5.2 command and see if the autograder approves the command. Once you can get your command to pass the autograder, then run it.Otherwise, if you don’t have the correct command, this will run forever.This command is one line, substitute your cracked password.NOTE: As decrypted, the task52 executable is not executable. You must runto make it executable.Record the resulting hash in your assignment_questionnaire.txtDeliverables In your assignment_questionnaire.txt, include: That’s it! You’re done, congratulations.This project is adapted from SEED Labs by Wenliang Du, licensed under GNU Free Documentation License, Version 1.2. Extra thanks for the ARM-based bash to SEED Labs.Here are some resources for the various concepts and tools presented in the project:nmap – https://nmap.org/book/man.html#man-description zenmap – https://nmap.org/zenmap/ Task 3 – MetaSploit https://docs.rapid7.com/metasploit/bruteforce-attacks/ https://www.offsec.com/metasploit-unleashed/scanner-ssh-auxiliary-modules/Task 4 – Root Privilege Escalation Getting a root shell –https://gtfobins.github.io/ (compare this list to the output of ls -l /usr/bin on the Docker container, once you already have a regular shell. Searching inside the Docker container with find /usr/bin -perm 4000 doesn’t work as it should, we’re not sure why it doesn’t.)Task 6 – HTTP Request Smuggling – https://portswigger.net/web-security/request-smuggling https://www.imperva.com/learn/application-security/http-request-smuggling/ https://nvd.nist.gov/vuln/detail/cve-2024-40725 https://httpd.apache.org/security/vulnerabilities_24.htmlGeneral links:Shellshock – https://en.wikipedia.org/wiki/Shellshock_(software_bug)Metasploit – https://www.offensive-security.com/metasploit-unleashed/John the Ripper – https://www.openwall.com/john/doc/CeWL – https://tools.kali.org/password-attacks/cewlWebserver Marketshare –https://w3techs.com/technologies/overview/web_server Shellshock Vulnerability http://seclists.org/oss-sec/2014/q3/650curl https://curl.haxx.se/docs/manpage.html netcat https://linux.die.net/man/1/nc nmap https://nmap.org/book/man.htmlService and Version Detection | Nmap Network Scanning Metasploithttps://www.offensive-security.com/metasploit-unleashed/metasploitfundamentals/ John the Ripper https://www.openwall.com/john/doc/cewl https://tools.kali.org/password-attacks/cewl Until this semester, we didn’t have an ARM-based VM for Project 1. Because of this, we had this section on emulation written up for ARM-based Mac users. We have left this appendix in with some modifications, but it’s not needed for Project1. This section may come in useful for Project 3 if you need to emulate the x86 VM, as we don’t have an ARM-based VM for Project 3 yet. Emulation on ARM-based Macs doesn’t always work, it can be very slow. You should use ssh to access the VM using your hosts tools like Terminal, curl and your browser if needed. Credit where credit is due, TA Eric Johnson wrote these instructions, then we modified them for CS 6262 students for Project 1. We decided to provide some details below on how to configure emulation, but these instructions come without any warranty – we cannot grant extensions due to emulation issues. Note: None of the material below is necessary for running in VirtualBox on an Intel-based machine, but you can run the VM headless using the same SSH instructions as below: While it is possible to use emulation to run the CS6262 VMs it is important to note that it is not officially supported. You will need to be familiar with SSH and using the terminal as the Linux GUI is not very responsive. You will find it difficult to impossible to finish the project using the VM GUI. Please understand the teaching assistants (TAs) can provide only very limited support on emulation.Homebrew — https://www.qemu.org/download/#macos UTM — https://mac.getutm.app or other any other emulation toolFor the purposes of this tutorial we will use the CS6262Project1-R01.ova name as the VM filename, be sure to adjust the instructions for your VM image name. Note that these instructions were created using a Linux VM and the exact commands may vary slightly on MacOS. This will result in this file being created:CS6262Project1VM-disk002.vmdk qemu-img convert -O qcow2 CS6262Project1VM-disk002.vmdk CS6262Project1VM-disk002.qcow2 Note these instructions assume that you are using UTM. The instructions will differ if you are not using UTM. The VM settings window should have opened once you saved the VM. Now you’ll need to configure the VM to use your .qcow2 image to boot the course VM. Given the fact that emulating the Linux UI typically results in poor user experience, the expectation is that you