CTFZone Paper: Trust Area — Backend Part

Introduction

Task architecture

Fig. 1. Task infrastructure

Backend

Architecture

  1. Every player could quickly deploy the task and test it locally.
  2. 2. We, as organisers, could select any bunch of services for the task, having the freedom to add any vulnerabilities and exploitation chains.
Fig. 2. Backend architecture

Vulnerability complexity dilemma

Description of vulnerabilities

1. IDOR

2. Nginx misconfiguration

Fig. 3. Logs reading

3. and 4. SQL injections

5. Open Redis port

6. Refresh token leakage

Source code:

--

--

--

International community conference for cybersecurity researchers and professionals. No suits, no business — only hardcore research.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Script to run Selenium and Headless Chrome on AWS Lambda with SAM

Inspect network traffic on Android

{UPDATE} Long Jump - World Championship 2017 Hack Free Resources Generator

Connecting two instances of IdentityServer 4 using the ComponentSpace SAML v2.0 for .NET Core stack

Skaffold & Jib for running Java applications on Kubernetes

Towards … Coding For All

How I started learning html.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
OFFZONE

OFFZONE

International community conference for cybersecurity researchers and professionals. No suits, no business — only hardcore research.

More from Medium

Live reverse engineering of a trojanized medical app — Android/Joker

The Various Utilization Methods of PHP Serialization & Deserialization

Lesser Known Web Attacks: Server Side Injection

Hacker101 CTF: Micro-CMS v1