I want to show you the data exfiltration technique with base64 and cellphone cam, also you can use it with OCR. But OCR doesn’t convert image to text %100, you must fix encoded file. Imagine that, you found a file that contains passwords but you can’t your server, you can’t plug any USB device, etc. How can you steal this file? Simple. Let’s do it.
![](https://i0.wp.com/bksecurity.org/wp-content/uploads/2020/11/image-4.png?resize=624%2C360&ssl=1)
Our example file
You should convert this file to base64 encoded string:
[Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($(cat .\passwords.txt)))
![](https://i0.wp.com/bksecurity.org/wp-content/uploads/2020/11/image-5.png?resize=680%2C71&ssl=1)
![](https://i0.wp.com/bksecurity.org/wp-content/uploads/2020/11/image-6.png?resize=624%2C166&ssl=1)
I captured string (with phone) and downloaded the captured image with the WhatsApp web.
![](https://i0.wp.com/bksecurity.org/wp-content/uploads/2020/11/image-7.png?resize=624%2C77&ssl=1)
Captured and Cropped
![](https://i0.wp.com/bksecurity.org/wp-content/uploads/2020/11/image-8.png?resize=624%2C275&ssl=1)
Converting the string with OCR (not %100)
![](https://i0.wp.com/bksecurity.org/wp-content/uploads/2020/11/image-10.png?resize=624%2C58&ssl=1)
We fixed the base64 file and we stolen passwords.
Thanks for your time and your interest.
Berk KIRAS – Cyber Security Consultant
This web site is really a walk-through for all of the info you wanted about this and didn’t know who to ask. Glimpse here, and you’ll definitely discover it.
That’s an awesome point