Example Architectures

NFS and the Web

The Network File System (NFS)

Remote access model (NFS)
- File stays on server
Upload/download model (FTP)
- File needs to be downloaded first
Remote procedure call (RPC)
- A standardized way to let a client on machine $A$ make an ordinary call to a procedure that is implemented on another machine $B$ .

Simple Web-based systems (client $\Leftrightarrow$ server) 1. The client sends a GET request to the server. 2. The server fetches document from local file. 3. Servers sends the response back to the client.
Multi-tiered architectures (client $\Leftrightarrow$ Web server $\Leftrightarrow$ CGI process $\Leftrightarrow$ database server) 1. The client sends a GET request to the Web server. 2. The Web server starts process to fetch document. 3. The CGI process asks the database server for data needed. 4. The database server gives the CGI process those requested data. 5. The CGI process creates a HTML document and sends it to the Web server. 6. The Web server returns the result back to the client.

CGI defines a standard way by which a Web server can execute a program taking user data as input. The service can be found at /cgi-bin/. In CTF, CGI is often linked with Shellshock. For example, https://blog.wyatttauber.com/ritsec-fall-2018-ctf-week-6-45d414035c76.

Last updated 2 years ago