Will a Web Server detect a base64 encoded reverse shell on run time?

A vulnerable website blocks almost everything that is related to PE (Privilege Escalation), but when encoding the ls -al code into a base64 format, the website doesn’t block the dangerous code (at Scan Time), will the web server detect and block the code at Run Time ?

base64 -d <<< bHMgLWFs | sh: Base64 of ls -al

Web Server: Scanning the input.. Seems fine, I will not block it.

Web Server Inside: ls -al # Will it block it at run time ?

Predict the next base64 code in an enumnation attack on sequntial integers that have been turned to base64 code

1tL1K/nYW1Q= corresponds to 41154

sR4 ngjRepM= corresponds to 41155

“hint the above code does have a space”

the above codes are base64 and correspond to some string + orderids

I am doing this in .NET

If someone able to crack the series as I am trying to create this in custom code.

I want someone to test this and try to break it, so that I can see the flaw in my code.

The point is that I use the int codes in .Net with a preset string to generate the base64 codes. I am using this to prevent order enumeration attacks, yet have a small identifier instead of ints for order numbers. Do you think this is susceptible to attacks and whether you can work out what the “secret” is to producing the base64 codes to recognise orders, and enumerate them based on existing data I have provided.

I will place a bounty of 100 credits on this if someone can crack this.

Thanks

How to reproduce Wolfram Language’s base64 encoded string with command-line tool?

With Wolfram Language:

In[7]:= ExportString["foobar中文", "Base64"]  Out[7]= "Zm9vYmFyXDo0ZTJkXDo2NTg3" 

With the closest command-line software I could think of

echo -n 'foobar中文' | openssl base64                                                                        Zm9vYmFy5Lit5paH 

Why the difference? What’s the best way to reproduce Mathematica’s behavior?

Generating the base64 of sha256 of a file for Content Security Policy of a web page


The issue

I have a small private Apache2 web server running on Debian 10 Buster with security on my top list. Right now, I’m struggling with:

How to generate in the Linux terminal the base64-encoded sha256 of my CSS style sheet file styles.less for Content Security Policy?


Getting close

The closest I got was thanks to this comment made by sideshowbarker with command:

cat styles.less | openssl dgst -sha256 -binary | base64 

So far I only know that this part is ok:

cat styles.less | openssl dgst -sha256 

because the output SHA-256 hash sum equals to ordinary sha256sum command, as proved with:

$   cat styles.less | openssl dgst -sha256 (stdin)= 0d1095db21ec5177406ed074dadd59d8298f6f4f9ae870bf8d562feeb081ecb1  $   sha256sum styles.less 0d1095db21ec5177406ed074dadd59d8298f6f4f9ae870bf8d562feeb081ecb1  styles.less 

$   openssl version OpenSSL 1.1.1d  10 Sep 2019 

Any ideas welcome. Will be back shortly, be patient with comment replies, thank you.


Getting wrong output:

DRCV2yHsUXdAbtB02t1Z2CmPb0+a6HC/jVYv7rCB7LE= 

Chrome says it shall be (I hope I’m getting the right one):

OiTUxy1L7oqoB+m4jFzA6QMKYPBRZqHn9Z33xviiEFI= 

As it might be helpful now, here’s the direct link for that style sheet. Hope we solve it soon.

Base64 decode/encode results are different

This is a base64 encoded weblink I have:

UwBlAHIAdgBpAGMAZQBJAEQAUwBFAD0AMwA4ADcAOAA3ADQANwAmAEUAbgBjAHIAeQBwAHQAQwBvAGQAZQA9AFQAMABPAFAASAAwADQAMgAwADEAOQAxADIAMAA0ACYAdQBzAGUARAByAFIAZQBzAHQAQwBuAHQAPQB2AA2

I run it in a decoder (base64.guru) and I get this:

ServiceIDSE=3878747&EncryptCode=T0OPH0420191204&useDrRestCnt=v

The site warns me that: It seems that the result of decoding is a binary data (MIME type detected as “application/octet-stream”) and because of this the data from “Text” may be damaged during the output. To get the original data, click “Download” next to this field.

