As PowerShell power user James Honeycutt points out, PowerShell supports Base64 encoding and decoding of data:
Here it is in text form:
Let’s break down this command piece-by-piece:
Yeah, I’ll remember that off the top of my head. ��♂️
If you need to decode Base64 content often (for example, you work in threat intel, or malware analysis, or incident response), this is not terribly convenient to type. This is a good candidate to be summarized with a simple PowerShell function that you load in your default PowerShell profile.
A PowerShell profile is a script that runs automatically when you launch PowerShell. It allows you to customize your environment to suit your needs, but it requires that you permit PowerShell script execution policy on your system (which is disabled by default, for silly reasons; you can change the policy to allow local script execution, but not allow scripts downloaded from the internet by running Set-ExecutionPolicy RemoteSigned -Force in an administrative PowerShell session).
To create a handy function to simply Base64 decoding, open your PowerShell profile in Notepad or your favorite editor using the $profile variable:
Next, paste in the following functions to add ConvertFrom-Base64 and ConvertTo-Base64 as PowerShell commands:
Next, reload your PowerShell profile using the & call operator (or, close and open a new PowerShell session):
Now you can use the function names ConvertFrom-Base64 and ConvertTo-Base64 as PowerShell commands to work with Base64 data!
In these simple functions, I am converting the data to ASCII strings, which is normally what I want. If you are working with data that needs another form of conversion (such as decompressing data), then I’ll probably just copy-paste [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($EncodedText)) from my Obsidian notebook.
-Joshua Wright
Return to Getting Started With PowerShell
p.s. My #monthofpowershell collaborator Mick Douglas is wrapping up his article on customizing your PowerShell profile in amazing ways. Stay tuned for that to publish soon!
Joshua Wright is the author of SANS SEC504: Hacker Tools, Techniques, and Incident Handling, a faculty fellow for the SANS Institute, and a senior technical director at Counter Hack.