would use SSH to complete all project activities. If you are unable to use SSH to perform a specific task then you’re unlikely to be able to complete the project using an emulated VM.Note that it is likely the second interface, denoted by `2:`The default subnet for UTM is typically `192.168.64.0/24`2: enp0s1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether ee:50:4e:d3:b0:d1 brd ff:ff:ff:ff:ff:ff inet 192.168.64.12/24 brd 192.168.64.255 scope global dynamic noprefixroute enp0s1 In this example: We will assume that the IP address for the course VM is 192.168.64.12 for the purposes of this example. Your IP address may vary. Please use the address identified above to complete each SSH command. Ensure that you have Chrome installed on your Mac.Connect to the VM via ssh: This will get you a bash session running on the VM, presented in your host interface. For portions of the project that can be done from the command line (all of it), use this window. You may want to open a second window for certain types of attacks, though it isn’t required or necessary. If you want to view the project website, then you need port forwarding. You can possibly set this up in UTM/QEMU, we’re not sure. You can also use SSH tunneling to forward the vulnerable website to view from your host: NOTE: the port 9999 is just an example, use the port you discover with nmap / zenmap, that command is all on one line. We hope you have been able to work your way through these instructions, please let us know of any suggested changes on Ed Discussion.If you look at the networking settings in VirtualBox, you’ll see various network styles available. We will look at two of those here: NAT and Bridged. Figure 9 – Network Types in VirtualBoxIn VirtualBox NAT Networking, the VM accesses the Internet through a softwarebased router created by VirtualBox. This is the simplest and default method of networking in VirtualBox. The VM has Internet access, but you typically can’t access the VM from your host. The IP address for the VM will be in the range10.0.2.0/24.This networking style is fine if you plan to do all your work in the VirtualBox VM’s GUI. You will be able to work in a shell in the VM and will have full network access from within the VM to the Docker container running in the VM. From the VM you’ll also be able to access the Internet.This is the safest networking style in VirtualBox, as the VM is not accessible from the network. In addition, if you use port forwarding, you can work from your host using NAT networking.For those who want another way to be able to ssh into the VM from their host machine, you’ll want to choose Bridged networking in the VM. This promotes the VM to be a full member of your network. This means instead of a 10.0.2.0/24 address, your VM will get an address on your home network. We do not recommend Bridged Networking if you are in a work environment.Once you switch to Bridged networking, you should see the IP address of the VM change to be an address on your network, which is typically in the range 192.168.1.0/24 on a home router.Thus, with bridged networking you can avoid having to setup port forwarding.NOTE: This command only works for VirtualBox on Windows:We have seen behavior in VirtualBox that when you switch between NAT and Bridged networking, the IP address of the VM will not update. In this case, please run the following command in the pentestuser’s home directory:./RestartNetworking.sh This runs the following commands:You can’t normally run these commands as penteststudent, so use the provided script to update your networking on the VM.We might be giving away the game a bit here but it’s OK. As we have noted, the Docker network is on 172.22.0.0/24. It’s easy enough to run ip a and discover the VM’s IP address is 172.22.0.1. As noted previously, you will see the Docker container’s ports duplicated on the VM. This is to make them available for port forwarding to your host if you desire to work from your host.To set up port forwarding, open the VM’s Network settings. You can change network settings while the VM is running. Figure 10 – Choose the Network OptionThis only works if you’re in NAT networking: you will see a port forwarding button in the VM’s Networking settings: Click this button and you’ll see the Port Forwarding Rules dialog appear: Click the + icon to create a new rule, under Host Port enter the port you want to use on your host, and under Guest port enter the port numbers the VM’s Docker container is using. If you’re already running something on Port 22, for example you run Windows Subsystem for Linux (WSL), then use a different port on the host side. The VM’s ssh is setup on port 22.This will