Pentester Lab: Padding Oracle Walkthrough

This VM, provided by Pentester Lab, has a website vulnerable to padding oracle attack. Our goal is to exploit this vulnerability and login as admin.

1. I started doing an nmap, just to be sure that the isn´t anything interesting other than the website:

2. Now lets take a look at the website:

The website says that we should create an account first. This is because key only apears when you are logged in.

3. Using Burpsuite, we can intecept the server´s response and see how its look like:

As we can see, nothing special in the headers.

4. Now we create an account, login and check the headers again:

5. Now we have an authentication cookie auth=P0zsXgQRo2m9%2BhE4TAMIVlA0AwH%2Fb1S3

Kali has an utility called padbuster. With padbuster we can decrypt that key

6. Decryted value of auth key is user=hacker . So we can simply reencrypt now using the string user=admin

7. Now, using Burpsuit, intercept the request and change the auth cookie value with the new one.

8. Click forward and you are magicaly logged in as admin:

Thanks labpentest, it was a great learn.


Posts Destacados
Posts Recentes
Procure por Tags
Nenhum tag.
Siga
  • Google+ Long Shadow
  • Facebook Long Shadow
  • LinkedIn Long Shadow
  • Twitter Long Shadow