Happy Hacking

This VM, Provided by Pentester Lab, has a website vulnerable to padding oracle attack .  Our goal is to exploit this vulnerability and login as user and admin .   Step 1 :   Now A look at Website    The Website said that we should create an account first. This is because key only appears when you are logged in .  Step 2 :   Using Burpsuite , We can Intercept the server's response  and see how it's look like .     Step 3 :   Now We have Auth  Key        EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE                Step 4 : Kali has an  Padbuster  Tool .                                                                                                                                                                                        Where URL = The target URL (and query string if applicable)                                                            EncryptedSample = The encrypted value you want to test.