Talk to a Security Expert Now: (800) 721-9177

String Encoding in the Shell

Data encoding in the shell is a quick and reliable method to parse input in one type of format to format of another type. This could be done in order to determine how an application has converted input, or to encode your input in such a way as to bypass a security filter. These include some valuable methods such as HEX, HTML, URL, various password representations, common hashes and even some compression encodings. What follows are some of my favourite methods to convert input on the command line. Some of these rely on commands that are non-standard, but typically available from your Linux Distribution’s repository. Lots of Python snippets are included as well. These examples can be run individually by or all together in a bash file encode.sh:

#!/bin/bash

if [ $# -ne 1 ]
then
  echo "Performs a number of encodings on the first argument string"
  echo "Usage: `basename $0` {string}"
  exit 1
fi

printf "n# String Scrambles:n"
printf "%-20st" 'Normal:'; echo "$1"
printf "%-20st" 'Reversed:'; echo "$1" | rev
printf "%-20st" 'Case Reversed:'; echo "$1" | tr '[A-Z][a-z]' '[a-z][A-Z]'
printf "%-20st" 'ROT13:'; echo "$1" | gcipher -c Rot -k 13
#printf "%-20st" 'Rot13:' ; python -c "print '''$1'''.encode('rot13')"
printf "%-20st" 'GIE:'; echo "$1" | gcipher -c Gie
printf "%-20st" 'Caesar:'; echo "$1" | gcipher -c Ceasar
printf "%-20st" 'Vigenere:'; echo "$1" | gcipher -c Vigenere -k vigenere
# printf "%-20st" 'Anagrams:'; wordplay -s "$1" | sort -u | sed -n '1h;2,$H;${g;s/n/, /g;p}'
# Due to both terminal and editor encodings, this is better executed on a non-UTF8 terminal:
printf "%-20st" 'Leet (l334):'; echo "$1" | tr [a-z] [A-Z] | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' '4ß(Ð3ƒ9H1JK£MN0PQ®$7µVWX¥2' | sed 's_H_|-|_g;s_J__|_g;s_K_|{_g;s_M_|/|_g;s_N_||_g;s_P_|°_g;s_Q_¶¸_g;s_V_/_g;s_W_//_g;s_X_)(_g' #See http://www.albinoblacksheep.com/text/leet

printf "n# Numerical Representations:n"
printf "%-20st" 'INT:'; echo -n "$1" | hexdump -ve '/1 "%03i"'; echo
printf "%-20st" 'HEX:'; echo -n "$1" | hexdump -ve '/1 "%02x"'; echo
printf "%-20st" 'OCT:'; echo -n "$1" | hexdump -ve '/1 "%02o"'; echo
printf "%-20st" 'BIN:'; echo -n "$1" | xxd -b -g0 -c0 | cut -b10-56 | tr -d 'n '; echo

printf "n# Passwords:n"
printf "%-20st" "CRYPT w/o SALT:"; echo -n "$1" | openssl passwd -crypt -stdin -salt 00
printf "%-20st" "CRYPT w/ Random SALT:"; echo -n "$1" | openssl passwd -crypt -stdin
printf "%-20st" "DES w/ CR SALT:"; echo -n "$1" | openssl passwd -crypt -stdin -salt CR
printf "%-20st" "Shadow w/o SALT:"; echo -n "$1" | openssl passwd -1 -stdin -salt 00000000
printf "%-20st" "Shadow w/ RANDOM SALT:"; echo -n "$1" | openssl passwd -1 -stdin
printf "%-20st" "Apache w/o SALT:"; echo -n "$1" |  openssl passwd -apr1 -stdin -salt 00000000
printf "%-20st" "Apache w/ RANDOM SALT:"; echo -n "$1" |  openssl passwd -apr1 -stdin
printf "%-20st" "LM Password:"; python -c "import smbpasswd; print smbpasswd.lmhash("""$1""")" #requires python-smbpasswd
printf "%-20st" "NTLM Password:"; python -c "import smbpasswd; print smbpasswd.nthash("""$1""")" #requires python-smbpasswd