make the designated ports available on your host’s localhost interface.You can then run a command like this to ssh into the vm, per the settings above:You can also access the Docker container’s published ports from localhost. Let’s say you found the Apache 2 server on the container on port 9999. Then you could use this curl command from your host to access the webpage with curl or a browser:curl http://localhost:9999 This VM was produced on a Windows machine. If you are on an Intel-based Mac, you may see an error like this when starting the VM: In this example we are using a Bridged network, regardless of whether you use NAT or Bridged, to fix this problem choose your eth0 interface in the Network Settings for wi-fi, or the appropriate interface for your connection: If you can select the adapter type (if it’s not greyed out like here) try different adapters starting with the Intel desktop adapters: To adjust the VM settings, you need to fully shut down the VM. Do not save state, just use the File menu to close the vm and choose Power Off the Machine. Save any open work before shutting down.If you have display issues in the VM, you can use the VirtualBox settings to attempt a workaround. We ship the VM with the VBoxSVGA display adapter enabled, instead of the default VMSVGA. This leads to a false error in the settings window: As long as the OK button is active / can be clicked, you are good to try that setting.We have also found in the past that the Enable 3D Acceleration wasn’t helpful, but recent reports condtradict this, so do try it out if you try the VMSVGA adapter.The VM is set by default to be 1920×1080 pixels in the Ubuntu OS Display settings. If you want a bigger resolution, depending on your video card it may be possible in the Display settings in Ubuntu on the VM.If you are running a 1280×720 screen then you can either adjust the VM Ubuntu Display settings if possible, or set your native Windows or other OS to 1920×1080 and your 1280×720 screen should do the scaling.If you have another screen config and are having trouble with video settings, please post on the class discussion forum on the appropriate VM Troubleshooting thread.We just created the ARM-based VMs so we don’t have a troubleshooting section yet.Thanks for going through the project. We hope you see by now, while this is a long document, most of it is introductory and background information. We would appreciate any feedback, positive or negative, about our choice to include so much extra information about Docker, Networks and VMs in this document. Did you find it helpful? Was the size of the document so large that it initially discouraged you? Thanks for any feedback.
Trivia Game – Questions Class (15 pts) Trivia Questions (20 pts) Driver Program (25 pts) For this assignment, you will create three modules that are all related. Instructions for each module are outlined below: Questions Class (15 pts) Define a class that has the following attributes: • A trivia question • Answer 1 • Answer 2 • Answer 3 • Answer 4 • The number for the correct answer (1, 2, 3 or 4) The class must have an __init__ method, but you can create additional accessors, mutators or a __str__ method as needed. This module should only contain the class definition (with the appropriate methods for each attributes). Don’t forget to run this module to check for errors! (Note: output should not be expected here.) Trivia Questions (20 pts) Define a function in this module that creates a list of trivia question objects. This module should import the module that contains the class definition for the questions. The function doesn’t require any parameters but should return a list of question objects. The returned list MUST contain at least 10 questions. (You are welcome to change the questions provided in the sample, or add additional questions, as long as the total number of questions are even.) Note: This module should only contain the function definition that generates the list of questions. (No class definition is needed in this module.) Don’t forget to run this module to check for errors! (Note: output should not be expected here either.) Driver Program (25 pts) Write a program that executes the trivia game based on the list of trivia questions! The game should be played in the following manner: • This game is played with two players. Starting with player 1, each player gets a turn of answering (at least) 5 trivia questions. (At least 10 questions is required.) • Each question should be displayed along with 4 possible answers. (Only one of the answers should be correct.) • The player enters a value 1, 2, 3 or 4 corresponding to their selected answer. • If the player’s answer is correct, that player gets a point. • After all answers have been selected for all of the questions, the program displays the number of points earned by each player and declares a tie or the player with the highest points as the winner. This module should import the module used to generate and return a list of trivia questions. A sample output is shown below. (Remember – You are allowed to change the questions or to add additional questions, but there must be at least 10, and the total number of questions must be even.) Sample output: Question for the first player: How many days are in a lunar year? 1. 