Forem: Pranav Joglekar

Move commits from one branch to another

Pranav Joglekar — Fri, 11 Jun 2021 19:33:18 +0000

Scenario:

You encountered a production issue. Immediately you stopped doing whatever you were working on and started fixing the bug. After fixing the bug you observe that you fixed the bug on a different branch. Now you want to move a certain number of commits from a branch A to branch B.

Solution

To move a small number of commits from A to B, use the git cherry-pick command

Say, you have the following branches

Branch A

P ----- Q ----- R ------ S

Branch B

F ----- G ----- H

(Note: P, Q, R, S, F, G, H are all commit hashes/ids)

and you want to move commits Q & R to B(in front of H). You can do the following by

git checkout branchB
git cherry-pick Q
git cherry-pick R

This will result in

Branch B

F ----- G ----- H ----- Q ----- R

Basically, we first checkout to the branch where we want to add the commits, and cherry-pick the commits we want to move, in the order in which they appear in the first branch. Ensuring that the commits being cherry-picked are in sequential order is important or can result in complications.

Like I said, this method works if the number of commits is small, but to move a large number of commits we can use a better method

git checkout <branchname where commits are to be moved>
git rebase --onto <SHA of most recent commit in branchB> <SHA of the commit before the commit that is to be moved> <SHA of the last commit that is to be moved>
git rebase HEAD <branchname where commits are to be moved>

So, for the above example - moving Q & R to branch B, the commands would be

git checkout branchB
git rebase --onto H P R
git rebase HEAD branchB

These two tricks should be enough for moving commits between branches.

To read more of such git tips visit my blog - https://pranavjoglekarcodes.web.app/blogs/posts/2021/git_tricks_1/

Set up NextJS, TailwindCSS and TypeScript

Pranav Joglekar — Sun, 31 Jan 2021 15:40:40 +0000

Introduction

Hello everyone. In this post, I am going to explain how to set up a project using NextJS, TailwindCSS and TypeScript. This blog will also serve as a guide for me to refer to in the future. This guide is not a in-depth guide to all the commands, but is rather is a kind of checklist you can refer too. I am assuming you have basic knowledge of running node applications.
Lets start.

Installing NextJS

The first step is installing nextJS. If you haven't created a npm checked directory yet. Create a new directory, cd into it and type

npm init -y

This will automatically generate a package.json file for you, with all default values.

The next step is to install next and other dependencies required to run the web-application. Here's how we do this

npm install next react react-dom

Once Next and React is successfully installed, we modify the npm scripts in package.json so that they run the appropriate scripts desired while developing and building next applications. Modify the scripts property in package.json to the following:

"scripts": {
  "dev": "next dev", // starts next in development mode
  "build": "next build", //builds the application for production usage
  "start": "next start" // starts a nexjs production server
}

This should complete the setup. Lets add some simple files to verify everything works as expected. Create a src/pages/ folder ( NextJS automatically serves files from this directory). Add an index.js file to this directory. Add a basic hello world react page to this file. Once done with this, type

npm run dev

to start the development environment. You should now be able to see your hello-world react page at the root (/) of the application on the appropriate port.

Adding TailwindCSS

Once we have finished setting up with NextJS, lets install TailwindCSS to help us with designing the application.
Let's start with installing Tailwind and required dependencies

npm install tailwindcss@latest postcss@latest autoprefixer@latest

Now, Tailwind requires certain config files to run(see tailwind.config.js & postcss.config.js ). To install these run

npx tailwindcss init -p

This creates a minimal tailwind.config.js file at the root of the project

The next step is to configure tailwind to remove unused styles in production builds. We do this by modifying the purge parameter created in tailwind.config.js to

purge: ['./pages/**/*.{js,ts,jsx,tsx}', './components/**/*.{js,ts,jsx,tsx}'],

This completes the tailwind setup. The next step is to include tailwind with the css this is done by including

@tailwind base;
@tailwind components;
@tailwind utilities;

in the global css file. If you havent created a global css file yet, create a new file

src/styles/globals.css

and add the above tailwind directives to it.

Finally we import the css file into the jsx components. The way of doing this with nextJS is by creating a new src/pages/_app.js file which contains

import '../styles/globals.css' // or the location of your css file

function MyApp({ Component, pageProps }) {
  return <Component {...pageProps} />
}

export default MyApp

This adds the css to all pages, and you can use tailwind on all pages.
We can now start styling our components using the amazing TailwindCSS

Adding TypeScript support

First, we create an empty tsconfig.js file at the root of the directory. This specifies the next executable that we are using typescript in this project.