printf "n# Digest Hashes (newline not included):n"
#printf "%-20st" 'BINARY MD5:' ; echo -n $1 | openssl dgst -binary
printf "%-20st" 'MD5:'; echo -n $1 | openssl dgst -md5
printf "%-20st" 'MD4:'; echo -n $1 | openssl dgst -md4
printf "%-20st" 'MD2:'; echo -n $1 | openssl dgst -md2
printf "%-20st" 'SHA1:'; echo -n $1 | openssl dgst -sha1
printf "%-20st" 'SHA:'; echo -n $1 | openssl dgst -sha
printf "%-20st" 'SHA224:'; echo -n $1 | openssl dgst -sha224
printf "%-20st" 'SHA256:'; echo -n $1 | openssl dgst -sha256
printf "%-20st" 'SHA384:'; echo -n $1 | openssl dgst -sha384
printf "%-20st" 'SHA512:'; echo -n $1 | openssl dgst -sha512
#printf "%-20st" 'MDC2:' ; echo -n $1 | openssl dgst -mdc2
printf "%-20st" 'RIPEMD160:'; echo -n $1 | openssl dgst -ripemd160
printf "%-20st" 'CRC32:'; python -c "import binascii; print binascii.crc32('''$1''') & 0xffffffff" 

printf "n# Web Encodingsn"
printf "%-20st" 'URLQuote:'; python -c "import urllib; print urllib.quote('''$1''')"
printf "%-20st" 'URLEscape:'; echo "$1" | recode ..HTML
printf "%-20st" 'HTML HEX Entity:'; echo -n "$1" | hexdump -ve '/1 "&#x%02x;"'; echo
printf "%-20st" 'HTML Entity:'; echo -n "$1" | hexdump -ve '/1 "&#%02i;"'; echo
printf "%-20st" 'Javascript String'; echo -n "String.fromCharCode("; echo -n "$1" | hexdump -ve '/1 "%i,"' | sed 's_,$_)n_'
printf "%-20st" 'SQL String'; echo -n $1 | hexdump -ve '/1 "char(%i)+"' | sed 's_+$_n_g'

printf "n# UTF Encodingsn"
printf "%-20st" 'UTF-7:'; echo $1 | iconv -t utf7
printf "%-20st" 'UTF-8:'; echo $1 | iconv -t utf8
printf "%-20st" 'UTF-16:'; echo $1 | iconv -t utf16
printf "%-20st" 'UTF-32:'; echo $1 | iconv -t utf32
printf "%-20st" 'Unicode:'; echo $1 | iconv -t unicode
printf "%-20st" 'ASCII:'; echo $1 | iconv -t ascii

printf "n# Encodingsn" #http://docs.python.org/library/codecs.html#standard-encodings
printf "%-20st" 'Base64:'; echo -n $1 | openssl enc -e -base64
#printf "%-20st" 'Base64:'; python -c "import base64; print base64.b64encode('''$1''')"
printf "%-20st" 'Base32:'; python -c "import base64; print base64.b32encode('''$1''')"
printf "%-20st" 'Base16:'; python -c "import base64; print base64.b16encode('''$1''')"
#printf "%-20st" 'UUEncode:'; python -c "print repr('''$1'''.encode('uu_codec'))"
#printf "%-20st" 'UUEncode:';; echo -n $1 | hexdump -ve '/1 "#%02x"' | tr '#' '%'
printf "%-20st" 'UUEncode:'; python -c "import binascii; print binascii.b2a_uu('''$1''')" | tr -s 'n'
printf "%-20st" 'Punycode:' ; python -c "print '''$1'''.encode('punycode')"
printf "%-20st" 'Mime Quotable:' ; python -c "print '''$1'''.encode('quopri_codec')"

