Skip to main content
🧠Educationalbeginner12 min read
β€’

OverTheWire Bandit Level 11: Decoding Base64 Encoded Data

OverTheWire Bandit Level 11 walkthrough. Learn how to decode base64 encoded data using the base64 command, understand encoding vs. decoding, and extract passwords from encoded strings.

OverTheWireBanditLinuxbeginnerCTFbase64encodingdecodingdata transformation
Share:𝕏inβ¬‘βœ‰
πŸ”—OverTheWire Bandit Series
Part 12 of 34
πŸ“šView all posts in OverTheWire Bandit series

πŸ” OverTheWire Bandit Level 11: Decoding Base64 Encoded Data

Level 11 introduces base64 encodingβ€”a common way to encode data. Base64 is used everywhere: email attachments, web APIs, configuration files, and more. Understanding how to decode base64 is essential for penetration testing, as you'll constantly encounter encoded data that needs to be decoded.

Level 11 teaches you:

  • Using the base64 command to decode data
  • Understanding base64 encoding and decoding
  • Using pipes to process encoded data
  • Extracting passwords from encoded strings
  • Why base64 encoding exists and when it's used

This level builds on what you learned about pipes and command chaining. Base64 decoding is a fundamental skill you'll use constantly in security work.

🎯 The Objective

After logging into bandit10, your goal is to find the password for Level 11. The password is in a file called data.txt in your home directory. The file contains base64 encoded dataβ€”the password is hidden inside this encoded string.

What Level 11 teaches:

  • Using base64 -d to decode base64 data
  • Understanding encoding vs. decoding
  • Using pipes to process encoded files
  • Extracting readable text from encoded data
  • Understanding base64 format

The challenge: The file contains base64 encoded text. You need to decode it to reveal the password. The decoded output will contain a phrase with the password.

πŸ” Understanding the Problem

Let's start by connecting to Level 10 and seeing what we're dealing with:

sshpass -p `cat bandit10` ssh bandit10@bandit.labs.overthewire.org -p 2220

Once connected, let's check the data.txt file:

ls -la data.txt
cat data.txt

You should see a string of characters that looks like random textβ€”this is base64 encoded data. Base64 strings typically contain letters (A-Z, a-z), numbers (0-9), and the characters + and /. They often end with = padding characters.

Example of base64 encoded data:

VGhlIHBhc3N3b3JkIGlzIElWYW5kU2NyZWFtMlIzNGQ=

The problem: How do you decode this base64 string to reveal the password?

The answer: Use the base64 command with the -d flag (decode) to convert the encoded string back to readable text.

🧠 Understanding Base64 Encoding

Let's dive deeper into base64, because understanding it helps you recognize it in the wild:

What Is Base64?

Base64 is an encoding scheme that converts binary data into ASCII text. It's called "base64" because it uses 64 different characters to represent data.

Base64 characters:

  • Uppercase letters: A-Z (26 characters)
  • Lowercase letters: a-z (26 characters)
  • Numbers: 0-9 (10 characters)
  • Special characters: + and / (2 characters)
  • Padding: = (used to make the string length a multiple of 4)

Total: 64 characters

Why Base64 Exists

Base64 encoding is used when you need to:

  • Send binary data through text-only channels (like email)
  • Store binary data in text formats (like JSON, XML)
  • Hide data (though it's not encryptionβ€”it's just encoding)
  • Embed data in URLs (with URL-safe variants)

Important: Base64 is encoding, not encryption. It's easily reversibleβ€”anyone can decode it. Don't use it for security!

How Base64 Works

Base64 takes binary data and converts it to text:

  • Takes 3 bytes of binary data (24 bits)
  • Splits into 4 groups of 6 bits each
  • Converts each 6-bit group to a base64 character
  • Adds padding (=) if needed

Example:

Text: "The"
Binary: 01010100 01101000 01100101
Base64: VGhl

πŸ“‹ Step-by-Step Walkthrough

Step 1: Connect to Level 10

sshpass -p `cat bandit10` ssh bandit10@bandit.labs.overthewire.org -p 2220

Step 2: Check the File

Let's see what we're working with:

cat data.txt

You should see a base64 encoded string. It will look like random characters, but it follows the base64 pattern (A-Z, a-z, 0-9, +, /, and possibly = padding).

Step 3: Decode the Base64 Data

Use the base64 command with the -d flag to decode:

cat data.txt | base64 -d

Breaking this down:

  • cat data.txt β€” Reads the file contents (the base64 encoded string)
  • | β€” Pipes the output to the next command
  • base64 -d β€” Decodes the base64 data (the -d flag means "decode")

What you'll see: The decoded output will be readable text. It might contain a phrase like "The password is [password]" or similar. The password will be in that decoded text.

