## Set of Challanges for exploiting Padding Oracle Vulnerabilities


In this set of challanges, a basic Web Application is given. A user can login to this application with the following credentials:
```
user:password
```
Every user has priviledges in form of an integer, stored in the encrypted cookie. Solve the following Challanges.

### Challange 1 - Basic CBC Padding Oracle

Objective: Find the secret stored in the cookie.

__URL:__ [http://127.0.0.1:5000/po1](http://127.0.0.1:5000/po1)


### Challange 2 - A little more Effort

Objective: Find the secret information of the root user (Access Rights: 1337).

__URL:__ [http://127.0.0.1:5000/po2](http://127.0.0.1:5000/po2)


### Challange 3 - Timing is everything...

Objective: Find the secret stored in the cookie.

__URL:__ [http://127.0.0.1:5000/po3](http://127.0.0.1:5000/po3)