Again, the next step is installing typescript.

npm install --save-dev typescript @types/react @types/node

Finally, start the development server with

npm run dev

With this, nextJS does 2 things. It automatically populates the tsconfig.js file(You can change the configurations later) and it creates the next-env.d.ts file, which ensures Next.js types are picked up by the TypeScript compiler. You should not touch this file.

Coda

That's it. This completes the short tutorial. Reach out to me if you are facing issues with following the tutorial, or are facing any issues setting up these frameworks.

Setting up precommit hooks for prettier, EsLint, jest

Pranav Joglekar — Sun, 10 Jan 2021 19:13:08 +0000

Introduction

Hello Developers. Today I am going to explain how to set up pre-commit hooks for prettier, EsLint & jest for your project.
Let me first explain what these are and their importance.

Jest is a javascript testing framework that can be used with many popular javascript frameworks. It allows us to run multiple tests and test suites and view the results in beautiful formats.

EsLint is a static code analyzer and javascript linter for your code.

prettier is a code formatter that helps you in formatting your code.

Why are these required

As your application grows bigger, it gets difficult and costly to test your whole application. This also increases the possibility of bugs creeping into your application. You cannot be confident of the changes you made which in turn also slows down development. All these problems can be solved if you have tests that can automatically run and test your applications. Jest helps you write and run these tests and shows you the results of these tests.

Also, as the product grows, the number of people working on the codebase also increases. Each developer has his own style of formatting code. If everyone is allowed to use their own styles, the code written by one developer starts being esoteric to others. This again increases bugs in the software and slows down the development process. But, at the same time, developers do not like to be forced to follow standards. This is where prettier and Eslint come in. Eslint searches your code statically for javascript errors and ensures that the codebase is linted according to the standards specified. Prettier also formats your code so that it follows common standards. This ensures your code remains standardized and maintainable.

Installation

Lets start with installing these tools. As usual, npm makes the installation process very easy

npm install prettier --save-dev
npm install eslint --save-dev
npm install jest --save-dev

the --save-dev flag ensures that the packages are saved as a devDependency

Along with these, to configure eslint to use prettier, we need some other packages.

npm install eslint-plugin-prettier --save-dev
npm install eslint-config-prettier --save-dev

Configuration

Since this tutorial is based on add a pre-commit hook, I will not go into the details about setting up jest tests. You can find various articles on the way to set up and run these tests.

For configuration prettier, create a .prettierrc file in the repository's root directory. Add the following to the file

{
  "printWidth": 85,
  "arrowParens": "always",
  "semi": true,
  "tabWidth": 2,
  "useTabs": false,
  "singleQuote": true,
  "trailingComma": "none",
  "bracketSpacing": true,
  "jsxBracketSameLine": true
}

This is a sample prettier configuration file - which defines how the code is to be formatted. This file states that all statements should end with a semi-colon. There shouldn't be a trailing comma, and angular brackets should be on the same line as the function. All tabs should be changed to spaces and the indentation width should be 2 spaces. You can create your own file by referring to the various configurations allowed by prettier.

For configuring EsLint, create a .eslintrc.json file. Here's a sample configuration for this file

{
  "env": {
    "browser": true,
    "es6": true,
    "jest": true
  },
  "extends": ["plugin:prettier/recommended"],
  "globals": {
    "Atomics": "readonly",
    "SharedArrayBuffer": "readonly"
  },
  "parserOptions": {
    "ecmaFeatures": {
      "jsx": true
    },
    "ecmaVersion": 11,
    "sourceType": "module"
  },
  "plugins": ["prettier"],
  "rules": {
    "semi": [2, "always"],
    "react/no-unescaped-entities": 0,
    "react/prop-types": 0,
    "react/jsx-key": 0,
    "react/no-find-dom-node": 0,
    "no-unused-vars": 0,
    "no-array-constructor": 0,
    "new-cap": 0,
    "space-before-function-paren": 0,
    "prettier/prettier": "error"
  }
}

This file contains a lot of configuration info, but the important parts are the plugins part which tells eslint which plugin to use, and the rules that eslint should check for. Along with this configuration file, you also need to add a .eslintignore file to define the files and folders that are to be ignored by eslint. Here's a simple file which ignores the node_modules and the build folder:

**/build/*
**/dependencies/*

This completes the configuration step.