printf "n# Compression Encodingsn"
#printf "%-20st" 'Bzip2:' ; python -c "print repr('''$1'''.encode('bz2_codec'))" | sed "s_^'(.*)'$_1_"
#printf "%-20st" 'Zlib (gzip):' ; python -c "print repr('''$1'''.encode('zlib_codec'))" | sed "s_^'(.*)'$_1_"
printf "%-20st" '7z:' ; echo -n "$1" | 7z a dummy -tgzip -si -so 2>/dev/null | hexdump -ve '/1 "%02x"'| sed "s_(..)_x1_g"; echo
printf "%-20st" 'Bzip2:' ; echo -n "$1" | bzip2 -f | hexdump -ve '/1 "%02x"'| sed "s_(..)_x1_g"; echo
printf "%-20st" 'GZip:' ; echo -n "$1" | gzip -f | hexdump -ve '/1 "%02x"'| sed "s_(..)_x1_g"; echo
printf "%-20st" 'Zip:' ; echo -n "$1" | zip 2>/dev/null | hexdump -ve '/1 "%02x"'| sed "s_(..)_x1_g"; echo

#printf "n# OpenSSL Ciphers with empty passphrase, key and iv:n"
#for line in `openssl enc -h 2>&1 | sed -n '/Cipher Types/,//p' | grep -v -e "Cipher Types" -e "^$" | tr -s [:space:] 'n'`; do printf "%-20st" "$line:"; echo -n $1 | openssl enc -k "" -e -a -p -K 0 -iv 0 "$line" | sed -n '1h;2,$H;${g;s/n/, /g;p}'; done

#printf "n# All iconv Output Encodings ~= 1153:n"
#for line in `iconv -l`; do printf "%-20st" "$line"; echo -n $1 | iconv -t "$line" 2>/dev/null; echo; done

Example Run:

$ ./encode.sh 'Hello World!'

# String Scrambles:
Normal:             	Hello World!
Reversed:           	>b/<!dlroW olleH>b<
Case Reversed:      	hELLO wORLD!
ROT13:              	Uryyb Jbeyq!
GIE:                	Svool Dliow!
Caesar:             	Khoor Zruog!
Vigenere:           	Pkpys Nsmtj!
Leet (l334):        	|-|3££0 //0®£Ð!

# Numerical Representations:
INT:                	060098062072101108108111032087111114108100033060047098062
HEX:                	3c623e48656c6c6f20576f726c64213c2f623e
OCT:                	74142761101451541541574012715716215414441745714276
BIN:                	00111100011000100011111001001000011001010110110011011000110111100100000010101110110111101110010110110001100100001000010011110000101111011000100111110

# Passwords:
CRYPT w/o SALT:     	00H1EnAbbudEI
CRYPT w/ Random SALT:	/4tA4dY0Q8cJ6
DES w/ CR SALT:     	CRIFJgo.7OagA
Shadow w/o SALT:    	$1$00000000$PMrPd4yWfOkVwO2sHSqTv0
Shadow w/ RANDOM SALT:	$1$oJ0Qki6o$gNf/bXtOWA8Mi0wLa0SUp1
Apache w/o SALT:    	$apr1$00000000$XxCLeI7Ovl7HAPRfPavSe.
Apache w/ RANDOM SALT:	$apr1$Xr5GeJLw$Io1K0NZ0nvA4tClI77nyP/
LM Password:        	40033C993361335925522E685FA5299A
NTLM Password:      	E78EC9AB6886A6EADA6E61AAC053B93F

