Hidden Secrets

1. Base64 Encoded String

This is by far the best tool as compared to detect-secrets('yelp') or trufflehog('trufflesecurity') when finding base64 encoded strings in a text file(such as .html).

base64dump.py -u -s a -S <file>

Have converted three example strings to base64:

echo 'secret affairs.....in 8-bit amigo!' | base64
echo 'FLAG<123456789>' | base64
echo '<secret>12345</secret>' | base64

and hid them in an html file downloaded from a random website such as 'Lorem Ipsum'. Then, ran the tool:

┌──(root💀kali)-[/home/kali/]
└─# base64dump.py -u -s a -S index.html 
FLAG<123456789>
<secret>12345</secret>
secret affairs.....in 8-bit amigo!
+-jG
*'jYr
^v+Z
bz{^
{kji

PreviousDocker NextDatabase Exploitation

Last updated 2 years ago

Was this helpful?