Execution

To run jest automated test, just type

jest

This should run all the tests and show you the results of the tests in your terminal.

To run eslint type,

eslint .

i.e eslint
eslint recursively checks all folders from the folder_name to search for lining errors and prints them on the screen. To automatically fix those errors. Type

eslint . --fix

This should fix all the automatically fixable errors.

To just run prettier type,

prettier . --write

This will run prettier recursively for all files inside the current directory and updating them in-place if it finds any inconsistencies

Setting up precommit hook

With jest, eslint and prettier configured and executing successfully, the last step is to set up a pre-commit hook to run these tools automatically, every time a developer commits some changes to the repository. This will reduce the burden of running these scripts every time, before committing and also prevent cases where a developer may forget to run some of these tools.

To set up this pre-commit hook, we would be using 2 more tools. husky and lint-staged, install those tools using, yes you guessed it right, npm
npm install husky lint-staged --save-dev

Update your package.json to contain the following fields

... // other contents of package.json
"devDependencies": {
    ... // all your dev dependencies would be here.
  },
  "husky": {
    "hooks": {
      "pre-commit": "lint-staged"
    }
  },
  "lint-staged": {
    "*.{js,jsx}": [
      "prettier --write",
      "eslint --fix",
      "jest --findRelatedTests",
      "git add"
    ],
    "*.{html,css,less,ejs,json}": [
      "prettier --write",
      "git add"
    ]
  }
} // close package.json

husky sets up a pre-commit hook. It calls lint-staged before every commit. Depending on the type of file that is being committed, lint-staged runs certain commands. For E.g if it is a .js or .jsx file it runs prettier --write and eslint --fix on the file to update the file to appropriate standard, and then tests a subset of the tests to ensure that the changes do not cause tests to fail. If everything works, it adds the file to the staging area and commits it.

This way, all files being committed by you, are automatically
formatted to ensure that they follow the code formatting rules, without you having to worry about it.

That's it. You're done.
Reach out to me if you need help setting up your project. I'll be happy to help.

Phishinder: A phishing detection tool

Pranav Joglekar — Sun, 11 Oct 2020 20:13:32 +0000

Introduction

This blog is about a phishing detection tool, I have created(Work in Progress) which takes an URL as an input and returns whether the URL is a malicious phishing site or a legitimate one. I’ve explained how I’ve created this tool(and how you can too) and how it is used. Let's understand what phishing is before we start.

What is Phishing?

Phishing is a criminal mechanism employing both social engineering and technical tricks to steal consumers’ personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails, purporting to be from legitimate businesses and agencies, designed to lead consumers to counterfeit websites that trick recipients into divulging financial data such as usernames and passwords. As systems become more and more secure, humans are becoming weaker and lazier. Attackers use social engineering techniques, creating fake emails which redirect users to malicious websites(very similar to the original ones). When users enter their secret information on such websites, this secret information is transferred to the attacker, allowing attackers to gain your identity.

Using the Tool

To use the tool, users would first need to clone a copy from the repo. Then the required dependencies need to be installed using pip -r requirements.txt
Users can then run

code python3 phishinder.py

to start the program, and enter an URL which is to be checked once the prompt asks for it. The result will be printed back on the screen

Links:

Link to Repo: Here
Link to notebook: Here

Overview

The program takes the url name as its input, and returns whether the url is malicious or not to the user. I am using machine-learning techniques to classify a website into malicious and safe categories. Details about the model will be explained later.
I’ve built this tool in python as it provides helpful libraries*(e.g requests, beautifulsoup)* and a lot of packages which makes it easier to gather data about the site. Python also makes it easier to train and deploy ML models.

Part-I Training the Model

I have used the Phishing Websites Dataset dataset to train the ML model . The dataset consists of 30 columns or features each equally important in detecting whether a site is malicious or not. The columns along with a brief description of each is given in the Appendix A.

Let's get started, first install all the required dependencies.