Example output:

The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Step 4: Extract the Password

The decoded output will contain the password. It might be in a phrase like "The password is [password]" or just be the password itself. Copy the password stringβ€”that's your password for Level 11.

Step 5: Save the Password

Copy the password and save it:

On Linux/macOS:

echo "PASSWORD_HERE" > bandit11

On Windows (PowerShell):

"PASSWORD_HERE" | Out-File -FilePath bandit11 -NoNewline

Step 6: Connect to Level 11

sshpass -p `cat bandit11` ssh bandit11@bandit.labs.overthewire.org -p 2220

πŸ’‘ Understanding the base64 Command

Let's dive deeper into the base64 command:

Encoding vs. Decoding

Encoding (text β†’ base64):

echo "Hello" | base64
# Output: SGVsbG8=

Decoding (base64 β†’ text):

echo "SGVsbG8=" | base64 -d
# Output: Hello

For Level 11: We use base64 -d to decode (convert base64 back to readable text).

Common base64 Options

-d or --decode β€” Decode base64 data

base64 -d file.txt

-i or --ignore-garbage β€” Ignore non-base64 characters

base64 -d -i file.txt

No flag (default) β€” Encode data to base64

base64 file.txt

For Level 11: We use base64 -d to decode the encoded data.

Using Pipes with base64

You can pipe data into base64:

cat file.txt | base64 -d

This reads the file and pipes it directly to base64 for decoding.

πŸ› οΈ Alternative Methods

Here are different ways to decode base64:

Method 1: cat | base64 -d (Recommended)

cat data.txt | base64 -d

Pros: Simple, efficient, standard approach Cons: None really

Method 2: base64 -d Directly

base64 -d data.txt

Pros: Simpler syntax, no pipe needed Cons: None really (this is actually preferred when you have a filename)

Note: Both methods work the same. When you have a filename, you can use base64 -d directly. Pipes are useful when you're chaining multiple commands.

Method 3: Using echo with Base64 String

echo "VGhlIHBhc3N3b3JkIGlzIElWYW5kU2NyZWFtMlIzNGQ=" | base64 -d

Pros: Works if you want to decode a specific string Cons: Requires copying the string manually

You could use online base64 decoders, but:

  • Pros: Quick, no command needed
  • Cons: Doesn't teach you Linux skills, requires internet, less secure

For Level 11, use Method 1 or 2 β€” they're both efficient and teach you valuable skills.

πŸ”’ Real-World Context

Why does this matter in penetration testing?

In real security assessments, you'll constantly encounter base64 encoded data:

1. Web Application Analysis

Web applications often use base64 for:

  • API tokens
  • Session IDs
  • Authentication headers
  • Data transmission

Example: Decoding a base64 token:

echo "dXNlcm5hbWU6cGFzc3dvcmQ=" | base64 -d
# Output: username:password

2. Configuration Files

Configuration files might contain base64 encoded:

  • Passwords
  • API keys
  • Connection strings
  • Certificates

Example: Finding and decoding base64 in configs:

grep -r "base64" /etc/ | cut -d: -f2 | base64 -d

3. Log File Analysis

Log files might contain base64 encoded:

  • User input
  • Request data
  • Error messages
  • Sensitive information

Example: Decoding base64 in logs:

grep "base64" access.log | awk '{print $NF}' | base64 -d

4. Malware Analysis

Malware often uses base64 to:

  • Hide payloads
  • Obfuscate strings
  • Encode C2 communications
  • Store encrypted data

Example: Extracting base64 strings from malware:

strings malware.exe | grep -E '^[A-Za-z0-9+/]{20,}={0,2}$' | base64 -d

5. API Analysis

APIs often use base64 for:

  • Authentication tokens
  • Data encoding
  • File uploads
  • Binary data transmission

Example: Decoding API responses:

curl https://api.example.com/data | jq -r '.token' | base64 -d

6. Email Analysis

Email attachments are often base64 encoded:

  • Attachments
  • Images
  • Documents
  • Embedded content

Example: Decoding email attachments:

cat attachment.b64 | base64 -d > attachment.bin

The skill you're learning: How to decode base64 encoded data. This is essential when:

  • Analyzing web applications
  • Processing configuration files
  • Examining log files
  • Analyzing malware
  • Working with APIs
  • Extracting encoded credentials or data

🚨 Common Mistakes

Mistake 1: Forgetting the -d Flag

Wrong:

cat data.txt | base64
# This ENCODES the data, making it more encoded!

Right:

cat data.txt | base64 -d
# The -d flag decodes the data

Why: Without -d, base64 encodes data (converts text to base64). You need -d to decode (convert base64 back to text).

