Thursday, May 10, 2018

OAuth API

Node js OAuth Resource server

In this blog post, I am going to show how to create a resource server API. First, we need to understand what is it resource server API and how it works. A resource server is a server for access-protected resources. It handles authenticated requests from an app that has an access token.

By getting into this diagram you can identify it correctly.

You can create your own API server or you can download wso2 identity server.http://wso2.com/products/identity-server/.In this case I have created my own identity server and resource server in single API with using node.js.In order to run that you have to install node.js on your machine. https://nodejs.org/en/download/ To retrieve information or resources we use endpoint.

As you can see OAuth grant type I have given is client_credentials. This has to be mentioned in the request body when you try to get the access token from the authorization server.
This app runs on port 4000. You can give any port number there.
There are two endpoints I have created in this. One to get the access token which is "/oauth/token" and the other one is to get resources which is "/profile".
I have hardcoded one value which is the name ("pamoda") and this comes as a JSON object as requested resources.

Here I have created a user first (username = admin, password = admin) and all the functions and configuration that handle requests from the client are written in this file.

Open your CMD and run this

Let's run this resource server using node.js.

To make all get and post requests to the resource server we use Postman Chrome Add-on. You can use other similar products such as RESTclient Mozilla Firefox Add-on for this.
First of all We have to make a POST request to get the access token from the authorization server.
For that, we have to send the authorization key in the header.

Authorization : Bearer XXXXXXXXXXXXXXX

And also we have to mention the content type in the header.

Content-Type : application/x-www-form-urlencoded

Then we have to mention these 3 parameters in the body.

username=admin

password=admin

grant_type=client_credentials

The URL should be the endpoint that gives us the access token.

http://localhost:3000/oauth/token

When we send this http://localhost:3000/oauth/token we get the response which has access token in it. This access token also has an expiration time.

Then we have to make a GET request to retrieve the resources we need.

Now our URL is different because we have to call a different endpoint to get these resources which is

"http://localhost:3000/profile".

We do not have to mention anything in the body.
In the request header, we should send the access token we got in the previous step.

Authorization: Bearer XXXXXXXXXXXXXXX

Make sure that the access token is not expired. Otherwise, you will get an error message saying that it has expired.
When you sent this request you get a response that contains the resources we specified in the code.

{"name":"pamoda","id":"set"}

Herer is the code you can download it from the Github

https://github.com/pamoda-perera/oauth-api

Thank you!

B/R

CSRF Token with Cookies

Cross-site Request Forgery protection in web applications via Double Submit Cookies Patterns

In the previous blog post, I have discussed how to achieve CSRF attack protection using synchronized token pattern method. In this post, I am going to discuss how to enable CSRF protection using double-submitted cookie pattern.

What is the double-submitted cookie?

When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user’s machine separate from the session ID. The server does not have to save this value in any way, that's why this pattern is also called Stateless CSRF Defense.

In double-submitted cookie pattern, two cookies (for the session and for the CSRF token) are stored in the browser.
In our previous method, we stored CSRF token values on the server side (text file). But here we don't do it.

Implementation of "Double Submit Cookie" Pattern

Once this page gets loaded on the web browser user sees a simple login form. Username and password are hard coded in the code.

result.php

As you can see two cookies are stored on the browser. These cookies have 1 year expiration time and they are accessible from anywhere.

Javascript function is written to retrieve the csrf value from the csrf cookie set on the browser. Then DOM will be modified with the value that is retrieved from the csrf cookie.

home.php

csrf cookie value and the html hidden field csrf value are sent to the checkToken function as parameters.

token.php

This function returns true if the csrf token values get matched.

This is the second way of protecting your website from csrf attacks with the help of double submitted cookie pattern.

You can download this implementation from my git gub account

https://github.com/pamoda-perera/csrf-token-with-cookies

CSRF Token

Cross-site Request Forgery Protection in web applications via Synchronizer Token Patterns

What is Cross_Site Request Forgery Protection (CSRF)?

This is a kind of attack and type of a malicious exploit of a website. We also name this attack as the one-click attack or session riding. This forces an end user to execute unwanted actions on a web application in which they're currently authenticated. This attack is mainly focusing on state-changing request, not theft data.

As an example, if the user 'A' wants to transfer the 200$ to the bank 'B'.He needs to send a request to the bank 'B' and bank will send the response by authenticating user 'A'.There is an attacker he/she needs to fraud this money form user 'A'.what the attacker can do is he will create a malicious web link and send it to the user by forcing to click that link . while the user clicks the link for the transferring purpose but the thing is attacker was transferring the money to his account. To avoid such kind of stateful attacks we need to enable CSRF protection in our web pages.

In this blog post, we are going present how to mitigate such kind of attack by enabling CSRF token validation.

We have a simple login page to provide username and password which is checked with the hardcoded values. Once the authenticated user login to the system it will create a session and also generate the CSRF token on the server side. When login successful, token will be stored in a hidden field on the web page. After authenticating his or her identity to the website user wants to continue his or her activity by submitting whatever the action. At this time stored token in the hidden field will check with stored CSRF token value in server side. If the stored token value in the hidden field wrong the system will redirect to the login page by avoiding your response. Otherwise, it will continue the process by assuming an authenticated user has logged in to that session.

Let's see this source code....

This is the file structure and you can clone it from the GitHub and run it on localhost.

This is the index.php file we create it as for our login page. You can enter your username and password. If the entered values are correct it will redirect to the result.php file.

This result.php file store the values which are passing through that text fields.If the user is valid one it will redirect to the home.php file.If not it will redirect again to the login page.

