OAuth Authorization Framework

OAuth is a commonly used standard by many application developers. It specifies a process for resource owners to authorize third parties access to their server resources without sharing their credentials.
Clients use the access token to grant access to the protected user data. The process that the client grant the access token is known as grant type.

1)Authorization code grant type

Figure 1

Can use to obtain both access token and refresh tokens.The flow of authorization code grant type is as follows.When user authorize the third party app to access data, the app request for authorization .

Then the authorization server authenticates the resource owner.The access token is sent to client application as the response. The client app request for the access token, using the authorization code. The client app get receive the access token as the respones.

2) Implicit grant type

Figure 2

Client is not authenticated in implicit grant type, as in authorization code grant type authorization server authenticates the resource owner. By adding the access token, the resource owner redirects it to the client using the URI fragment. Access token get extracted and passed it back to the client.

3) Resource owner password credential grant type

Figure 3

This grant type is used when the secure relationship is required between the client and the resource owner. After resource owner provide the user name and password to the client, the client request for the access token. Then the authorization server authenticates the client. If the authentication process gets successful, the access token is issued by the authorization server.

4) Client credential grant type

Figure 4

The client can request access token by using client credentials. The authorization server authenticates the client and provides the access token to the client.

You can see a sample project (GitHub) :- OAuth Authorization Framework

Comments

Exploit Development Project

Basic Requirements for exploits  In here shows you how to identify a buffer overflow vulnerability and how to develop a buffer overflow exploit using Python and Ruby scripts within a Kali Linux attack VM.  Also use olly-dbg for debugging of the vulnserver executable. The victim VM will be a,  Windows 7 Professional 32-bit VM with vulnserver installed. Vulnserver is a windows-based multi-threaded TCP server that is intentionally vulnerable to buffer overflow. we're going to be exploiting the TRUN command in Vulnserver in order to a reverse shell with netcat.  In “Windows 7 Professional 32-bit VM” please make sure that the Windows Firewall is turned off and that your attack and victim VMs are able to ping one another. >> GitHub Link >> YouTube Link

Bigbang theory solutions

Phase 1 Give execute permission to the file sheldon1 and then we test our inputs using debugger. Using GDB debugger we can open sheldon1. We need to check the available function. Then we can check the main function. When the program runs we can enter the pass phrase and grant access to the next phase. The program calls the relevant phase function upon the correct phase phrase. Then check the phase_1 function. We have a fixed address pushed to the memory and then we got a TEST instruction. $0x80497c0 In that memory address we can print out the first 30 characters. Then we can use gdb to run the program to get the string and therefore we can test this is the right phrase. key =>> Public speaking is very easy. >> GitHub Link

Linux Shell coding

First you will need nasm installed on your machine to compile it. sudo apt-get install nasm Write the below assembly code in an editor and save as shell.asm To compile it use the following commands $nasm -f elf -o shell.o shell.asm and $ld -o shell shell.o To address this issue we can use the following commands $nasm -f elf64 -o shell.o shell.asm and $ld -m elf_x86_64 -s -o shell shell.o Now run it with: ./shell

DulRu

Search This Blog