Cloud Computing Project: Meme-Sharing Website with Security Exploits

Project Overview

For my Cloud Computing class, I embarked on an ambitious project to build a website from the ground up. The primary goal was to develop a web platform where users could upload and share memes. Additionally, I explored security vulnerabilities and exploits as part of the project, implementing a scenario to demonstrate an iframe-based attack vector.

Technology Stack

• PHP: Server-side scripting
• SQL: Database management
• HTML/CSS: Front-end design
• Metasploit: Exploitation framework

Project Goals

1. Develop a Functional Meme Sharing Website
   • Build a website allowing user registration, login, and meme uploads.
   • Ensure data is stored securely in an SQL database.
2. Implement Secure Login and User Management
   • Use SQL to manage user credentials and secure login sessions.
   • Implement password hashing and session management to enhance security.
3. Explore Security Exploits
   • Create a scenario where a vulnerable Windows machine visiting the site downloads a malicious payload.
   • Use an iframe to facilitate the exploit delivery.
   • Establish a Metasploit shell on the target machine to demonstrate the exploit.

Development Process

1. Brainstorming and Conceptualization
   • Ideas for the project were formulated during class brainstorming sessions and influenced by a talk at Seattle BSides 2023.
   • Decided to combine a functional web application with a security exploit demonstration.
2. Building the Website
   • Learned and implemented PHP for server-side functionality.by a talk at Seattle BSides 2023.
   • Designed the front end using HTML and CSS, ensuring a user-friendly interface.
   • Developed SQL queries to manage user data and meme storage.
3. Securing User Logins
   • Implemented SQL-based authentication for user registration and login.
   • Used password hashing techniques to protect user passwords.
   • Managed user sessions securely to prevent unauthorized access.
4. Implementing the Exploit
   • Integrated an iframe into the website to deliver a malicious payload when the targeted vulnerable Windows machine is accessed.
   • Used Metasploit to create the payload and establish a reverse shell for demonstration purposes.

Challenges and Learning Outcomes

Brainstorming and Conceptualization
• Learning New Technologies: Before this project, I had minimal experience with PHP, CSS, SQL, and HTML. This project significantly expanded my skill set in these areas.
• Security Considerations: Understanding the importance of secure coding practices to prevent SQL injection and other common vulnerabilities.
• Ethical Hacking: Gained insights into ethical hacking and the responsible disclosure of security vulnerabilities.

Conclusion

This project provided a comprehensive learning experience, combining web development with cybersecurity and building a functional meme-sharing website from scratch while incorporating security measures and exploits, offering valuable insights into both fields. The skills and knowledge gained from this project are a solid foundation for future cloud computing and cybersecurity endeavors.