I'm trying to find and print out all the files that contain a base64 encoded string, using grep and command substitution.
If I first encode the base64 string, and then grep, I'm able to find the file:
$ echo "FLAG" | base64
RkxBRwo=
$ grep -nr "Rkx"
test.txt:1:RkxBR3tUaGl6STVUaDNGbDRnfQo=
But when I use command substitution I get no ouput.
$ grep -nr `echo "FLAG" | base64`
steeldriver posted the answer as a comment, so I’m posting it as an answer.
echo "FLAG" | base64 outputs RkxBRwo=,
so your
grep -nr `echo "FLAG" | base64`command is doing
grep -nr RkxBRwo=But, based on what you’ve showed, your
test.txt file doesn’t contain RkxBRwo=;
it contains RkxBR (followed by other characters).
If you want to search your files
for the first 5 characters of the base64 encoding of FLAG,
do
grep -nr `echo "FLAG" | base64 | cut -c1-5`
= added as base64 padding at the end of the "FLAG" output. I was basically grepping for something that did not exist in the file.
The command
grep -nr `echo "FLAG" | base64`
says to search recursively in all files in the current directory for pattern returned by the command echo "FLAG" | base64.
Instead, I believe you want
echo "FLAG" | base64 | grep -n 'Rkx'
or, if for whatever reason you need a command substitution:
grep -n 'Rkx' <<< $(echo "FLAG" | base64)
Notice the expression $() is used instead of backticks for command substitution. Here is why.
test.txtactually containRkxBRwo=? you've only shown that it containsRkxBR3tUaGl6STVUaDNGbDRnfQo=$) at the beginning of your output lines (e.g.,$ RkxBRwo=). That doesn’t make sense, and is confusing.