354 2. 365 3. 243 4. 379 Enter your solution (a number between 1 and 4): 2 That is incorrect. The correct answer is 1 Question for the second player: What is the largest planet? 1. Mars 2. Jupiter 3. Earth 4. Pluto Enter your solution (a number between 1 and 4): 2 That is the correct answer. Question for the first player: What is the largest kind of whale? 1. Orca whale 2. Humpback whale 3. Beluga whale 4. Blue whale Enter your solution (a number between 1 and 4): 1 That is incorrect. The correct answer is 4 Question for the second player: Which dinosaur could fly? 1. Triceratops 2. Tyrannosaurus Rex 3. Pteranodon 4. Diplodocus Enter your solution (a number between 1 and 4): 3 That is the correct answer. Question for the first player: Which of these Winnie the Pooh characters is a donkey? 1. Pooh 2. Eeyore 3. Piglet 4. Kanga Enter your solution (a number between 1 and 4): 2 That is the correct answer. Question for the second player: What is the hottest planet? 1. Mars 2. Pluto 3. Earth 4. Venus Enter your solution (a number between 1 and 4): 4 That is the correct answer. Question for the first player: Which dinosaur had the largest brain compared to body size? 1. Troodon 2. Stegosaurus 3. Ichthyosaurus 4. Gigantoraptor Enter your solution (a number between 1 and 4): 4 That is incorrect. The correct answer is 1 Question for the second player: What is the largest type of penguins? 1. Chinstrap penguins 2. Macaroni penguins 3. Emperor penguins 4. White-flippered penguins Enter your solution (a number between 1 and 4): 3 That is the correct answer. Question for the first player: Which children’s story character is a monkey? 1. Winnie the Pooh 2. Curious George 3. Horton 4. Goofy Enter your solution (a number between 1 and 4): 2 That is the correct answer. Question for the second player: How long is a year on Mars? 1. 550 Earth days 2. 498 Earth days 3. 126 Earth days 4. 687 Earth days Enter your solution (a number between 1 and 4): 1 That is incorrect. The correct answer is 4 The first player earned 2 points. The second player earned 4 points. The second player wins the game.
Capital Quiz (30 pts) Write a program that quizzes the users on their knowledge of state capitals. You can access the list of states and capitals using the following link (or any other reliable Internet source.) https://en.wikipedia.org/wiki/List_of_capitals_in_the_United_States Your program should randomly quiz the user by displaying the name of a state and asking the user to enter the state’s capital. The program should keep track of the number of correct and incorrect answers. The program should also offer a sentinel to stop the quiz. (Review section 4.2 in the zyBook to recap the use of sentinels.) Your code should include: 1. A dictionary to store the states and their capitals as key value pairs 2. A random number generator to randomize the states referenced • You may think it would be useful to retrieve the index of the dictionary to help with randomizing the questions. However, dictionaries require keys not indices to retrieve a value. You can overcome this by converting the dictionary to a list using list() so you can retrieve indices. 3. A while loop to stop the game. The program should indicate what the sentinel is so that the user can stop the game at any time. • The while loop should include an if elif structure to keep track of the user’s correct and incorrect answers A sample of the output is shown below: What is the capital of Nevada? (or enter q to quit): Carson City That is correct. What is the capital of Hawaii? (or enter q to quit): Honolulu That is correct. What is the capital of Utah? (or enter q to quit): Salt Lake City That is correct. What is the capital of Louisiana? (or enter q to quit): Baton Rouge That is correct. What is the capital of Connecticut? (or enter q to quit): Hartford That is correct. What is the capital of Arkansas? (or enter q to quit): Little Rock That is correct. What is the capital of Washington? (or enter q to quit): Seattle That is incorrect. What is the capital of Georgia? (or enter