# Digest Hashes (newline not included):
MD5:                	26228b4d80d62285a839a475c9c7574f
MD4:                	1554d219d316077223f51c640d164ca6
MD2:                	f8057b72e7f174ef7cf80165fef67b37
SHA1:               	b44e743e733384dc8db8aa971f496ff3d22041db
SHA:                	e0053cc39e21839c3826c170b15a919d6a2c58e5
SHA224:             	08568694b48256a072ff5a1ed9e5b7ac52a0de09f93819d98e9d3188
SHA256:             	27889613b22d5c515af08ff865713664c4d53fcf9c9f7f280f6fa269177a6aac
SHA384:             	318e1f73428cb544afa1967328847fcc64a1c33d5f27319848ee203192b8b9e958c4417db4732499a848fb05107f0372
SHA512:             	fe1ab72b5677a17695134eb27f44548a0c02e4275997e364176c3adbac735ff73810a38b5674a311b97da81b16f35fa9e9618d0f02bbb0e5818cdd76b01a9dc3
RIPEMD160:          	cd47833973c967e0ff1d64b957adbaedcac2202a
CRC32:              	1574079884

# Web Encodings
URLQuote:           	%3Cb%3EHello%20World%21%3C/b%3E
URLEscape:          	&lt;b&gt;Hello World!&lt;/b&gt;
HTML HEX Entity:    	<b>Hello World!</b>
HTML Entity:        	<b>Hello World!</b>
Javascript String   	String.fromCharCode(60,98,62,72,101,108,108,111,32,87,111,114,108,100,33,60,47,98,62)
SQL String          	char(60)+char(98)+char(62)+char(72)+char(101)+char(108)+char(108)+char(111)+char(32)+char(87)+char(111)+char(114)+char(108)+char(100)+char(33)+char(60)+char(47)+char(98)+char(62)

# UTF Encodings
UTF-7:              	+ADw-b+AD4-Hello World+ACEAPA-/b+AD4
UTF-8:              	Hello World!
UTF-16:             	ÿþHello World!
UTF-32:             	ÿþHello World!
Unicode:            	ÿþHello World!
ASCII:              	Hello World!

# Encodings
Base64:             	PGI+SGVsbG8gV29ybGQhPC9iPg==
Base32:             	HRRD4SDFNRWG6ICXN5ZGYZBBHQXWEPQ=
Base16:             	3C623E48656C6C6F20576F726C64213C2F623E
UUEncode:           	3/&(^2&5L;&@5V]R;&0A/"]B/@
Punycode:           	Hello World!-
Mime Quotable:      	Hello=20World!

# Compression Encodings
7z:                 	x1fx8bx08x00x38x5bx6bx4ax00x00x01x13x00xecxffx3cx62x3ex48x65x6cx6cx6fx20x57x6fx72x6cx64x21x3cx2fx62x3ex8cx8dxd2x5dx13x00x00x00
Bzip2:              	x42x5ax68x39x31x41x59x26x53x59x59x24xfcx0ex00x00x02x1fx80x60x00x80x05x00x40x00x80x16x04x90x00x20x00x21xa9xa3x13x68xd0x80x68x03x0cx3cx90xd3xf8xc2x97x82x5ax2exe4x8ax70xa1x20xb2x49xf8x1c
GZip:               	x1fx8bx08x00xb8x09x6ax4ax00x03xb3x49xb2xf3x48xcdxc9xc9x57x08xcfx2fxcax49x51xb4xd1x4fxb2x03x00x8cx8dxd2x5dx13x00x00x00
Zip:                	x50x4bx03x04x14x00x08x00x08x00xaex62xf8x3ax00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x2dxb3x49xb2xf3x48xcdxc9xc9x57x08xcfx2fxcax49x51xb4xd1x4fxb2x03x00x50x4bx07x08x8cx8dxd2x5dx15x00x00x00x13x00x00x00x50x4bx01x02x17x03x14x00x08x00x08x00xaex62xf8x3ax8cx8dxd2x5dx15x00x00x00x13x00x00x00x01x00x00x00x00x00x00x00x01x00x00x00x80x11x00x00x00x00x2dx50x4bx05x06x00x00x00x00x01x00x01x00x2fx00x00x00x44x00x00x00x00x00

Anyone else have some useful oneliner encodings that are not included here? Best post gets a cookie!

Leave a Reply

Your email address will not be published. Required fields are marked *