Mistake 2: Wrong File Format

Wrong:

base64 -d data.txt > output.txt
# Might add extra newlines or formatting issues

Right:

cat data.txt | base64 -d
# Or: base64 -d data.txt

Why: The base64 command handles the data correctly when piped or used directly. Redirecting to a file might add extra characters.

Mistake 3: Not Understanding Encoding vs. Decoding

Confusion: "What's the difference between encoding and decoding?"

Clarification:

  • Encoding β€” Converts readable text to base64 (text β†’ base64)
  • Decoding β€” Converts base64 back to readable text (base64 β†’ text)

For Level 11: The file contains base64, so we need to decode it (use -d).

Mistake 4: Reading the Wrong Part of the Output

Confusion: "The decoded output has a phraseβ€”where's the password?"

Clarification:

  • The decoded output might be a phrase like "The password is [password]"
  • The password is the string in that phrase
  • It might be at the end, in the middle, or the entire output

For Level 11: The decoded output will contain the passwordβ€”look for the long random string of characters.

Mistake 5: Not Recognizing Base64 Format

Confusion: "How do I know if something is base64?"

Clarification: Base64 strings typically:

  • Contain A-Z, a-z, 0-9, +, /
  • Often end with = padding (0, 1, or 2 equals signs)
  • Have length that's a multiple of 4 (after padding)
  • Look like random text but follow the pattern

Example base64 patterns:

VGhlIHBhc3N3b3JkIGlzIElWYW5kU2NyZWFtMlIzNGQ=
dXNlcm5hbWU6cGFzc3dvcmQ=
SGVsbG8=

πŸ’» Practice Exercise

Try these to reinforce what you learned:

  1. Encode text to base64:

    echo "Hello World" | base64
# Output: SGVsbG8gV29ybGQ=

  2. Decode base64 back:

    echo "SGVsbG8gV29ybGQ=" | base64 -d
# Output: Hello World

  3. Decode a file:

    echo "VGhlIHBhc3N3b3JkIGlzIHRlc3Q=" > test.b64
base64 -d test.b64
# Output: The password is test

  4. Encode and decode:

    echo "password123" | base64 | base64 -d
# Should output: password123

  5. Clean up:

    rm test.b64

πŸŽ“ Understanding Encoding vs. Encryption

This is a good time to understand the difference:

Encoding

Encoding is a reversible transformation:

  • Converts data from one format to another
  • Not secure β€” easily reversible
  • Examples: base64, URL encoding, hex encoding
  • Purpose: Data representation, not security

Base64 is encoding, not encryption!

Encryption

Encryption is a secure transformation:

  • Converts data using a key
  • Secure β€” requires key to reverse
  • Examples: AES, RSA, SSL/TLS
  • Purpose: Security and confidentiality

Don't confuse encoding with encryption!

Why This Matters

In security assessments:

  • Encoded data can be decoded easily (like base64)
  • Encrypted data requires keys or cracking
  • Understanding the difference helps you:
    • Know what you can decode immediately
    • Identify what needs more advanced techniques
    • Avoid wasting time on encoded data thinking it's encrypted

πŸ”— What's Next?

Level 12 introduces hexadecimal encodingβ€”another common encoding scheme. You'll learn to decode hex-encoded data using xxd or other tools, which is another essential skill for data analysis.

Before moving on, make sure you:

  • βœ… Successfully decoded base64 data using base64 -d
  • βœ… Understand the difference between encoding and decoding
  • βœ… Can recognize base64 format
  • βœ… Know how to use pipes with base64
  • βœ… Understand that base64 is encoding, not encryption

πŸ“š Key Takeaways

After completing Level 11, you should understand:

  1. Base64 encoding β€” A way to represent binary data as text
  2. base64 -d command β€” Decodes base64 data back to readable text
  3. Encoding vs. decoding β€” Encoding converts text to base64, decoding converts base64 back to text
  4. Pipes with base64 β€” Using cat file | base64 -d to process encoded files
  5. Not encryption β€” Base64 is encoding, not encryption (easily reversible)

🎯 Quick Reference

ProblemSolutionExample
Decode base64Use base64 -dbase64 -d file.txt
Encode to base64Use base64base64 file.txt
Pipe to decodeUse |cat file | base64 -d
Recognize base64Look for patternA-Z, a-z, 0-9, +, /, =
Decode stringUse echo | base64 -decho "SGVsbG8=" | base64 -d

Questions about Level 11 or base64 encoding/decoding? Reach out directly:

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice

Found this helpful? Share it:

Share:𝕏inβ¬‘βœ‰

Need Help With This?

Have questions about implementing these security practices? Let's discuss your specific needs.

Get in Touch

More in Educational

Explore more articles in this category.

Browse 🧠 Educational

Related Articles