Encoding & Decoding

Base64

Encode

echo 'https://www.hackthebox.eu/' | base64
# aHR0cHM6Ly93d3cuaGFja3RoZWJveC5ldS8K

# Encode a file
base64 file.txt > encoded.txt
cat file.txt | base64

Decode

echo 'aHR0cHM6Ly93d3cuaGFja3RoZWJveC5ldS8K' | base64 -d
# https://www.hackthebox.eu/

# Decode a file
base64 -d encoded.txt > decoded.txt

Spotting Base64

Contains only: A-Z, a-z, 0-9, +, /
Padding: = or == at the end
Length is multiple of 4

Hex

Encode

echo 'https://www.hackthebox.eu/' | xxd -p
# 68747470733a2f2f7777772e6861636b746865626f782e65752f0a

# Alternative (single line output)
echo -n 'hello' | xxd -p

Decode

echo '68747470733a2f2f7777772e6861636b746865626f782e65752f0a' | xxd -p -r
# https://www.hackthebox.eu/

# From hex string to text
echo -n '48656c6c6f' | xxd -r -p
# Hello

Spotting Hex

Contains only: 0-9, a-f (or A-F)
Even number of characters

ROT13

Encode/Decode (Same Command)

echo 'https://www.hackthebox.eu/' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
# uggcf://jjj.unpxgurobk.rh/

# Decode (apply again)
echo 'uggcf://jjj.unpxgurobk.rh/' | tr 'A-Za-z' 'N-ZA-Mn-za-m'
# https://www.hackthebox.eu/

Online Tool

https://rot13.com/

URL Encoding

Encode (Python)

python3 -c "import urllib.parse; print(urllib.parse.quote('Hello World!'))"
# Hello%20World%21

Decode (Python)

python3 -c "import urllib.parse; print(urllib.parse.unquote('Hello%20World%21'))"
# Hello World!

Common URL Encoded Characters

Character

Encoded

Space

%20 or +

!

%21

"

%22

#

%23

$

%24

%

%25

&

%26

'

%27

(

%28

)

%29

*

%2a

+

%2b

,

%2c

/

%2f

:

%3a

;

%3b

<

%3c

=

%3d

>

%3e

?

%3f

@

%40

[

%5b

\

%5c

]

%5d

^

%5e

Newline

%0a

Cipher Identification

Online Tools

Cipher Identifier - Auto-detect encoding type
CyberChef - Swiss army knife for encoding

JavaScript Deobfuscation

Beautify Minified JS

# Using js-beautify
pip install jsbeautifier
js-beautify script.js > script-beautified.js

Online Tools

Tool

URL

Use Case

Prettier

https://prettier.io/playground/

Beautify/format code

Beautifier

https://beautifier.io/

Beautify/format code

UnPacker

https://matthewfl.com/unPacker.html

Unpack (p,a,c,k,e,d) obfuscation

de4js

https://lelinhtinh.github.io/de4js/

Multiple deobfuscation methods

Obfuscator.io

https://obfuscator.io/

Obfuscate JS (for testing)

Recognizing Packer Obfuscation

Look for initial function signature:

eval(function(p,a,c,k,e,d){...})

Manual Deobfuscation Trick

Replace eval with console.log to print the deobfuscated code instead of executing it:

// Change this:
eval(function(p,a,c,k,e,d){...})

// To this:
console.log(function(p,a,c,k,e,d){...})

PreviousCreating a Custom Wordlist Nextevil-winrm

Last updated 6 days ago

hashtagBase64

hashtagEncode

hashtagDecode

hashtagSpotting Base64

hashtagHex

hashtagEncode

hashtagDecode

hashtagSpotting Hex

hashtagROT13

hashtagEncode/Decode (Same Command)

hashtagOnline Tool

hashtagURL Encoding

hashtagEncode (Python)

hashtagDecode (Python)

hashtagCommon URL Encoded Characters

hashtagCipher Identification

hashtagOnline Tools

hashtagJavaScript Deobfuscation

hashtagBeautify Minified JS

hashtagOnline Tools

hashtagRecognizing Packer Obfuscation

hashtagManual Deobfuscation Trick

Base64

Encode

Decode

Spotting Base64

Hex

Encode

Decode

Spotting Hex

ROT13

Encode/Decode (Same Command)

Online Tool

URL Encoding

Encode (Python)

Decode (Python)

Common URL Encoded Characters

Cipher Identification

Online Tools

JavaScript Deobfuscation

Beautify Minified JS

Online Tools

Recognizing Packer Obfuscation

Manual Deobfuscation Trick