Saturday, August 30, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 34   
  • · Total Members: 15,976
  • · Newest Member: 3mber
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override » The Articles Section » Security Tutorials
    Diving into Oracle Padding Attack
    Register FAQ Members List Today's Posts Search

    Print Thread
    03-17-2014 01:40 PM Diving into Oracle Padding Attack | Edited by ne011 05-26-2014 01:20 PM
    I wanna share my experience , regarding an audit of Asp.net application. When i observed thoroughly I found that the application was vulnerable to Oracle padding attack .

    I did some research and found out the following links to be very useful to do the exploitation. Initially as i read according to wiki it says:

    In cryptography, the padding oracle attack is an attack on the CBC mode of operation, where the “oracle” (usually a server) leaks data about whether the padding of an encrypted message is correct or not.This can allow attackers to decrypt (and sometimes encrypt) messages through the oracle using the oracle’s key, without knowing the encryption key. it can be detected manually viewing the source and following webresource.axd?d=[hash] or by using a script :

    http://blog.dotsmart.net/2010/09/22/asp-net-padding-oracle-detector/-detector/

    I searched for exploiting the vulnerability using padbuster perl script.

    https://github.com/GDSSecurity/PadBuster/blob/master/padBuster.pldBuster.pl
    http://blog.gdssecurity.com/labs/2010/9/14/automated-padding-oracle-attacks-with-padbuster.htmluster.html

    Only the specific perl set up works for that padbuster :
    http://strawberry-perl.googlecode.com/files/strawberry-perl-5.12.3.0.msi12.3.0.msi

    (Note : active perl doesn’t work in this case)

    The link below provides the details how to proceed:
    http://www.securitylearn.net/tag/padding-oracle-attack/le-attack/

    Our Objective is to get some juicy info inside web.config file in the application.
    The video by xcd3 explains the scenario of the application when the padding was successful.

    https://www.youtube.com/watch?v=tlCRivo8Sis


    After that i managed to successfully exploit and get the web.config information.



    Next question arise how to mitigate this vulnerability :

    A patch was released by Microsoft after Juliano Rizzo and Thai Duong discovered the vulnerability which is to be found in the links below.

    (1). http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspxlable.aspx
    (2). http://technet.microsoft.com/en-us/security/bulletin/MS10-070n/MS10-070
    (3). http://www.subodh.com/Blog/PostID/116/DotNetNuke-ASP-NET-Security-Vulnerability-Fixbility-Fix
    (4). https://www.owasp.org/index.php/ASP.NET_POET_Vulnerabilitynerability
    (5). https://devcentral.f5.com/weblogs/macvittie/archive/2010/10/01/f5-friday-mitigating-the-lsquopadding-oraclersquo-exploit-for-asp.net.aspxp.net.aspx

    I have piled up whatever is needed. Hope this information will help those who are looking for exploiting Oracle Padding Attack.

    Disclaimer : Please do not attempt in any live environments without permission. This is for Educational purposes only.
    "Every great story on the planet happened when someone decided
    not to give up, but kept going no matter what.
    "
    – Spryte Loriano
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard