CyberWithPriyanshu

In the previous blog which you can read here we had covered topics like :  What is obfuscation ?  What is deobfuscation ?  What is the need of deobfuscation ?  In this blog we will be covering common techniques of obfuscation and deobfuscation .  Common Obfuscation Techniques  Before understanding deobfuscation it is very well important to know about tools and techniques that the villain ( obfuscation ) is going to use against us int the war.   1. Encoding & Encryption Obfuscation:  Simple encodings like  Base64 ,  ROT13 , or  XOR  with a key are used to hide strings and payloads. The code often contains a decoder function that runs just before the payload is used. Deobfuscation: Identify the Encoding:  Look for patterns (e.g.,  ==  at the end for Base64). Use Standard Tools:  Use built-in language functions ( atob()  in JavaScript for Base64) or online decoders. Find the Key:  For XOR, the ana...

I was on Hack The Box Academy, happily reading along when the first word of the module popped up: understanding . Good. Next word: code . Still good. Then the third word appeared: deobfuscation . And I just stared at it like, “How many alphabets did they use to make this word?” I tried pronouncing it five or six times. For a moment, I genuinely believed Shashi Tharoor writes simpler words 😂. Eventually, yes, I managed to say it without hurting my tongue. Anyway, let’s move to the topic. Obfuscation  As the name suggest , it is process of converting simple things ( notes , words , sentences ) into complex form 😂.  More precisely , it is the process of taking a simple , clear sentence and writing it in a complex cipher, using synonyms from a dead language, and adding alot of irrelevant words. The meaning remains preserved, but it is extremely hard to understand ( same as the name of topic obfuscation) .  Defuscation It is simply opposite of obfuscation. It is the proc...

Note : In this I will be using kali-linux and metasploitable3 . It is recommended to setup your lab by downloading both , before following the blog.  cURL ( yes , you are right it is Client URL )  It is a tiny and simple command line tool that lets you talk to any website without even touching browser . Most beginners, including me, eventually make up using it. We use it for automation and small scripts. Because it's simple , fast and works with almost all the protocols you will ever meet .      Today, in this blog we will be seeing about accessing HTTP and basic HTTPS . Initial steps are same for both these protocols with a minute difference later . With HTTPS, the server may redirect you, so curl -L helps follow redirects. Setting up Metasploitable3 for cURL  We use Metasploitable3 because it has many intentionally vulnerable services to test against. To do so we need it's IP address .  Steps to get IP address 1) Login in into your metasploitable3 ...

Last Saturday, I decided to dive into web security, one of the fundamental pillars of cybersecurity. And where better to start than with HTTP? What is HTTP? HTTP (HyperText Transfer Protocol) is an application-layer protocol—essentially the layer between you and the server—used to access resources on the World Wide Web. The "hypertext" part refers to any text that contains a link to another resource. Some key facts: *   The default port for HTTP is 80 . *   The default port for HTTPS is 443 . In HTTP communication, the  client (the user) makes a request to the server for a specific resource. The server then processes this request and sends back a response with the requested data. Understanding the URL When I was a kid, I used to call it the "Universal Resource Locator" 😅. It's actually Uniform Resource Locator. The "resource" in the name is exactly what the client is asking the server for. The image below (taken from Hack The Box ) breaks down the ...