Cryptographic errors are flaws in the implementation of cryptography that can lead to data leakage or compromise.
Description: Use of outdated or unsafe cryptographic algorithms or protocols.
Example: Using MD5 to hash passwords instead of more modern algorithms like bcrypt or Argon2, which can easily crack hashes.
Description: Incorrect or insufficient encryption of sensitive data.
Example: Storing passwords in plain text or using weak encryption keys, making data accessible to attackers.
Description: Storage of cryptographic keys in untrusted locations or without adequate protection.
Example: Storing cryptographic keys in application code or configuration files accessible to attackers.
Description: Insecure session management that allows attackers to intercept or spoof user sessions.
Example: Using predictable or not sufficiently complex session identifiers that can be easily guessed or forged.
HTML entities – are special characters used to replace unsafe or reserved characters in HTML code to prevent them from being misinterpreted by the browser.
Example:
Original code: <script>alert(‘XSS’);</script>
Coded: <script>alert(‘XSS’);</script>
HTML code is interpreted as text in the browser, not as executable code, which prevents XSS attacks.
If a website does not correctly process HTML code and does not properly encode input data, an attacker can use an XSS (Cross-Site Scripting) attack to execute JavaScript code on the client side. This can allow it to hijack user sessions, insert malicious scripts, or modify data on a page.
Example:
An attacker enters: <script>alert(‘XSS’);</script> into an input form, and if the data is not properly encoded, this script will be executed in another user’s browser.
URL encoding (also known as percent encoding) is used to ensure that special characters are passed in URLs. This is necessary to avoid conflicts with special characters that have meaning in the URL structure.
Example:
Original text: lorem with !@#$%^
Coded: lorem+with+%21%40%23%24%25%5E
Special characters are encoded in the format %XX, where XX is the hexadecimal ASCII value of the character code.
Attackers can use URL encoding to bypass web application filters. For example, if the server filters out dangerous characters such as < and >, an attacker could encode them into %3C and %3E and inject malicious code.
Example:
URL encoding can be used to bypass SQL injection filters or XSS attacks. An attacker could encode a malicious SQL query or JavaScript code and enter it into a form on a site that does not validate and decode this data properly.
Base64 is a way of encoding data that converts it into a format that consists only of characters that can be represented as text (letters, numbers, and a few special characters). This method is usually used to transfer binary data such as images or files in text format.
Example:
Original text: this is original text
Coded: dGhpcyBpcyBvcmlnaW5hbCB0ZXh0
Base64 encodes data as text that can be transmitted over text-based protocols.
Red Team Perspective:
Attackers can use Base64 to hide malicious code or data in a format invisible to the user, making it difficult to detect an attack.
Example:
An attacker can base64 encode malicious JavaScript code and embed it in a web page or email. Once decoded, this code can execute and cause harm to the user’s system.
How HTTP works:
A client (for example, a browser) sends an HTTP request to a web server asking for a specific resource (for example, a web page).
The server responds to the request by sending back a resource, which can be an HTML file, an image, or some other type of data.
HTTP is a dangerous protocol because it transmits data in the open, without encryption. This allows attackers to intercept information during a man-in-the-middle (MITM) attack. Such access allows them to obtain sensitive data, including passwords, session tokens, and other sensitive information.
Example:
MITM attack: An attacker can use a network sniffer, such as Wireshark, to intercept HTTP traffic and read the transmitted data, such as logins and passwords.
Session Hijacking: Using intercepted data such as session cookies, an attacker can hijack a user’s session and gain access to their account.
HTTPS is a secure version of HTTP that applies encryption to ensure the confidentiality, integrity, and authenticity of the data being transmitted. To protect data, HTTPS uses the TLS (Transport Layer Security) protocol or its predecessor SSL (Secure Sockets Layer).
How HTTPS works:
When using HTTPS, all data between the client and the server is encrypted, which protects them from interception and modification.
HTTPS also provides server authentication using digital certificates to confirm that the client is connecting to the correct server and not a fake one.
Red Team Perspective:
HTTPS is not completely secure. Although HTTPS encrypts data, it does not protect against other types of attacks. For example, if the server is configured incorrectly, attackers can perform SSL-stripping attacks or exploit vulnerabilities in the TLS/SSL implementation.
Example:
SSL-Stripping: An attacker intercepts traffic and replaces HTTPS with HTTP during a request. The user sees a normal HTTP page, thinking it is secure, and all data is transmitted in the clear.
TLS Attacks: Vulnerabilities in older versions of SSL/TLS, such as POODLE, can be used to decrypt data or perform other privacy attacks.
Protect sensitive data with encryption. To ensure the protection of sensitive information that may be used in the future, it should be stored in encrypted form. This ensures that even if the data is stolen or hacked, access to it will be restricted to unauthorized persons.
An example of encryption:
Example:
A weak password attack: If the password or passphrase is weak, an attacker can perform a brute-force attack and gain access to the data. For example, using tools like Hashcat, you can automate key selection.
IV attack: If the initialization vector (IV) is too short or repeated, an attacker can try to decrypt the data using ciphertext attacks.
Password storage using hashing. Passwords should be stored as a hash, not in the plaintext, to ensure they are protected in the event of a database leak.
Example of password hashing:
Hash attack: If password hashes are stored without proper additional protection, attackers can use methods such as Rainbow Tables or brute-force attacks to crack passwords.
Example:
Weak hashing: If a weak or outdated hashing algorithm (such as MD5 or SHA1) is used, attackers can quickly crack passwords.
Attack on salt (salt): If hashing is done without adding salt (random salt), an attacker can use pre-calculated tables (Rainbow Tables) to reveal hashes.