ONE$ && ZER0$

Developing a capture the flag In this blog post, I thought to write about the development process of a couple of levels in a capture the flag box AKA CTF box. This CTF is developed to demonstrate vulnerabilities that are beyond from typical vulnerabilities such as XSS (Cross-Site Scripting), SQLi (SQL Injection) and WordPress thus these CTF challenges are contained with stuff like hash cracking, reverse engineering, request manipulation and so on. If you try to play this (web-based) levels, you need to have the previous level’s flag in order to obtain any information about the next level’s credentials such as the password to the next level and sometimes the username. In this demonstration, there are four levels that use a web platform as the main interface for the player and these levels contain different tasks that the player needs to complete in order to reach the final level and complete the Box. The four main tasks are as follows, The first challenge is to crack ...

What is RMI?  RMI stands for Remote Method Invocation. It is an application programming interface (API) that allows an object running on one Java Virtual  Machine (JVM) to invoke methods on an object running on another Java Virtual Machine (JVM), client server architecture is a good example where RMI is used. Basically, RMI provides for communication between programs written in the Java programming language. Architecture  In an RMI application there are two programs, a server side program and a client side program. Inside the server side program, a remote object is created and reference of that object is made available for clients. The client side program requests the remote object from the server to invoke its methods.  (A diagram to represent RMI architecture) Stub & Skeleton? Stub is a representation the remote object in the client and its acts as a gateway for the client program. Skeleton is the object that in the server-side. stu...

I previously explained what is CSRF  and how we can mitigate a CSRF attack using Synchronizer token pattern technique. In this blog post I'm going to talk about another CSRF mitigation technique called "Double Submit Cookies Pattern"  😉 What is Double Submit Cookies Pattern? This is a technique, that sends a random seed or a "token" as we call it, in both a cookie and as a request parameter, with the server verifying if the cookie value and the request value match. Why DSCP? Now its obvious that a third party entity cannot perform a CSRF attack without the CSRF token, and in here attacker or the third party entity cannot get the token because its in a cookie, and third party web pages cannot retrieve cookies from another web page that has a different domain. For example, assume that the genuine web page is banker.com, and the attacker's web page is attacker.com, when a user logged in to the banker.com, and accidentally redirect to attacker...

In previous blog posts about OAuth 2.0  and  OAuth Grant Types  I discussed about the basic idea of OAuth 2.0 framework and the four main grant types of retrieving an access-token. Comparing all four grant types, you can see that the "Authorization code" grant type is somewhat complex than the other three grant types. So, I thought about developing a simple web based java application just to demonstrate the message passing (requests and responses) flow of  OAuth 2.0 Authorization code grant type. Again, if you are not familiar with OAuth 2.0 framework or its grant types, visit my blog posts about, OAuth 2.0  OAuth 2.0 Token Grants   😊 As I was saying, I developed an application to demonstrate the flow of authorization_code grant, and I used JAVA as the language, Apache Maven as the building tool and Apache Tomcat as the web server. Lets see how this works. 😉 As you remember, the first thing to do as a client is to get the authorization code....

If you try to create an account or login to some websites or any other application, as an example when you want to create an account in N VIDIA, there’s an option that you can create an account simply by using facebook. So there’s this button called “Login with Facebook” which you click and use your facebook account’s details. It’s easy to use facebook than creating a new account and remembering the passwords and all, and your facebook account also holds the relevant information. Did you ever think about what’s happening behind the scene of this process? That’s where the OAuth comes in. OAuth is an authorization framework that enables a third-party application to obtain limited access and use authorized resources of a HTTP service, as an example facebook. This can happen either on behalf of a resource owner by arranging an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own be...