Skip to content

Latest commit

 

History

History
42 lines (34 loc) · 1.5 KB

README.md

File metadata and controls

42 lines (34 loc) · 1.5 KB

Padding-oracle-exploit

Web based padding oracle attack

Overview

This is a modified version of mpgn's exploit rewritten with Requests for the Padding Oracle Attack. The CBC mode must use PKCS7 for the padding block.

This exploit allow block size of 8 or 16, thus the script can be used even if the cipher use AES or DES. Tested against HTB Web Challenge.

The modifications include:

  • rewritten in Requests
  • added cookie injection functionality
  • added base64 convert option
  • minor improvements

Usage

usage: ask-oracle.py [-h] -c CIPHER -l LENGTH_BLOCK_CIPHER --host HOST -u
URLTARGET --error ERROR [--cookie COOKIE]
[--method METHOD] [--post POST] [--cookieinj COOKIEINJ]
[--base64] [-v]

Details required options:

-c cipher chain (hex)
-l length of a block, example: 8 or 16
-u UrlTarget, example: /?id=
--host hostname, example: google.ca
--error Error that the orcale gives to a wrong padding
    example: HTTP codes: 200,400,500
             DOM HTML  : "<h1>Padding Error</h1>"

Optional:

--cookie Cookie parameter, example: PHPSESSID=123abcd
--method Method of passing the ciphertext. GET POST or cookie, default GET
--post POST parameter, example 'user':'value', 'pass':'value'
--cookieinj cookie name to inject ciphertext
--base64 convert to base64