Hack Padding Oracle

This VM, Provided by Pentester Lab, has a website vulnerable to padding oracle attack . 
Our goal is to exploit this vulnerability and login as user and admin .  

Step 1 :  Now A look at Website  



The Website said that we should create an account first. This is because key only appears when you are logged in . 





Step 2 :   Using Burpsuite , We can Intercept the server's response  and see how it's look like .  


Step 3 :  Now We have Auth  Key       EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE               


Step 4 : Kali has an  Padbuster  Tool .                                                                                                    
                                                                                 
Where URL = The target URL (and query string if applicable)                                                            EncryptedSample = The encrypted value you want to test.                                                                   Must also be present in the URL, PostData or a Cookie 
BlockSize = The block size being used by the algorithm                                                                                                         
 


Step 5 :  Now Decrypt Value Of Auth key is user = hacker . We Can Simply Reencrypt Using the String User = demo  

padbuster http://172.16.129.131/login.php EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE 8 --cookies auth=EgJh18CJZHgA8yMdlWl3TMqog0LpR0nE --encoding 0  -plaintext user=demo 


 

Step 6 :  Using Burpsuite , Intercept the Request and Change the Auth Cookie Value With the New Encrypted value  

  


Step 7 :  Click Forward and You Got Logged in User Account .


 


Thank You Pentester Lab . 

Comments

Popular posts from this blog

File Upload Vulnerability Bug In bit defender

Mobile ASVS 0.9.1