My understanding of cURL

Note : In this I will be using kali-linux and metasploitable3 . It is recommended to setup your lab by downloading both , before following the blog. 


cURL ( yes , you are right it is Client URL ) 

It is a tiny and simple command line tool that lets you talk to any website without even touching browser . Most beginners, including me, eventually make up using it. We use it for automation and small scripts. Because it's simple , fast and works with almost all the protocols you will ever meet .

    Today, in this blog we will be seeing about accessing HTTP and basic HTTPS . Initial steps are same for both these protocols with a minute difference later . With HTTPS, the server may redirect you, so curl -L helps follow redirects.

Setting up Metasploitable3 for cURL 

We use Metasploitable3 because it has many intentionally vulnerable services to test against. To do so we need it's IP address . 

Steps to get IP address

1) Login in into your metasploitable3 . Admin - vagrant ; Password - vagrant
2) Run ifconfig and note the  inet address under eth0


Starting with cURL 

We have done a good chunk of work by just knowing the metaspolitable3 IPv4 address . Now , we need to move on to cURL who is the actual hero 😎 of our blog . 

Steps to follow 

1) Log into Kali (username: kali, password: kali, unless you changed it). .
2) Access the terminal and type 

 ping -c 3 192.168.182.131 

We used this command to verify that whether the host is live or not . You can see the result 3 packets received transmitted , 3 received which means host is up and can listen to our commands . 

3) Now we will use the actual cURL  type 


curl 192.168.182.131


The output you see is a raw html response from the metasploitable3 server. 


Note : You can also type the domain name of any website if you want to .Type the following command:

 curl  https://example.com


Note: If you see a lot of certificate errors and warnings no need to worry. We will cover this later . 

To access any page (not api) you need to know the exact location of the page on the website . Then you can run the following commands : 

curl 192.168.182.131/chat/ 


This will help you access the chat page in metasploitable3 




You can open this url in you firefox also .We will end up this blog here and come back tomorrow with something new about curl and we will try to cover up web request topic in this week . Till then keep learning and keep hunting . Do share if you know something extra with us in comments section . 

Comments

Post a Comment

Popular posts from this blog

Obfuscation and Deobfuscation

I was on Hack The Box Academy, happily reading along when the first word of the module popped up: understanding . Good. Next word: code . Still good. Then the third word appeared: deobfuscation . And I just stared at it like, “How many alphabets did they use to make this word?” I tried pronouncing it five or six times. For a moment, I genuinely believed Shashi Tharoor writes simpler words 😂. Eventually, yes, I managed to say it without hurting my tongue. Anyway, let’s move to the topic. Obfuscation  As the name suggest , it is process of converting simple things ( notes , words , sentences ) into complex form 😂.  More precisely , it is the process of taking a simple , clear sentence and writing it in a complex cipher, using synonyms from a dead language, and adding alot of irrelevant words. The meaning remains preserved, but it is extremely hard to understand ( same as the name of topic obfuscation) .  Defuscation It is simply opposite of obfuscation. It is the proc...
Read more

OSINT Basics: Introduction, Scope, and Ethical Boundaries (Part 1)

Image
Disclaimer: All the tools and methods discussed in this blog are part of what I am learning in a safe and legal environment . This content is strictly for educational purposes only and is not intended to harm any individual or organization. Even though we all know that theoretical knowledge alone is not enough, most of my learning so far has been on the theory side. From now on, I’ll try to balance both theory and practical understanding — slowly and responsibly. That brings us to today’s topic: OSINT . What is OSINT? OSINT stands for Open Source Intelligence . As the name suggests, it is about gathering information from publicly available sources such as: the internet social media news articles public records OSINT has nothing to do with hacking . It focuses on collecting and analyzing information that is already exposed — often unintentionally. Why OSINT matters in cybersecurity OSINT helps us understand the human attack surface , which is often the weakest link in sec...
Read more

Cybersecurity Devices and Technologies Part 1

There is no single device or technology that can solve all the security needs of an organization on its own. A secure network is built by choosing the right tools for the right purpose. This blog covers some of the basic devices and technologies used in the field of network security. Security Appliances Security appliances can be physical devices like routers, or software tools running on those devices. They generally fall into six categories: Routers : Routers primarily connect different network segments, but they also offer basic traffic-filtering features. This helps decide which devices can connect and which networks they’re allowed to communicate with. Firewalls : Firewalls are the guardians of a network. They inspect traffic more deeply and can detect suspicious or harmful behaviour. Firewalls enforce security policies on every packet that passes through them. Intrusion Prevention System (IPS) : An IPS uses traffic signatures to detect and block malicious activities i...
Read more