Oracle Padding Attack

If you see the server return with an 'invalid padding' error message as the response, you know that it's vulnerable to this

HTTP/1.1 200 OK

Date: Thu, 23 Aug 2018 13:27:04 GMT

Server: Apache/2.4.7 (Ubuntu)

X-Powered-By: PHP/5.5.9-1ubuntu4.21

Content-Length: 15

Connection: close

Content-Type: text/html

Invalid padding

Oracle padding is an information leak that allows you to brute force the key one byte at a time by using the padding variable (which basically acts as a checksum to say "yes, this whole block is fine")

Use a tool called PadBuster

padbuster <URL> <cookie VALUE> <block size (choose 8 or 16)> -cookies <full cookie (name=value)>

>>> When prompted, select the recommended response signature

PreviousSQL Shells NextWIN Shells

Last updated 1 year ago