q to quit): Atlanta That is correct. What is the capital of Illinois? (or enter q to quit): q You had 7 correct responses and 1 incorrect responses. Tip: • Functions are not required for this question. Encrypting code (30pts) Write a program that uses a dictionary to encrypt a text file. You can use the dictionary provided below or modify it to create your own version. Encrypt_Code = {‘A’:’)’,’a’:’0′,’B’:'(‘,’b’:’9′,’C’:’*’,’c’:’8′, ‘D’:’&’,’d’:’7′,’E’:’^’,’e’:’6′,’F’:’%’,’f’:’5′, ‘G’:’$’,’g’:’4′,’H’:’#’,’h’:’3′,’I’:’@’,’i’:’2′, ‘J’:’!’,’j’:’1′,’K’:’Z’,’k’:’z’,’L’:’Y’,’l’:’y’, ‘M’:’X’,’m’:’x’,’N’:’W’,’n’:’w’,’O’:’V’,’o’:’v’, ‘P’:’U’,’p’:’u’,’Q’:’T’,’q’:’t’,’R’:’S’,’r’:’s’, ‘S’:’R’,’s’:’r’,’T’:’Q’,’t’:’q’,’U’:’P’,’u’:’p’, ‘V’:’O’,’v’:’o’,’W’:’N’,’w’:’n’,’X’:’M’,’x’:’m’, ‘Y’:’L’,’y’:’l’,’Z’:’K’,’z’:’k’,’!’:’J’,’1′:’j’, ‘@’:’I’,’2′:’i’,’#’:’H’,’3′:’h’,’$’:’G’,’4′:’g’, ‘%’:’F’,’5′:’f’,’^’:’E’,’6′:’e’,’&’:’D’,’7′:’d’, ‘*’:’C’,’8′:’c’,'(‘:’B’,’9′:’b’,’)’:’A’,’0′:’a’, ‘:’:’,’,’,’:’:’,’?’:’.’,’.’:’?’,'’,’>’:'
Tortoise vs. Hare (60 pts) Write a program that simulates the classical race between the tortoise and the hare (with a couple modifications). You will use the turtle module to provide an aerial view of the race! The tortoise and hare will race in a ‘course’ of 200 pixels. Each animal starts at the ‘starting line’ which is position x = -100 in the turtle window. The finish line is at position x = 100 and the first animal to reach the finish line wins the race and the prize (a pail of fresh organic lettuce and carrots). In this program, the course is up the side of a slippery mountain, so the animals can occasionally lose ground. The tortoise’s starting position will be at (-100, 0) and the hare’s starting position will be at (-100, 50). To ensure that each animal remains in their own lane, the y coordinate should not change for the duration of the race. (This also prevents the animals from using dirty tactics, like biting or kicking.) (Note: Diagram shows the tortoise, represented by the turtle cursor, and the hare represented by the classic cursor at position x = -100 (indicated by the line called start). The cursor has been resized in the code, to make it easier to see during the race. Despite the graphics, the tortoise does not actually have a head start!) Each animal has specific move types that correspond to their movement in the course. The animal, move type, probability of move type and actual move is shown in the table below: Animal Move Type Probability of Move Actual Move Tortoise Fast Plod 50% 3 spaces forward Slip 20% 5 spaces backward Slow Plod 30% 1 space forward Hare Sleep 20% No movement Big Hop 20% 7 spaces forward Big Slip 10% 10 spaces backward Small Hop 30% 1 space forward Small Slip 20% 2 spaces backward The race is managed by a ‘clock’ (loop) that ticks once per ‘second’ (iteration). While the race has not been won, your program should adjust the position of the tortoise and the hare on the course, with each ‘tick of the clock’ (i.e., iteration in the loop). The race (i.e., loop) ends when one or both of the animals reaches position x = 100 in the window. Programming tasks 1. Create two value returning functions to keep track of the hare and tortoise’s positions. (between x = -100 and x = 100). The function should accept one parameter and return one value. a. The parameter represents an animal’s initial and current x-positions, and the value returned would be the animal’s new x-position in the race. b. The body of the functions should include a random number generator (RNG) to simulate the movements passed on their probability. A random number should be generated for each animal within the range 1 £ num £ 10. This RNG is essential for determining the animals’ movements in the track. Example: For the tortoise, a random integer in the range 1 £ num £ 5 should result in a fast plod (as that movement will occur 50% of the time). Similarly, a random integer in the range 6 £ num £ 7 should result in a slip, and a random integer in the range 8 £ num £ 10 should produce a slow plod. c. Occasionally, the RNG can cause the animal to slip beyond the starting and ending positions. Use if statements to check the boundaries of the race. If an animal slips past x = -100, reset their position to -100. Similarly, if the animal’s position does beyond x = 100, reset the position to 100. 