Sākums Izpētīt Palīdzība
Pierakstīties
msc
/
PaddingOracles
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: bfabe20627
Atzari Tagi
PaddingOracles
/
code
/
poc_po1.py

poc_po1.py 1.0 KB
Vēsture Neapstrādāts

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. from base64 import b64encode, b64decode
    2. 

  2. from padd0r import PaddingOracle, Encoding
    3. 

  3. import requests
    4. 

  4. import logging
    5. 

  5. 

  6. # disable logging
    7. 

  7. logging.getLogger("requests").setLevel(logging.CRITICAL)
    8. 

  8. logging.getLogger("urllib3").setLevel(logging.WARNING)
    9. 

  9. 

  10. # Set the admin cookie!
    11. 

  11. admin_cookie = ""
    12. 

  12. 

  13. def oracle(ct):
    14. 

  14. 

  15.     url = "http://127.0.0.1:5000/po1"
    16. 

  16. 

  17.     data = {
    18. 

  18.         "auth":b64encode(ct)
    19. 

  19.     }
    20. 

  20. 

  21.     text = requests.get(url, cookies=data).text
    22. 

  22. 

  23.     # distinguish between a padding error and a valid padding
    24. 

  24.     # ....
    25. 

  25. 

  26. 

  27. 

  28.     # dont forget to return true on a valid padding and false on a wrong padding
    29. 

  29. 

  30. 

  31. def decrypt(cookie):
    32. 

  32.     #                   ciphertext
    33. 

  33.     #                           verbosity can be 1 or 2
    34. 

  34.     #                                       which encodings are realistic?
    35. 

  35.     #                                                               pass the oracle functions as parameter
    36. 

  36.     po = PaddingOracle(cookie, verbosity=1, encoding=Encoding.b64, oracle=oracle)
    37. 

  37.     po.set_output("hex")
    38. 

  38. 

  39.     # decrypt the blocks
    40. 

  40. 

  41. 

  42. 

  43. decrypt(admin_cookie)
    44.