Hack Padding Oracle

This VM, Provided by Pentester Lab, has a website vulnerable to padding oracle attack . 
Our goal is to exploit this vulnerability and login as user and admin .  

Step 1 :  Now A look at Website  

The Website said that we should create an account first. This is because key only appears when you are logged in . 





Step 2 :   Using Burpsuite , We can Intercept the server's response  and see how it's look like .  


Step 3 :  Now We have Auth  Key       EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE               


Step 4 : Kali has an  Padbuster  Tool .                                                                                                    
                                                                                 
Where URL = The target URL (and query string if applicable)                                                            EncryptedSample = The encrypted value you want to test.                                                                   Must also be present in the URL, PostData or a Cookie 
BlockSize = The block size being used by the algorithm                                                                                                         
 


Step 5 :  Now Decrypt Value Of Auth key is user = hacker . We Can Simply Reencrypt Using the String User = demo  

padbuster http://172.16.129.131/login.php EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE 8 --cookies auth=EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE --encoding 0  -plaintext user=demo 


 

Step 6 :  Using Burpsuite , Intercept the Request and Change the Auth Cookie Value With the New Encrypted value  

  


Step 7 :  Click Forward and You Got Logged in User Account .


 


Thank You Pentester Lab . 

Comments

Post a Comment

Popular posts from this blog

File Upload Vulnerability Bug In bit defender

Image
Hey all , Few months back I found a upload  vulnerability bug in bit defender.  Lets get into the finding While I was testing "bit defender.com " , There was one url with this pattern     Step 1 : Tested for  " SQL " Injection  https://store.bitdefender.com/ order/?=  '%3   there was some syntax error        Step 2 : Tested for " LFI "     https://store.bitdefender.com/ order/?=   cat /etc/passwd       there was some syntax error     Step 3 : I Did Tested More Injection    there was some 404 error  Ok thats cool :)    Step 10 : Tested for " XSS "         https://store.bitdefender.com/ order/?=%3Csvg/onload=alert(1) %3E                 The above url showing ...
Read more

Intel AMT Vulnerability Allow Hack Remotely Critical Escalation Of Privilege Bug

Image
The vulnerability, labeled CVE-2017-5689 , affects Intel remote management technologies, including Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software, versions 6 through 11.6.  Where the Intel AMT Vulnerability resides? To protect Intel AMT Web Interface from unauthorized users, the service makes use of HTTP Digest and Kerberos authentication. The escalation of privilege vulnerability resides in the way Intel AMT Web Interface handles user authentication over HTTP Digest protocol, which is based on a simple challenge-response paradigm. Before going into the technical details about the exploitation of this vulnerability, first, you need to know how the Digest authentication works. The Digest authentication completes in the following steps: Client requests server to initiate login, and in response, the server returns a randomly generated 'nonce' value, the HTTP method, and the reques...
Read more