2. The main portion of the code must use functions from the turtle module to construct the course and display the race. The course is created by using additional ‘turtle’ objects to draw lines, (i.e. the starting and ending lines) or write messages as well as the serve as the placeholders for the racing animals (one for the tortoise and one for the hare.). a. Use the function Turtle() to create additional turtle objects to use. You can assign names to the turtle to distinguish between the objects. (E.g. writing bob = turtle.Turtle() allows you to use bob to call some of the other functions from the module, such as bob.pendown(). ) You can create as many objects that you need to draw the course or display messages for your race. b. Use the shape() function to determine which cursors to use to represent the tortoise of the hare. Optional: You can resize the cursor by using the shapesize(w,l, outline) function c. Notice that the race only shows two turtle objects. Use the hideturtle() function to make some turtles invisible. Use these objects to draw the start and end lines (using forward(pixels), backward(pixels), left(angle) or right(angle)). A turtle should be used to display messages with the write() function in the window. d. Use the setpos(x,y) function to move turtles to positions in your window. Don’t forget to use penup() and pendown() to determine when the objects should draw while moving or not. e. Optional: You can use the title() function to label your window. 3. The main portion of your code must also include a while loop to run the race. Create a variable that will serve as the clock for the race, and add 1 to it for each iteration of the loop. The loop is controlled by the variables that represent both the hare’s and the tortoises x-position (starting at -100 for each). The loop will run until one or both animals’ value reaches x = 100. 4. Once the loop stops, determine the winner of the race. If the value in Tortoise’s xposition is greater than or equal to the value in the Hare’s x-position, then the Tortoise wins. (Yes, the Tortoise wins in the event of a tie, as the Hare is convinced that a tie is statistically unlikely.) Otherwise, the Hare wins. In each case, print out a message to indicate the winner of the race, as well as the number of iterations it took to complete the race. Sample output The outputs below show possible outcomes of the race. Your results may vary. Tips: • Keep in mind that a second is represented by an iteration and is not an actual second. • You will need at least two functions: o A function to control the tortoise’s movements o A function to control the hare’s movements • A main function is not required. You are welcome to create one if you wish, and you can create more functions if you think it will help with organization. • Using colors for your window background or turtles’ objects are optional.
Wind-Chill Temperature (15 points) In 2001, the National Weather Service implemented a new wind-chill temperature formula to measure the coldness using temperature and wind speed. The formula is: where: twc is the wind chill temperature ta is the outside temperature v is the wind speed The formula can only be used for temperatures between -58 degrees Fahrenheit and 41 degrees Fahrenheit, as well as wind speeds greater than or equal to 2mph. Write a program that: 1) asks the user to enter a temperature between -58 degrees Fahrenheit and 41 degrees Fahrenheit. o Input validation: If the user enters a temperature not in range, use an if statement or while loop to ask them to re-enter the value. 2) asks the user to enter a windchill greater than 2mph. o Input validation: If the user enters a wind speed not in range, use an if statement or while loop to ask them to re-enter the value. The program then calculates the wind-chill temperature using the formula above. (You can use the math module for this question if you want.) Format the output to 1 decimal place. Sample output (including input validation): Enter the temperature in Fahrenheit: -60 Temperature must be between -58F and 41F Please re-enter the temperature in Fahrenheit: 50 Temperature must be between -58F and 41F Please re-enter the temperature in Fahrenheit: 35 Enter the wind speed miles per hour: -1 Speed must be greater than or equal to 2 Please re-enter the wind speed miles per hour: 5 The wind chill index is 30.6 The Price is Right! (One Bid) (45 points) Image source: https://priceisright.fandom.com/wiki/One_Bid “The Price is Right” is a popular game show in the US that focuses on players correctly predicting prices of items for cash and prizes. After players “come on down!” to contestants’ row, the first game that they play is “One Bid” where the players are shown a prize and must determine what the price is. Contestants are not allowed to bid the same amount as another player. The player who is closest to the actual price without going over wins and gets to come up on stage to play for additional prizes. Players who bid the exact prize also win an extra $500. Write a program that simulates One Bid. Your code should do the following: 1) Generate a random number for the price of the prize. (For this program, set the range of the price as $1000 – $5000.) 