Skip links

作业代写|Assignment 0x02 – OSINT Recon & Network Scanning




  • Answer questions below
  • Please ensure you provide the details of what you did (command executed, script written, screenshot of any results, etc), and not just provide the answer!
  • Upload your assignment as PDF by the due date

Part I – OSINT, Recon & Network Scanning

  1. (1 point) Search on the University of Adelaide domain for a PDF document containing the word “crucifixion” in the titleof the document. (a) What is the Google search syntax and (b) who is the author of the PDF file?
  2. (1 point) Google dorks are good at finding vulnerabilities in websites. Do a quick research for the cross-site scripting (XSS) vulnerability in a product called Calcium by Brown Bear Software (you will learn about XSS in subsequent modules). What google search would you perform to find websites running Calcium? Perform the search, and paste a screenshot of the results.
  3. (1 point) Use the whois_pocs module in recon-ng to list some contacts for Who is located in Miami, Florida?
  4. (2 points) Us the techniques introduced in the workshop to complete the following table.
Question Answer resolves to: (IP address)
Other domain names that resolve to the same address (List a subset of other domain names that resolve to the same IP address as above)
Owner of the IP address (Organisation name according to whois)
The IP address range which the IP address belongs (Netblock IP range according to whois)
The Autonomous System Number (ASN)  that contain the IP address (ASN that contains the IP address range. e.g. AS1234)
Other netblocks registered under the same ASN (List of netblocks/ip address ranges)
  1. (2 points) Create a free account on ( (Links to an external site.)). You will be entitled to an academic upgrade if you register using your or account. Learn a bit about the Shodan search modifiers, similar to the Google ones (e.g., see here (Links to an external site.)) . Search for information on hosts under the company “Pfizer” and answer the following questions. Start with the “org:” modifier.
Question Answer
What firewall products are mainly used?  
What are some version(s) of IIS server is seen?  
According to Shodan, what are some of the vulnerabilities in one of the versions of the IIS servers?  
Choose the most recent vulnerability from above, and find the CVSS2.0 string for it by looking it up on  
  1. (2 points) Write a simple DNS brute-force script in your language of choice to enumerate hostnames under a given domain and an input dictionary. Run the code against edu.auusing this dictionary file  Download this dictionary file(this file contains the entire 3-character permutations – please unzip before use). Running the whole list will take a long time, so you can stop after a few minutes. Paste some preliminary results.
  2. Here is a sample code for Python3:

#!/usr/bin/env python3

import sys, socket

socket.setdefaulttimeout(0.1) # set timeout to 100ms

host = “”


ip = socket.gethostbyname(host)

print(f”{host} resolves to {ip}”)


pass # ignore error

9.(1 point) Use the Wayback Machine to find out how Access Adelaide ( looked like 10 years ago, in 2009. How does it look compared to the current Access Adelaide?

8.(1 point)There is a network service running on the Hacklab VM behind a port somewhere between 20000 and 60000.

a.Identify the port number and connect to it using netcat (“nc” or “netcat” command) to retrieve the secret.

b.Paste a screenshot showing the secret answer.

c.Explain how you identified and retrieved the secret answer.

9.(1 point)The Hacklab VM is running what’s known as a “port knocking” that opens a previously closed port 12345 for a limited time if you send a series of SYN packets to these 3 ports: 1122, 2233, 3344 (be careful, there is a timeout of 15 seconds, so you may have to write a simple script).

a.Connect to port 12345 using netcat to get the secret.

b.Paste a screenshot showing the secret answer.

c.Explain how you identified and retrieved the secret answer.

Leave a comment