!pip install numpy
!pip install pandas

And then import them

import pandas as pd
import numpy as np

Next, open the dataset. (This command may differ for you depending on the location and name of the dataset)

data = pd.read_csv("Phishing.csv")

Play around with the dataset a bit - understand it’s values, dimensions, what preprocessing operations are required. We observe that the input takes 3 values -1, 0, 1 and the output takes two values -1 for malicious and 1 for safe.
For a basic model, No special input preprocessing was needed. We’ll change the output a bit, so that the column is called Result and has two values 0 for malicious and 1 for safe.

data.rename(columns={'Result': 'Class'}, inplace=True)
data['Class'] = data['Class'].map({-1: 0, 1:1})

Lets split the data into training and testing sets

from sklearn.model_selection import train_test_split
X = data.iloc[:, 0:30].values.astype(int)
y = data.iloc[:,30].values.astype(int)
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=np.random.seed(7))

For the sake of this article, I’ll be using the Logistic Regression. You may try out different models, with hyperparameter tuning to get better results. Various blogs have also used Deep Learning Methods for training the model. These have been added in Appendix B.

from sklearn.linear_model import LogisticRegression
lr = LogisticRegression()
lr.fit(X_train, y_train)

Here are the results of this model,

from sklearn.metrics import accuracy_score, classification_report
print('Accuracy Score for logistic regression: {}%'.format(accuracy_score(y_test, lr.predict(X_test))))
print('Classification Report:')
print(classification_report(y_test,lr.predict(X_test), target_names=["Malicious Websites", "Normal Websites"]))

Finally, let's dump the model to a file so that it can be conveniently used later in programs.

from sklearn.externals import joblib
joblib.dump(lr, "phishing_detection.pkl")

This completes with the Machine Learning Part of the tutorial

Part II Developing the python tool

Yup. Now we have a working model ready, but how do we use this model? It requires data in the form of -1,0,1 values of 30 fields and there is no direct way to get those for a website. Here’s where the 2nd part comes in. Given a website name from the user, we’ll try to get the values of each of the 30 features( listed in Appendix A). Once we have the values of the 30 features we can use the model to get its output, which informs us whether a site is malicious or not.

First, let's import the dependencies we’ll be needing. Use pip to install the packages not available in your system. You can also use pip install -r requirements.txt to automatically install all packages required.

import joblib #importing the model
import dns # getting dns info about url
import dns.resolver #getting dns info about url 
import whois # getting whois info about url
from dateutil.relativedelta import relativedelta #time calculations required in feature #9
from urllib.request import urlopen # access the url
from bs4 import BeautifulSoup # scraping the url
import re
import datetime
import favicon # required for feature #10
import requests
import os
import csv
import json
import pandas as pd
from random import randint
import shutil

Save the ML model to a variable

phisher = joblib.load("./phishing_detection.pkl")

Create the input to the ML model. Initialize it to all 0s

site = [[]];
for i in range(30):
      site[0].append(0)

Get name of the url to be checked from the user

url = input("Enter name of website(with https)")

Get the name of the url without the trailing http/https, and perform operations on the url to scrape the webpage and obtain information pertaining to its DNS records and WHOIS entries

path_start = url.find(':') + 3
path = url[path_start:]
try:
    html = urlopen(url)
    bs = BeautifulSoup(html, 'html.parser')
except:
    bs = None

try:
    domain = whois.query(path)
except:
    domain = None
try:
    dnsresult = dns.resolver.query(path, 'A')
except:
    dnsresult = None

The next part is filling the 30 features. For the sake of brevity, I’ll be covering only some of the 30 features. The implementation of the remaining features can be found in the repo(Link above). You can also reach out anytime, if you are interested to know more.

URLs with length greater than 60 have a chance of being malicious.

if(len(url) > 60):
  site[0][1] = -1
if(len(url) < 30):
  site[0][1] = 1

Phishing Sites are shortlisted and have not phishing records

import dns
import dns.resolver
dnsresult = dns.resolver.query(path, 'A')
if(dnsresult != None):
    site[0][25] = 1
else:
    site[0][25] = -1

Malicious sites usually redirect a lot of times before reaching the actual site

try:
    r = requests.head(url)
    if(str(r.status_code)[0] == '2'):
      site[0][18] = -1
    else:
      site[0][18] = +1

NOTE: These are just some of the features. More features can be found on the repo. I am still working on some of those, but the program still gives good results using only the ones which have been implemented and substituting -1 for the rest.
The comprehensive code, along with the packages required can be obtained through the repo. The code is simple and self-explanatory, so I won’t be talking about it much in this post.