Then I download the file, and open it up in Notepad++, and there is a null field between every single visible character. I’m not sure what that means. I don’t alter the file in any way, reupload it to base64.guru, and I get a different base64 encoding:

UwBlAHIAdgBpAGMAZQBJAEQAUwBFAD0AMwA4ADcAOAA3ADQANwAmAEUAbgBjAHIAeQBwAHQAQwBvAGQAZQA9AFQAMABPAFAASAAwADQAMgAwADEAOQAxADIAMAA0ACYAdQBzAGUARAByAFIAZQBzAHQAQwBuAHQAPQB2AA0=

I see the very end highlighted in bold is different. The rest is the same. Why would this happen if I just decode and then encode the exact same thing with no modifications? I’m not very familiar with computer science so this is something I’m very curious about (for example I have no idea what the “null” even means).

Thanks.

read content of list item attachment in SPD workflow and convert to base64 string

I need to write a workflow that reads the content of attachment of a list item, convert it to base64 encoded string and then invoke a custom REST service.

I know I can access /_api/web/lists/getbytitle('MyList')/items(" + id + ")/AttachmentFiles and get the server relative URL of the attachment from result.

But I’m not sure how to get the contents of that file and convert it to base64 string.

Update:

I’ve found the following REST API that allows me to read the content of the attachment:

/_api/web/getfilebyserverrelativeurl('server relative URL of attachment from earlier call')/$  value 

Now the question remains that how to get this content in base64 format?

Common Encryption types with keys stored in Base64

I am a noob 🙂

I am attempting to recover a password from a piece of software. The software has a XML file contains three fields that appear important to this process: Password Value, EncryptionKey Value, and PasswordEncoding Value. PasswordEncoding Value is set to 12000 (in case that helps).

The other two fields appear to be base64 strings that, when decoded, seem to be nonprintable characters.

I want to use Python to try to find the type of enc used in hopes of decrypting the Password Value field. What are common types of Encryption that would store data in base64 in a xml file? This is from a Windows app.

Thank you

Error al subir PDF en base64 desde 1MB

Tengo un problema y es que tengo una app donde se suben PDF codificados en base64, pero cuando son de 1MB o mas, ajax me reponde con un error, y es porque el archivo es demasiado grande para almacenarlo en la tabla donde la columna se llama archivo de tipo longblob, y no he podido encontrar una solucion por lo que les pido si pueden ayudarme, el codigo de javascript es el siguiente:

function guardarInformeSeguridad(){    var titulo      = $  $  ("#titulo").val();    var descripcion = $  $  ("#descripcion").val();    var archivo     = $  $  ("#archivo").val();    app.confirm('¿Esta seguro de crear?', 'Seguridad', function() {        $  $  .ajax({type:'POST',          url:'https://................/grabar.php',          data:({             titulo:titulo,             descripcion:descripcion,             archivo:archivo          }),          success: function(data){             if(data){                app.addNotification({                   message: 'Creado correctamente!',                   button: {                      text: 'OK',                                    }                     });                        }           },          error: function(data){             app.addNotification({                message: 'Error al grabar!',                button: {                   text: 'OK',                },             });                                   }        });      },);   }

y el archivo php es el siguiente:

<?php   	if (isset($  _SERVER['HTTP_ORIGIN'])) {   	    header("Access-Control-Allow-Origin: {$  _SERVER['HTTP_ORIGIN']}");   	    header('Access-Control-Allow-Credentials: true');   	    header('Access-Control-Max-Age: 86400');    	}   	if ($  _SERVER['REQUEST_METHOD'] == 'OPTIONS') {   	   	    if (isset($  _SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))   	        header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");   	   	    if (isset($  _SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))   	        header("Access-Control-Allow-Headers: {$  _SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");   	}  	require('conexion.php');	 	$  titulo 	 	= ''; 	$  descripcion 	= ''; 	$  archivo 	 	= ''; 	if(isset($  _POST['titulo'])) $  titulo = $  _POST['titulo']; 	if(isset($  _POST['descripcion']))$  descripcion = $  _POST['descripcion']; 	if(isset($  _POST['archivo'])) $  archivo = $  _POST['archivo']; 	$  con = cnn(); 	$  sql = "INSERT INTO seguridad SET titulo = '".$  titulo ."', "; 	$  sql.= " descripcion = '".$  descripcion."', "; 	$  sql.= " archivo = '".$  archivo."' ; "; 	if($  respuesta = mysqli_query($  con, $  sql)){ 		$  data = "0"; 	} 	print $  data; 	mysqli_close($  con); ?>

Espero pudieran ayudarme, el mensaje de error por consola es el siguiente:

introducir la descripción de la imagen aquí