Assignment for Students: Build a Local Enumeration and Privilege Escalation Tool using Python

Task and Mark Distribution

Tasks are to be undertaken in the Python programming language. You will be expected to include comments in your code to explain the behaviour of your code and provide a justification of your algorithm selection. You are also strongly advised to test your code for compilation on a system other than your own, prior to submission. Non-compiling code will not pass, see the marking rubric for further information.

You will create a Coventry University GitHub private repository to store your source-code and manage version control of your work. Evidence of version control must be included in your regular commits to the repository over the period between the hand out date and due date. Your eventual submission via TurnItIn will link to that repository which must include all of your source-code. You must add Dr Ian Cornelius (ab6459) and Dr Daniel Goldsmith (aa9863) as collaborators to facilitate marking.

The purpose of this task is for students to work in groups (a maximum of six people per group, but no less than three) to build a local enumeration and privilege escalation tool.

Local enumeration is concerned with analysing the target host for details such as:
• Usernames and group names
This document is for Coventry University students for their own use in completing their assessed work for this module and should not be
passed to third parties or posted on any website. Any infringements of this rule should be reported to [email protected].
• Hostnames
• Network shares and services
This list is not exhaustive and can consist of more features. You can read this article for more information on what this tool may contain.
Privilege escalation is concerned with the increase of level access, either through a bug or design flaw.
You can read this article for more information on what this tool will contain.

To successfully complete this assignment you are required to complete the following tasks. Each task has a weight that is attributed towards a portion of the overall grade.

Task 1: Basic Tool (15%)
The purpose of this task involves creating a basic tool that consists of a menu system that can perform
two methods of enumeration and one method of privilege escalation.

As this is a basic task, it is not required to work on multiple operating systems, and it can be assumed that you will be developing it to run on the system it is being developed within. The enumeration method will be expected to have a form of output displayed on the screen, whilst the privilege escalation should drop the user into a shell with an increased level of privilege.

Tasks and Expectations

Task 2: Advanced Tool (30%)

The purpose of this task is to build upon the work you have done in task one and adding six more methods of enumeration and another two methods of privilege escalation.

Additionally, the tool should also determine which operating system it is running on and only suggest appropriate options of your implemented methods to the user. The methods you have implemented for enumeration and privilege escalation, at least one of these should work on a different operating system to the others.

Task 3: Outputting (10%)
The purpose of this task is to build upon task one and two and provide a more advanced logging method. Instead of outputting to the console, it is expected for your groups tool to output to a file. An option is to be added to the menu to change from outputting to the terminal to a file. Note, it is best to ensure that you can log to a file of a given name and location.

Additionally, it is expected to see your tool be able to run with a parameter from terminal. For example,
instead of running python LEAP.py, it is expected we can do python LEAP.py enumerate to display the menu options for enumeration methods.

Task 4: Testing (15%)
The purpose of this task will build upon the work you and your group have done in tasks one to three. For each met

hod implemented, you are expected to write a test case to ensure it is working as expected.
It will be expected that the unit testing will be executed in a separate class file, and following the
convention as shown in the lectures and labs.

This document is for Coventry University students for their own use in completing their assessed work for this module and should not be passed to third parties or posted on any website. Any infringements of this rule should be reported to [email protected].

Task 5: Version Control (10%)
The purpose of this task is to ensure that you are developing the tool iteratively and collaboratively using relevant version control features, such as forking, cloning and merging.

For your submission, you are to include a URL to the Coventry University GitHub service repository along with the commit tag you want marking.

!!! note “Note” When you submit the GitHub repository link, ensure that your repository has been set to private and that you add Dr Ian Cornelius and Dr Daniel Goldsmith as collaborators.

Task 6: Documentation (10%)
To aid in the marking of the assignment, documentation is relevant for the tool you are implementing.
For each function worked upon, it is recommended you included a description of the methodology followed along with the name and student identification number of who implemented the function. It may have been a collaborative effort on a function, therefore explain who worked upon which part.

Additionally, documentation will be required to explain how the tool works. Therefore, it is important to include a README file in the repository outlining how the tool works, and a quick synopsis of functions that exist.

Task 7: Team Software Development (10%)
As this is a group assignment, you will be expected to work within a group of maximum six team members, but no less than three members. A portion of the marks have been allocated towards working as a group; and will be expected to see that each group member has provided something towards the project.

The purpose of this task is to see how you can work as a team and how you can interact with code written by other group members. It will also demonstrate your ability to work with other code repositories and using advanced functionality of the version control system.