2) Ask four ‘players’ for their bids. All bids should be in whole dollars (no cents). 3) Determine if players have over bid. If players have overbid, print a message. (The program would end here.) 4) Determine if a player made the exact bid. If so, print a message stating that a player has made an exact bid. (Don’t reveal the price yet, the program will continue.) 5) Reveal the price and determine who is the winner. The winner is the person who bids closest to the price (including the exact price) without going over. You can make the following assumptions: • Assume that players know that $1 is the lowest bid they can make (Therefore, your code does not have to check for negative bids. • Assume that players know they are not allowed to make the same bid. (Therefore, your code does not have to check for other players making the same bid.) Use the randint method from the random module to generate your prize. Use selection statements to check for overbids from all players, an exact bid and the overall winner. Sample output is shown below: Sample output 1 – Everyone overbid. Note that the actual price is not revealed. Player 1, what is your bid? 3500 Player 2, what is your bid? 3650 Player 3, what is your bid? 5000 Player 4, what is your bid? 3100 Buzz! Aww… everyone has overbid! Sample output 2 – exact winner. (Extra message printed.) Player 1, what is your bid? 2500 Player 2, what is your bid? 1100 Player 3, what is your bid? 1350 Player 4, what is your bid? 1560 Ding Ding Ding! One player got it exactly right and gets $500! Actual price is $1100! Player 2, come on up! Sample output 3 – everyone underbids, closest to prize wins. Player 1, what is your bid? 800 Player 2, what is your bid? 1150 Player 3, what is your bid? 1976 Player 4, what is your bid? 801 Actual price is $2814! Player 3, come on up! Sample output 4 – some players overbid, closest to prize wins. Player 1, what is your bid? 3500 Player 2, what is your bid? 1500 Player 3, what is your bid? 2750 Player 4, what is your bid? 1 Actual price is $1541! Player 2, come on up! Sample output 5 – top the highest value by 1 dollar (a very popular strategy!) Player 1, what is your bid? 890 Player 2, what is your bid? 756 Player 3, what is your bid? 1350 Player 4, what is your bid? 1351 Actual price is $2990! Player 4, come on up! Hint: This code requires careful analysis and design. You may want to ‘plan’ by outlining by hand, how the winner is selected. This can help you with the ‘logic’ of the code. Then, you can build the code by designing it with only two players. Once you have worked out the code for two players, you can then add the third and fourth players. You can hard code the true price to test the exact win portion of your code. (Just don’t forget to switch it back to random when you are done!) You can also test the code by using the same set of numbers to ensure that each player gets a chance to win. There are multiple ways to solve this problem, although some strategies are easier than others! You are allowed to use additional predefined functions or methods to assist you, but they are optional. Just don’t overcomplicate things. If you can’t explain what a function or method is doing or why it works, it’s best to not use it for now. J Here’s a link to see a list python’s pre-built functions. Perhaps some can be useful? https://docs.python.org/3/library/functions
Runway Length (15 points) Given an airplane’s acceleration, a, and take-off speed, v, the minimum runway length needed for the airplane to take off is computed using the formula !! “# . Write a program that prompts the user to enter the speed in meters per second (m/s) and the acceleration in meters per second squared (m/s2 ). The program should calculate and display the minimum runway length. Format the result to four decimal places. Sample output: Enter the plane’s take off speed in m/s: 60 Enter the plane’s acceleration in m/s**2: 3.5 The minimum runway length needed for this airplane is 514.2857 meters. ______________________________________________________________________________ Area of composite shape (15 points) Write a program that finds the area of the shaded region in the shape below: q The area of a kite is given as $% ” where p and q represent the lengths of the diagonal parts of the kite. The area of a circle is given as A = pr2 where r is the radius of the circle. Prompt the user for the lengths of p, q and r. The program should output the area of