A2:2021 | Crypto Basics (3) | Cycubix Docs
Last updated
Was this helpful?
Last updated
Was this helpful?
Also other encodings are used.
URL encoding is used a lot when sending form data and request parameters to the server. Since spaces are not allowed in a URL, this is then replaced by %20. Similar replacements are made for other characters.
HTML encoding ensures that text is displayed as-is in the browser and not interpreted by the browser as HTML.
The Unix-2-Unix encoding has been used to send email attachments.
Sometimes encoding is used as a first and simple obfuscation technique for storing passwords. IBM WebSphere Application Server e.g. uses a specific implementation of XOR encoding to store passwords in configuration files. IBM recommends to protect access to these files and to replace the default XOR encoding by your own custom encryption. However when these recommendations are not followed, these defaults can become a vulnerability.
Now let’s see if you are able to find out the original password from this default XOR encoded string.
Solution
As provided the password encoded, we will use XOR encoding to find the password.
Introduce the actual password on WebGoat.
We can use the following XOR decoder:
