Let’s discuss OAuth Vulnerabilities.
Nice beginner room. Read carefully and repeat what’s written.
Key Concepts
Question: Which (optional) parameter can be used to prevent CSRF attacks?
Answer: state
Question: What credentials can the client use to access protected resources on behalf of the resource owner?
Answer: access token
OAuth Grant Types
Question: What is the grant type often used for server-server interaction?
Answer: Client Credentials
How OAuth Flow Works
Question: What is the cliend_id value after initiating the OAuth 2.0 workflow?
Answer: zlurq9lseKqvHabNqOc2DkjChC000QJPQ0JvNoBt
Question: What parameter name determines the time validity of a token in the token response?
Answer: expires_in
Identifying the OAuth Services
Question: What is the name of the toolkit used for implementing Oauth in the URL http://coffee.thm:8000/?
Answer: django-oauth-toolkit
Exploiting OAuth - Stealing OAuth Token
Question: What is the flag value after getting the access token?
Answer: THM{GOT_THE_TOKEN007}
Exploiting OAuth - CSRF in OAuth
Question: What is the flag value after attaching the attacker’s account with the victim’s account?
Answer: THM{CONTACTS_SYNCED}
Question: What parameter name does the client application include in the authorization request to avoid CSRF attacks?
Answer: state
Exploiting OAuth - Implicit Grant Flow
Question: What symbol separates the access token from the OAuth 2.0 implicit grant flow URL?
Answer: #
Question: Visit the URL http://coffee.thm:8080/flagvalidator/ and enter the access token you acquired. What is the flag value?
Answer: THM{TOKEN_HACKED}
Other Vulnerabilities and Evolution of OAuth 2.1
Question: Which of the following has been omitted from OAuth 2.1? a) Implicit Grant b) Authorization Code c) Tokens d) State
Answer: a