So we have found the base64 string “SGVsbG9Xb3JsZCE=” on a locked down workstation and we want to decode. Quite often we don’t have access to tools so here’s a list of ways to decode the string using various languages.
Python
12>>> import base64 >>> base64.b64decode("SGVsbG9Xb3JsZCE=")PowerShell
12PS > [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("SGVsbG9Xb3JsZCE=")) blahblahPerl
12use MIME::Base64; print decode_base64("SGVsbG9Xb3JsZCE=");BASH
1echo SGVsbG9Xb3JsZCE= | base64 --decodephp
1echo base64_decode("SGVsbG9Xb3JsZCE=");C#
12byte[] data = Convert.FromBase64String("SGVsbG9Xb3JsZCE=");… Continue readingSo you’ve got some XSS that you want to test but the browser you’ve been using for your app testing is protecting against the use of javascript in the address URL. The following URL:
1http://example.com/index.asp?val=<script>alert(1)</script>Would end up getting sent to the server as:
1GET /index.asp?val=%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1In order to prevent this so we can test XSS flaws within applications we need to turn off the javascript filter in the… Continue reading