Here we come to token.php to execute generateToken function.That is the function of the CSRF token generating place. The token will be generated by random.

This is the file which checks tokenCheck.php

When the valid user login it will redirect to the home.php file.

Finally all the user login and token are valid it will redirect to the profile.php

If the token is valid it shows the following message and if not show the error message by redirecting.

This video will help you to understand how it works :)

Here is the link to clone sourse code through the GitHub

https://github.com/pamoda-perera/csrf-token.git

Monday, October 23, 2017

Recovering Data

Hellow Guys :)

Today i am going to make your life pretty much easier by teaching new techniques.We call this as forensic.Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
What i am going to cover in this section is how to create USB drive image file with data.The most interesting part of this section is that data had being deleted and our target is recover that delete data.
For this we use .dd format for create USB drive image

This is the screenshots for that
step 01 - you have to format USB without quick format option.

step 02- delete what you have created before

Step 03-Select physical drive and click next

Step 04-Now select target drive

Step 05-Select your image format

Step 06 - Fill the evidence information

Step 07 - Give save location

Step 08 - Click start for creating image process

Step 09 -Finally you have these kind of files

Step 10 -Start the recovering software 'Autopsy'(you can use any recovering software)

Step 11- You can get the all deleted file in here

Step 12-Select the file what you want and R.click and click extract here.

Step 13- Finally you got the doc with data

Thankyou.......

Saturday, August 5, 2017

About Facebook

Facebook is a very popular social networking site, but there are a number of security issues with the site that can put you at serious risk if you aren't careful. The number of Facebook account hackings seem to be on the increase and this page is in response to a friend who asked what to do after her account got hacked.

While any online account is in danger of being hacked, Facebook has unique features that make this danger even more likely. For one thing, it is very common to post personal information which can be used to steal your identity. But the significant danger is because it is so easy to run malicious programs that can hack your account. In particular, be very careful using any application that asks to access your profile.

Keep in mind that if your account is compromised, not only is your personal information exposed, but the personal information of all your friends as well. So, even if you don't have anything sensitive in your profile information, your friends might. Every time you take one of those quizzes on Facebook, you are risking your information and that of your friends.

Facebook Profile Hacking Techniques.

1. Phishing

Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.

2. Keylogging

Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record everything victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealer's

Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http (unsecure) connection. In Session Hijacking attack, a hacker steals the victim’s browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and Wi-Fi connections.

5. SidejackingwithFiresheep

Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same Wi-Fi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards Wi-Fi users.

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victim’s mobile phone then he can probably gain access to his/her Facebook account. There are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.

7. DNS Spoofing

If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

9. Man in the Middle Attacks

If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

10. Botnets

Botnets are not commonly used for hacking Facebook accounts, because of its high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.

How A Hacked Facebook Account Can Affect Your Privacy And Security.

1. Data mine for mobile numbers and e-mail addresses on account profiles.

2. Use Photos of your friends and the data obtained from their accounts to set up more fake profiles.

3. Collect personal data of your friends to be used for phishing attempts.

4. Identity theft.

5. Install rouge Facebook applications and send spam and scam links to all of the friends in your old account.

6. Monitor status updates of friends and their check – ins to know when they are and when they are not at home.

7. Privacy settings revert to a less safe default mode after each redesign.

8. Your real friends unknowingly make you vulnerable.

9. Scammers can create fake profiles.

Note: -Depending on the skills of the oppressor, there are many more things a professional cyber-criminal could devise.

What To Do When Facebook Account Is Hacked.

1. Recover Hacked Facebook Account.

The first thing to do when you realize your account has been hacked, report your Facebook account is hacked. You will be presented with a dialog box that asks you if you wish to report a hacked account.

2. Set Up Login Approval

When you turn on login approval, Facebook sends a code to your phone when someone tries to access it from an unknown device for the first time. For example, if you got a new network and you log into Facebook account (where the IP address is different), you will receive a message saying a code has been sent to your phone that is registered with Facebook. You will be asked to type in the code – displayed in the text message in your phone – before you can gain access to your Facebook Account. This two-step authentication method will further secure your Facebook account. You can activate Login Approvals from Security tab of Account Settings.

3. Cleanup Facebook Account

Soon after you log into the Facebook account, you need to undo the changes the hacker might have done to your account. To check the activities, go to your profile timeline and see if anything has been posted on your timeline or on your friends’ timeline from your profile.

You may also want to check out the messages folder to see if the hacker sent any messages on your behalf. If the hacker did send messages to people, you should send messages to the same people telling them about the account being compromised and apologizing for the inconvenience the messages might have caused to them.

4. Cleanup Authorized Apps

One of the most common methods how Facebook account gets hacked is the apps we authorize for using our Facebook account. Go to Account Settings and click on Apps. This will open the view where you can check out all the apps you have authorized for using data from your Facebook account.

If you find any app that you do not recognize, remove it from Facebook by clicking on the X button available towards the right. You may also want to clean up the apps view by removing the apps that you no longer use.

B/R
Pamoda P.Perera

Vulnerable OS - Windows 2000

Key Tool Used:- nmap

DB exploit

Nessus

Turn on the windows 2000 and kali linux on a virtual environment.

1).find the IP address of win2000 machine

Run->cmd

Type ipconfig

2).find the IP address of kali linux

Run->cmd

Type ifconfig

And

Start Nessus

3) So for our first scan we have to go to the Scan Templates tab

Select new scan.(using Nessus tool)

4) If you go to the Result tab you in there you can see the scan populate in real time ;The vulnerabilities are broken down into categories related to the severity of the vulnerability

Purple-critical

Red-High

Orange-Medium

Green-low

Grey-Information