1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- from base64 import b64encode, b64decode
- from padd0r import PaddingOracle, Encoding
- import requests
- import logging
- # disable logging
- logging.getLogger("requests").setLevel(logging.CRITICAL)
- logging.getLogger("urllib3").setLevel(logging.WARNING)
- # Set the admin cookie!
- admin_cookie = ""
- def oracle(ct):
- url = "http://127.0.0.1:5000/po1"
- data = {
- "auth":b64encode(ct).decode("utf-8")
- }
- text = requests.get(url, cookies=data).text
- # distinguish between a padding error and a valid padding
- # dont forget to return true on a valid padding and false on a wrong padding
- if "PaddingError" in text:
- return False
- return True
- ac = "jAJBizDAZZLtRw4WEM2Q4DFZeRbeQX791w5fis8Pyx2nXI8NpxpUHffLw67fIHEH+mrGDs81tyASQGKII6jyIq4u3iFYUap73xd4Xt+E0Cw5aJHuEc/OKNeCSQRrY6+nFcCg//304sx9y2wJDqT9pYOdxbGdca0OgmHSAzodx9g="
- def decrypt(cookie):
- # ciphertext
- # verbosity can be 1 or 2
- # which encodings are realistic?
- # pass the oracle functions as parameter
- po = PaddingOracle(cookie, BS=16, verbosity=2, encoding=Encoding.b64, oracle=oracle)
- po.set_output("hex")
- # decrypt the blocks
- po.decrypt_all_blocks()
- #po.decrypt_last_block()
- #po.decrypt_block_at_index(7)
- decrypt(ac)
|