Once the input data is filled, we pass it to the model for prediction, the model prediction is converted to human-understandable output and printed on the screen

results = ["Malicious", "Safe"]
print(results[int(phisher.predict(site))])

This completes the implementation of the tool.

Future Scope:

The same algorithm can be packaged in the form of a REST Service to be consumed. I plan to build a browser extension, which uses this API to detect if sites are malicious or not. If a malicious site is found, the browser extension would stop executing the javascript of the page, which would also prevent other types of attacks. The user needs to open the extension and explicitly allow this site to run. This extra effort will also prevent lazy/non-tech users who tend to ignore browser warnings from phishing attacks.

PS:

Looking for contributors to help with the project. Feel free to reach out to suggest improvements, ask questions or discuss more on this.

Appendix A

URL Based Features

IP address - If an IP address is used as an alternative of the domain name in the URL, such as “http://125.98.3.123/fake.html”, users can be sure that someone is trying to steal their personal information.
Long URL - Phishers use long URL to hide the doubtful part in the address bar.
URL Shortening - Phishers use url shortening services to create real looking address
URL’s having @ symbol - Using “@” symbol in the URL leads the browser to ignore everything preceding the “@” symbol and the real address often follows the “@”
Redirection using // - The existence of “//” within the URL path means that the user will be redirected to another website. An example of such URL’s is: “http://www.legitimate.com//http://www.phishing.com”.
Presence of - : The dash symbol is rarely used in legitimate URLs. Phishers tend to add prefixes or suffixes separated by (-) to the domain name so that users feel that they are dealing with a legitimate webpage.
Presence of subdomains - websites having more than 3 subdomains are considered unsecure
Presence of HTTPS: Websites without https or with certificate of unknown authorities are considered insecure
Domain Registration Length - Malicious websites are short lived - created utmost a year back
Favicon - Favicon icons loaded from another domain?
Ports - malicious site servers usually have non-standard ports open too.
Https in domain: phishers add https in domain to trick users

B) Abnormality features:

Images from different domain: Malicious websites usually load images from other domains.
URLs of Anchor - Malicious websites usually have hyperlinks to different domains
Content of meta tag - Malicious websites usually have meta links to another domain
Server Form Handler - If the form submits data to a different domain, the site has a high chance of being suspicious
Client-side mailto: If the website submits form data to an email using mailto, it is malicious
Presence in whois - if the website doesn’t have entry in whois, it may be malicious

C) HTML/Javascript features

Forwarding - if the url redirect greater than 3 times, it is malicious
Fake-statusbar - check if javascript contains code, especially “onmouseover” to display fake statusbar
Right-click disabled - most phishing sites have right click disabled
Presence of pop-ups: most malicious sites have pop-ups to submit forms
Invisible iframes - if a site contains invisible iframes(frameBorder attribute), the site is phishing data

D) Domain based features:

Age of Domain - The domain name should be older than atleast 1 year for the site to be valid
DNS Records - Absence of records, or unknown records
Traffic - Phishing sites live for a short time and so do not have a lot of traffic
Pagerank - phishing sites have lower pagerank value
Google Indes: phishing sites have lower google index
Number of links pointing to page: phishing sites have low number of sites pointing to them
Statistical reports: is the site found in cites like phishTank

Appendix B - Different ML Models

https://towardsdatascience.com/phishing-domain-detection-with-ml-5be9c99293e5

Resources:

https://medium.com/intel-software-innovators/detecting-phishing-websites-using-machine-learning-de723bf2f946
https://www.researchgate.net/publication/269032183_Detection_of_phishing_URLs_using_machine_learning_techniques
https://archive.ics.uci.edu/ml/datasets/phishing+websites

Introduction to Kerberos

Pranav Joglekar — Sun, 16 Aug 2020 19:07:06 +0000

This post is for those(like me) who have heard the term Kerberos being used a lot of times but have never really understood what it is or what it is used for. I do not claim myself to be an expert on this topic, and please point out my mistakes if any, I’ll immediately update my post.

First things first…

What is Kerberos?

According to Wikipedia,
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Simply put, this means that Kerberos is a network security protocol, that authenticates service requests between hosts over an unsecure network( like the internet). It uses strong cryptographic principles to help clients proved their identity to the server(and vice versa)
This prevents malicious attackers from trying to steal client identities. We’ll how this is done in the next sections.

