PowerShell Base64 Encode & Decode

• Depending on the file size we want to transfer, we can use different methods that do not require network communication. If we have access to a terminal, we can encode a file to a base64 string, copy its contents from the terminal and perform the reverse operation, decoding the file in the original content.
• An essential step in using this method is to ensure the file you encode and decode is correct. We can use md5sum, a program that calculates and verifies 128-bit MD5 checksums. The MD5 hash functions as a compact digital fingerprint of a file, meaning a file should have the same MD5 hash everywhere. Let's attempt to transfer a sample ssh key. It can be anything else, from our Pwnbox to the Windows target.

Let's see how we can do this with PowerShell:

Pwnbox Check SSH key MD5 Hash

md5sum id_rsa

Pwnbox Encode SSH key to Base64

cat id_rsa | base64 -w 0;echo

We can copy this content and paste it into a Windows PowerShell terminal and use some PowerShell functions to decode it.

[IO.File]::WriteAllBytes("C:\\Users\\Public\\id_rsa", [Convert]::FromBase64String("<base64>"))

We can confirm if the file was transferred successfully using the Get-FileHash cmdlet, which does the same thing that md5sum does.

Confirming the MD5 Hashes Match

Get-FileHash C:\\Users\\Public\\id_rsa -Algorithm md5

<aside> 🗒️

While this method is convenient, it's not always possible to use. Windows Command Line utility (cmd.exe) has a maximum string length of 8,191 characters. Also, a web shell may error if you attempt to send extremely large strings.

</aside>