In the following, a vulnerable python script (game.py) is given. The program generates a random number and asks the user to guess the randomly generated number. The program terminates when the user guesses the number. This assignment is based on code injection. Run the code in python script and answer the questions below.

# game.py

# import random integer generator "randit" from module "random"

from random import randint

# generate a rondom number between 1 and 10

num = randint(1,10)

# remove the comment character in the following line to see the random number to guess

#print("Number to guess is " + str(num))

print("Guess the number! 1 to 10.")

while True:

guess = eval(input("Your guess: "))

if guess != num:

print("No, " + str(guess) + " is wrong.")

else:

print("Yes, " + str(guess) + " is right.")

break

print("Good bye")

Answer the following questions:

1) Do you believe that if you craft a code as a string and provide it to the program, the program will execute the crafted code? Please explain why?

2)Provide the crafted code __import__('os').getcwd() as input. What does the program do?

3) With respect to question (1), what does the __import__(...) function do?

4)With respect to question (1), what does the getcwd() function do?

5)Please look at the functions provided in the os module (https://docs.python.org/3/library/os.html) of Python. In the document, locate the function that returns the name of the logged user. Similar to the code given in question (1), craft a code that lets you learn the name of the logged user. Inject your code and write down the output you got.

6) In the os module (https://docs.python.org/3/library/os.html) document locate the system function. What does the function do?

7) Using the system function, craft a code which lists the files and folders in the working directory. Inject the code into the program and write down the output you got.

8)Using the system function, craft a code which creates a folder named foo in the working directory. Inject the code into the program and write down the output you got. Were you able to create a folder via the injected code?

9)Using the system function, craft a code which deletes the folder named foo in the working directory. Inject the code into the program and write down the output you got. Were you able to delete the folder via injected code? Do you believe that you can delete any file/folder on your computer via code injection.

10) Using the system function, craft a code which prints (cat) the content of the /etc/passwd file. Inject the code into the program and write down the output you got.

11) Using the system function, craft a code which launches a GUI program such as gedit, libreoffice, firefox, chrome or wireshark. Inject the code into the program and write down the output you got. Were you able to launch the program?

12)Replace the vulnerable line in the script with a non-vulnerable version which carries out the same or similar functionality. Run the new script and inject the code crafted in question (1). Write down the output you got. Please explain what the vulnerability was and how you fixed it in your new version of the script.