the shaded region only. Use the defined constant for p (in the math module). Format the result to 3 decimal places. A sample of the output is shown below: Enter the first diagonal length: 20 Enter the second diagonal length: 15 Enter the radius of the enclosed circle: 5 The shaded area is 71.460 square units. ______________________________________________________________________________ Ingredient Adjuster (15 points) A cookie recipe calls for the following ingredients: • 1.5 cups of sugar • 1 cup of butter • 2.75 cups of flour The recipe produces 48 cookies with this amount of ingredients. Write a program that asks the user how many cookies they want to bake. The program should calculate and display the adjusted amount of each ingredient for the specified number of cookies. Create ‘constants’ to store the ingredients and the ‘default’ number of cookies in your script. A sample of the output is shown below: Enter the number of cookies: 30 To make 30.0 cookies, you will need: 0.94 cups of sugar 0.62 cups of butter 1.72 cups of flour ______________________________________________________________________________ Tip Calculator (15 points) Write a program that reads the subtotal and gratuity rate. The program then calculates and gratuity as a dollar amount, followed by the total amount, and displays all information in dollars. Your code should include currency formatting (i.e., use the $ in your output, include comma separation and format the result to 2 decimal places.) Sample output: Enter the subtotal: $1250 Enter tip amount (as a %): 25 Subtotal: $ 1,250.00 Tip: $ 312.50 Total: $ 1,562.50
The project implements a templated linked list data structure for Expression Validation: Before evaluating the expression, the program validates the input linked list to ensure that it represents a valid arithmetic expression. It checks for proper alternation of digits, decimal points, and operations, as well as the presence of valid operation characters. Every single keystroke is considered as one of the nodes for a linked list. Arithmetic Evaluation: The core functionality of the project is the evaluation of the arithmetic expression represented by the linked list. The program traverses the linked list, reconstructs the float values from individual digits and decimal points, and performs the specified operations (+, -, *, /) on the operand (and returns a float- given that the expression is valid). 1 The program will consider every single keystroke to be a new Node of an instance of the class LinkedCalc. ExampleLinkedCalc calc1; calc1.insert(‘1’); calc1.insert(‘+’); calc1.insert(‘2’); calc1.validateExpression()//returns True calc1.evaluateExpression()//returns 3.0f (float) Methods bool validateExpression()- The validateExpression method is a member function of the LinkedList class in the Linked List Arithmetic project. Its purpose is to validate the expression represented by the linked list to ensure that it follows the correct format and adheres to the rules of arithmetic expressions. float evaluateExpression()- The evaluateExpression method is another member function of the LinkedList class in this project. Its purpose is to evaluate the arithmetic expression represented by the linked list and calculate the final result. Invalid expression conditions1. Consecutive decimal points (with no digits between them). 2. Consecutive operators (with no digits between them). 3. No digits following an operator. 2 Example interactionSee tester.cpp for details. Assumptions ● A valid input will contain a series of floats or integers joined by the operators(+, -, *, and /) ● The output (for a valid expression) will always be a positive float. ● You can assume that the divisor will never be 0. ● Order of operationsa. Division, from left to right b. Multiplication, from left to right c. Addition, from left to right d. Subtraction, from left to right Included Files 1. linked_calc.cpp 2. linked_calc.hpp 3. Tester.cpp How to handle segfaults? 1. https://discover.cs.ucsb.edu/commonerrors/tutorial/gdbtutorial.html 2. http://marvin.cs.uidaho.edu/Teaching/CS445/debuggingSegFaults.html 3 Implementation instructions1. You are not allowed to use std::string for this project. 2. You can use as many helper functions as you see fit. The isdigit() function is already implemented for you. 3. Your code must be runnable on the student cluster. There can be noo exceptions to this. Submission instructions Compress all the files together and submit to Canvas (all of the team members must submit). Name the file- Project 1-S24.zip Rubric ● 10 test cases*9 =90 ● Proper documentation (comments explaining the logic/code)= 10 ————-————-————-————- Total = 100 4