Kerberos derives its name from Cerberus, a three headed dog in greek mythology. Similar, to the three headed dog, Kerberos has 3 important parts present in Key Distribution Center:-

Kerberos Database
Ticket Granting Service
Authenticating Service

I’ll be explaining each component in detail.

Terminology

Lets start with same basic terms you’ll see when dealing with Kerberos

Tickets - Tickets(Kerberos tickets/Kerberos Credentials) are a set of electronic information that can be used to verify your identity. Just like you need tickets to enter a train or a bus, you need kerberos tickets to get access to certain services secured by Kerberos.
Principals - Principals are unique entities to which tickets can be assigned.
Key Distribution Center - This is the central server responsible for authentication. It is split into 3 important parts -
- Kerberos Database - The kerberos database is the database which stores information about each principal, its passwords and its administrative information.
- Authentication Server - The server used for authentication clients and principals. This is the server responsible for handling the initial authentication request from clients. This issues a ticket called the Ticket Granting Ticket(TGT) which acts as a proof that the client is authenticated.
- Ticket Granting Server - This is the server used for issuing service tickets to authenticated clients.

Lifetime of a request

Let us now look at how authentication takes place using Kerberos. Say a User Alice wants to access a service, say a SQL Database. Following are the steps that take place

Step 1: Alice sends a request to the AS(Authentication Server). This request contains the credentials for Alice along with some other details required for authentication. The password is not actually sent over the network(It is never safe to send passwords over the network), but all this data is encrypted using Alice’s password and this encrypted data is transmitted to the AS.

Step 2: The AS(Authentication Server) decrypts Alice’s data. This is possible as the Authentication Server has access to passwords of all users(through the Kerberos Database). After decrypting it checks if the data is valid and untampered(to prevent attacks like the replay attack). If it is able to decrypt the data, and it finds the data is untampered, the AS sends her a TGT(Ticket Granting Ticket) back. The TGT is a ticket that, as its name suggests, is used to ask for tickets to other services. The TGT contains a session key(you’ll understand its importance soon) along with some other data. This TGT is encrypted using a Kerberos admin password(which can be assumed to be impossible to crack) and the encrypted data is sent to Alice. The AS server also sends the session key separately(outside the TGT), but this time the key is encrypted using the user’s(Alice’s) password. So, the session key is sent to Alice, encrypted in 2 ways - using the admin password, and using Alice’s password.

Step 3: Now Alice receives 2 pieces of data - The first is the TGT, that it cannot decrypt and read(since it is encrypted using the admin password, and Alice doesn’t have access to it), and the second is the session key, which was encrypted using her password, and so can be accessed and read by her. Once Alice has the session key, she sends a request to the TGS(Ticket Granting Server). This request contains the (encrypted)TGT she received from AS along with her username, the service name she wants to access(SQL), the current timestamp, and other data encrypted using the session key.

Step 4: The TGS now receives the TGT. It decodes the TGT to get the session key. It uses this session key to decrypt the user data, that was sent along with the TGT. After decrypting this data, the Ticket Granting Server now can be assured that it was Alice who was making the requests, and she wants to access the SQL server. The Ticket Granting Service then sends Alice a Service Ticket(encrypted using the service password) and a new session key. This is similar to Step 2, only this time a service password is used instead of an admin password.
(An important point to note here, is that the TGS is not responsible for checking if Alice has the proper rights to access the SQL, which is to be decided by the target server(SQL). The TGS only verifies whether the user(Alice) is the one who claims she is and not an imposter)

Step 5: Again, this step is similar to step 3, Alice is unable to decrypt the Service Ticket, but she can obtain the new session key by decrypting the second part of the request using her password. Using this session key, she encrypts the data to be sent to the target server(SQL) and sends this data with the Service Ticket

Step 6: The Target Server(SQL Server) decrypts the Service Ticket. It can do this because the ticket was encrypted by TGS using its password. It gets the session key after decryption and uses this to decrypt user request that was sent. It can then act on this request accordingly.

In this way Kerberos ensures authentication of a user in a complex system.

Problems with Kerberos

Kerberos, like any other system, is not impenetrable. Here are some attacks possible. I’ll leave the details about the attacks for you to explore.

Golden Ticket Attack
Silver Ticket Attack
Brute Force Attack

Please feel to reach out if you have any doubts, or to correct me about this article.

References

https://www.youtube.com/watch?v=snGeZlDQL2Q
https://www.simplilearn.com/what-is-kerberos-article
https://web.mit.edu/kerberos/