coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [#2815] update padding oracle

Browse Source
This commit is contained in:
CPol 2021-10-28 10:53:20 +00:00 committed by gitbook-bot
parent 0008fa51c7
commit 0455778d02
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
4 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.gitbook/assets/image (629) (1).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 204 KiB

BIN
.gitbook/assets/image (629).png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 204 KiB

After

Width:  |  Height:  |  Size: 24 KiB

2
cloud-security/gcp-security/README.md
View File

@ -1,6 +1,6 @@
# GCP Security
![](<../../.gitbook/assets/image (629).png>)
![](<../../.gitbook/assets/image (629) (1).png>)
## Security concepts <a href="security-concepts" id="security-concepts"></a>

16
cryptography/padding-oracle-priv.md
View File

@ -4,11 +4,11 @@
In CBC mode the **previous encrypted block is used as IV** to XOR with the next block:
![CBC encryption](https://defuse.ca/images/cbc_encryption.png)
![CBC encryption](https://defuse.ca/images/cbc\_encryption.png)
To decrypt CBC the **opposite** **operations** are done:
![CBC decryption](https://defuse.ca/images/cbc_decryption.png)
![CBC decryption](https://defuse.ca/images/cbc\_decryption.png)
Notice how it's needed to use an **encryption** **key** and an **IV**.
@ -30,7 +30,7 @@ Note how in the last example the **last block was full so another one was genera
## Padding Oracle
When an application decrypts encrypted data, it will first decrypt the data; then it will remove the padding. During the cleanup of the padding, **if **an **invalid** **padding **triggers a detectable **behaviour**, you have a **padding oracle vulnerability**. The detectable behaviour can be an **error**, a **lack **of **results**, or a **slower response**.
When an application decrypts encrypted data, it will first decrypt the data; then it will remove the padding. During the cleanup of the padding, if an **invalid padding triggers a detectable behaviour**, you have a **padding oracle vulnerability**. The detectable behaviour can be an **error**, a **lack of results**, or a **slower response**.
If you detect this behaviour, you can **decrypt the encrypted data** and even **encrypt any cleartext**.
@ -50,7 +50,7 @@ perl ./padBuster.pl http://10.10.10.10/index.php "RVJDQrwUdTRWJUVUeBKkEA==" 8 -e
**Encoding 0** means that **base64** is used (but others are available, check the help menu).
You could also **abuse **this **vulnerability **to **encrypt new data**. For example, imagine that the content of the cookie is "_user=MyUsername_", then you may change it to "_**user=administrator**_" and escalate privileges inside the application. You could also do it using `paduster`specifying the** -plaintext** parameter:
You could also **abuse this vulnerability to encrypt new data. For example, imagine that the content of the cookie is "**_**user=MyUsername**_**", then you may change it to "\_user=administrator\_" and escalate privileges inside the application. You could also do it using `paduster`specifying the -plaintext** parameter:
```bash
perl ./padBuster.pl http://10.10.10.10/index.php "RVJDQrwUdTRWJUVUeBKkEA==" 8 -encoding 0 -cookies "login=RVJDQrwUdTRWJUVUeBKkEA==" -plaintext "user=administrator"
@ -64,11 +64,9 @@ perl ./padBuster.pl http://10.10.10.10/index.php "" 8 -encoding 0 -cookies "hcon
### The theory
In **summary**, you can start decrypting the encrypted data by **guessing **the correct **values **that can be used to **create **all the **different paddings**. Then, the padding oracle attack will start **decrypting **bytes **from **the **end **to the start by **guessing **which will be the correct **value **that **creates a padding of 1, 2, 3, etc**.
In **summary**, you can start decrypting the encrypted data by guessing the correct values that can be used to create all the **different paddings**. Then, the padding oracle attack will start decrypting bytes from the end to the start by guessing which will be the correct value that **creates a padding of 1, 2, 3, etc**.
![CBC decryption](https://assets.pentesterlab.com/padding_oracle/CBC_decryption.png)
![](<../.gitbook/assets/image (629).png>)
Imagine you have some encrypted text that occupies **2 blocks** formed by the bytes from **E0 to E15**.\
In order to **decrypt** the **last** **block** (**E8** to **E15**), the whole block passes through the "block cipher decryption" generating the **intermediary bytes I0 to I15**.\
@ -103,4 +101,4 @@ But if you BF the padding (using padbuster for example) you manage to get anothe
## References
* [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)
* [https://en.wikipedia.org/wiki/Block\_cipher\_mode\_of\_operation](https://en.wikipedia.org/wiki/Block\_cipher\_mode\_of\_operation)