ONE$ && ZER0$

Developing a capture the flag In this blog post, I thought to write about the development process of a couple of levels in a capture the flag box AKA CTF box. This CTF is developed to demonstrate vulnerabilities that are beyond from typical vulnerabilities such as XSS (Cross-Site Scripting), SQLi (SQL Injection) and WordPress thus these CTF challenges are contained with stuff like hash cracking, reverse engineering, request manipulation and so on. If you try to play this (web-based) levels, you need to have the previous level’s flag in order to obtain any information about the next level’s credentials such as the password to the next level and sometimes the username. In this demonstration, there are four levels that use a web platform as the main interface for the player and these levels contain different tasks that the player needs to complete in order to reach the final level and complete the Box. The four main tasks are as follows, The first challenge is to crack ...

I previously explained what is CSRF  and how we can mitigate a CSRF attack using Synchronizer token pattern technique. In this blog post I'm going to talk about another CSRF mitigation technique called "Double Submit Cookies Pattern"  😉 What is Double Submit Cookies Pattern? This is a technique, that sends a random seed or a "token" as we call it, in both a cookie and as a request parameter, with the server verifying if the cookie value and the request value match. Why DSCP? Now its obvious that a third party entity cannot perform a CSRF attack without the CSRF token, and in here attacker or the third party entity cannot get the token because its in a cookie, and third party web pages cannot retrieve cookies from another web page that has a different domain. For example, assume that the genuine web page is banker.com, and the attacker's web page is attacker.com, when a user logged in to the banker.com, and accidentally redirect to attacker...

In the previous blog post about cross site request forgery AKA CSRF , I discussed about the basics about CSRF, what it does and some mitigation techniques. Among those techniques, in this blog post I’m going to talk about the Synchronizer Token Pattern and its flow when exchanging CSRF token. What is Synchronizer Token Pattern? This is a technique where a unique secure string value, also known as a CSRF token, will embedded by the web application in all HTML forms and verified on the server side in each state changing requests. The token may be generated by any method that ensure uniqueness, unpredictability and security so that any attacker would not be able to place the correct token along with the request. Why STP? A third party attacker cannot perform a CSRF attack, because cross domain AJAX calls are not possible. This means, the victim is in banker.com, and attacker.com cannot request the CSRF token  from the server via an ajax, because the domain doesn...

What is this? ❓ Cross-Site-Request-Forgery in simple terms CSRF is an attack type that forces users to execute unwanted actions on a web application (typically a web page) in which they are currently authenticated. CSRF attacks specifically target state changing operations. An attacker can trick legitimate users of a legitimate web application into executing actions of the attacker’s choosing. A successful CSRF attack can perform state changing requests like transferring funds, changing statuses and so forth. A CSRF attack inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf. For most sites, the web browser request any credentials associated with the site, such as the user’s session cookie and all. Therefore, if a user currently authenticated to a site, the site cannot identify the difference between the legitimate requests sent by the victim and forged requests sent by the victim. (Attacker's request) For...