A2:2021 | Crypto Basics (3) | Cycubix Docs

Other Encoding

Also other encodings are used.

URL encoding

URL encoding is used a lot when sending form data and request parameters to the server. Since spaces are not allowed in a URL, this is then replaced by %20. Similar replacements are made for other characters.

HTML encoding

HTML encoding ensures that text is displayed as-is in the browser and not interpreted by the browser as HTML.

UUEncode

The Unix-2-Unix encoding has been used to send email attachments.

XOR encoding

Sometimes encoding is used as a first and simple obfuscation technique for storing passwords. IBM WebSphere Application Server e.g. uses a specific implementation of XOR encoding to store passwords in configuration files. IBM recommends to protect access to these files and to replace the default XOR encoding by your own custom encryption. However when these recommendations are not followed, these defaults can become a vulnerability.

Assignment

Now let’s see if you are able to find out the original password from this default XOR encoded string.

Solution

As provided the password encoded, we will use XOR encoding to find the password.
We can use the following XOR decoder: https://strelitzia.net/wasXORdecoder/wasXORdecoder.html

Introduce the actual password on WebGoat.

PreviousA2:2021 | Crypto Basics (2) | Cycubix Docs NextA2:2021 | Crypto Basics (4) | Cycubics Docs

Last updated 5 months ago