Set of Challanges for exploiting Padding Oracle Vulnerabilities

In this set of challanges, a basic Web Application is given. A user can login to this application with the following credentials:

user:password

Every user has priviledges in form of an integer, stored in the encrypted cookie. Solve the following Challanges.

Challange 1 - Basic CBC Padding Oracle

Objective: Find the secret stored in the cookie.

URL: http://127.0.0.1:5000/po1

Challange 2 - A little more Effort

Objective: Find the secret information of the root user (Access Rights: 1337).

URL: http://127.0.0.1:5000/po2

Challange 3 - Timing is everything…

Objective: Find the secret stored in the cookie.

URL: http://127.0.0.1:5000/po3