Padding Oracle Attack
Check List
Methodology
Black Box
Padding Atatack (PKCS#7)
log in to the target site and upload it to your system using burp suite software
in the program, go to the add plugin section and download the padding oracle hunter plugin
then intercept a request, right-click and select the padding oracle hunter plugin in the plugins section. select a test type between PKCS#7 and PKCS#1.5 go to the plugin page
the important point is that the PKCS#7 type has a different GUI page than the PKCS#1.5 type
In the PKCS#7 test page, there is an HTTP request at the beginning of the page. at the bottom of the request section, there are 4 options: payload, format, URL encoded, and clear section
In the middle of the page there are 4 entries called threads, block dize, response padding and plain text
at the bottom of the page there is a section called output. under output there are 4 buttons called test, encrypt, decrypt, and stop
pipe the request through extensions -> padding oracle hunter -> PKCS#7
select the ciphertext value in the request window, click delect payload with hex format, and uncheck URL encoded. the payload will be enclosed within the § symbol
click the test button and it will provide a summary which will indicate if the server is vulnerable to the padding oracle attack with its corresponding invalid/valid padding payload and response
copy either part of the padding response, or the full padding response from the output window and put it in the padding response textbox. you can choose to use either the valid or invalid padding response. click the decrypt button to recover the plaintext
To escalate to admin privileges, we will need to modify the plaintext to {“userid”:”100",”isAdmin”:”True”} and convert it to a hexadecimal value
copy the modified hexadecimal value to the plaintext textbox and click the encrypt button to compute the corresponding ciphertext
update the http request with the newly computed ciphertext and send the request to the server. notice that we are now logged in as an admin
Padding Atatack (PKCS#1 v1.5)
pipe the request through extensions -> padding oracle hunter -> PKCS#1 v1.5
select the ciphertext value in the request window, click select payload with Hex format, and uncheck URL encoded. The payload will be enclosed within the § symbol
fill in the public key parameters with public exponent: 65537 and modulus: 91150209829916536965146520317827566881182630249923637533035630164622161072289
click the test button, and it will provide a summary which will indicate if the server is vulnerable to a padding oracle attack with its corresponding invalid/valid padding payload and response
copy either part of the padding response, or the full padding response from the output window and put it in the padding response textbox. you can choose to use either the valid or invalid padding response. click the decrypt button, and the plaintext will be recovered after about 50k requests
Padding Attack with Padbuster
log into the target site and intercept requests using the burp suite tool
Identify a target endpoint that uses encrypted parameters in the request
GET /home.jsp?UID=7B216A634951170FF851D6CC68FC9537858795A28ED4AAC6 HTTP/1.1
Host: sampleappconfirm that the encrypted value is included in the URL, POST data, or cookies
run PadBuster with the required arguments, example command for uppercase HEX encoding
padBuster.pl http://sampleapp/home.jsp?UID=7B216A634951170FF851D6CC68FC9537858795A28ED4AAC6 \
7B216A634951170FF851D6CC68FC9537858795A28ED4AAC6 8 -encoding 2allow PadBuster to analyze the first 0–256 response cycle and select the response pattern that corresponds to the padding error
Once selected, observe how PadBuster Iterates through each ciphertext block, Brute forces each plaintext byte (maximum 256 requests per byte), Displays intermediary byte values, Displays the recovered plaintext
If plaintext is successfully recovered block by block, the Padding Oracle vulnerability is confirmed
White Box
Cheat Sheet
Last updated