March 4th 2025

CVSS calculator I should use. It also has a training I might want to take - https://www.first.org/cvss/

ctrl+u look at the source code of the website

Is essentially the act of making code unreadable or very difficult to read for humans

Code Minification
- This is when you put all the code in one line
- https://www.toptal.com/developers/javascript-minifier
- Often minified code is saved with the extension .min.js.
Code Packing
- https://beautifytools.com/javascript-obfuscator.php
- can be recognized with the function function(p,a,c,k,e,d)
- Although the dictionary type function showed above can change in naming it always tries to pack the original code into an order to execute

Deobfuscating minified JS
- easiest way is to open inspector → go to debugger → click { } in firefox
- can also use the following tools
  - https://prettier.io/playground/
  - https://beautifier.io/
Deobfuscating packed code
- https://matthewfl.com/unPacker.html
- another way would be to console.log() the return function of the code
- Really want to checkout the Secure coding 101 course

spotting
- only encoded in hex value. 0-9 a-f
encoding in terminal
- echo https://www.hackthebox.eu/ | xxd -p
Decoding
- echo 68747470733a2f2f7777772e6861636b746865626f782e65752f0a | xxd -p -r

Rot13 - Cesar Cypher

spotting
- can be easy to spot from the way the string looks uggcf://jjj.unpxgurobk.rh/ still looks like a url
Encoding and decoding
- echo https://www.hackthebox.eu/ | tr 'A-Za-z' 'N-ZA-Mn-za-m'

🐢GalapaGh0st👻