3809ICT Assignment Specification 
Due Time: 23:59, 31th May 2024 
Weighting: 50% (Report 40%, Reflection/Peer-Review 10%) 
 
This assignment is worth 50% of the total assessment for the course. It is designed 
for a group of four students. The group enrolment has been completed, and no 
further group changes should be made in principle. 
 
This assignment aims to gain knowledge and understanding of penetration testing 
through research and practical experience. This understanding will be 
demonstrated by submitting a formal technical report of a penetration test. 
 
You are also required to peer-assess your final submission and reflect on your 
assignment and how each group member has contributed to the final submission. 
This allows you to reflect on what you and your team members have learned from 
this assignment and what you need to enhance your knowledge and skills in 
security and penetration testing. Each group member should be awarded a mark 
out of 10 for peer assessment. This will be submitted as a separate assignment. 
 
All group members shall receive the same marks unless in the situation that some 
group members had a significantly low contribution to the final report. Your 
group is encouraged to keep a working log and all your communication history in 
case of a dispute on the peer assessment. Support information for working in 
groups can be found here. 
Task 
The main task is to conduct a penetration test of a network. You will be required 
to write a report of your penetration test results. The assignment network will 
contain several host machines, and there will be flags (text strings) that you will 
need to identify on the machines. Each flag starts with the characters FLG24. For 
each flag you locate, you should write up the process you used to access and find 
the flag. There are 15 or more flags that are not necessarily evenly distributed on 
the targets. The assignment theme is based on the game Elden Ring. And all flag 
strings are related to it. 
Instructions for Connecting to the Kali VM on MS Azure 
 
You should have gotten an email that asks you to register for the MS Azure lab. 
Click the blue button in the email, and you will be taken to a webpage.  
Start running the cloud service (1), and then click the “network” button (2). Note 
that step 1 may take a while. After clicking the “network” button, your browser 
will download a connection file onto your computer. 
 
Install Microsoft Remote Desktop (Google it) if you haven’t done it. 
 
Double click the above connection file, and you will be presented with a log in 
window like below. 

The password for undergraduate students is #Griffith3809ICT 
 
Enter the password and click “Continue”, and you will log in to a Windows VM, 
like below.  
 
Open the Remote Desktop application on the Windows VM (not on your 
computer). 
In the connection window, enter the IP address 192.168.10.1, which connects to 
the Kali VM.  
 
Enter the IP address and click “Connect”, and then you will see a warning 
window. 
Click Yes, and then you should see the Kali login screen. 
 The username for Kali is kali, and the password is kali (Same as your Cyber 
Range setup). Once logged in, you should see the familiar Kali OS. 
 
The gateway 192.169.10.1 connects to the Internet. 
 
For undergraduate students, the gateway 192.168.11.0/24 is for the assignment 
network. 
 
Submission 
Please submit your assignment via the Canvas course site's 3809ICT/7809ICT 
Assignment Submission point under the Assessment Overview link. A separate 
link is also available to upload the peer review forms. The quality of the 
presentation of a formal technical report is as important as the quality of the 
technical content of the report in the profession. 
 
The submission involves two documents: 
• Each group leader should submit a group report via the “3809ICT/7809ICT 
Assignment Submission” link. (Please note that only the group leader 
needs to submit this report. Please avoid submissions from other 
group members.) 
• Every student should submit a reflection/peer-review document on the 
Peer-Review Form Submission link. (Ensure you submit the correct 
assessment items to the corresponding submission links). 
 
Your assignment will be assessed on: 1. The text of both documents should be in 12-point Times New Roman or 11-
point Arial font or something equivalent and in single-line spacing. 
2. Page size is A4 with 2cm in margins on all sides. 
3. The body text of your group report should be at most 10 pages long, 
excluding appendices. 
4. The group report is suggested to be organised with a cover page, executive 
summary within one page, declaration of contributions of each of your 
group members (within one page), table of contents, body text, and 
appendices. The presentation and format of your report are worth 2 
marks. 
5. The body text consists of your overall analysis (open ports, associated 
services, operating system) of each host and network map of the network 
(4 marks), a description of how each flag was found and obtained (30 
marks, 2 marks per flag), and recommendations on how to protect the 
network against the attacks (4 marks). 
6. The peer-review document should include your group members' 
contributions from your point of view. You should give each of the group 
members a mark out of 10. Your self-review is worth 3 marks, and the 
reviews you get are worth 7 marks. 
Academic Integrity 
Violation of academic integrity is not acceptable, and the university’s academic 
integrity policies and procedures apply. If potential academic misconduct were 
identified, the course convenor would investigate through oral exams on the 
assignment work to all group members. Academic misconduct (e.g., purchasing a 
report or directly copying from the Internet with no proper reference) will result 
in a reduced mark in this assessment item. 
Individual Assignment Extension 
The extension may be given to individuals on the grounds considered by the 
University policy. The group should submit the assignment report and peerreview
forms by the deadline, clearly indicating the missing content to be done by 
the extension requester. After the missing part is submitted, the two parts of the 
assignment report will be marked together. 

请加QQ：99515681  邮箱：99515681@qq.com   WX：codinghelp