{"id":33343,"date":"2023-05-28T23:04:35","date_gmt":"2023-05-28T15:04:35","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=33343"},"modified":"2023-05-28T23:04:36","modified_gmt":"2023-05-28T15:04:36","slug":"padre-padding-oracle-attack-exploiter-tool","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2023\/05\/padre-padding-oracle-attack-exploiter-tool\/","title":{"rendered":"padre &#8211; Padding Oracle Attack Exploiter Tool"},"content":{"rendered":"\n<p><em>padre<\/em>\u00a0is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.<\/p>\n\n\n\n<p>In many cryptographic systems, especially those that use block cyphers (like AES), data must be divided into blocks of a specific size. If the data doesn&#8217;t fit neatly into this block size, it must be &#8220;padded&#8221; with extra bits to fill out the remaining space. This padding must be done in a specific way so it can be identified and removed when the data is decrypted.<\/p>\n\n\n\n<p>So in this attack type, we don&#8217;t know the key &#8211; but we do have access to a system that does know the key (the oracle) and we can leverage information from that system to decrypt the block.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"904\" height=\"441\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2023\/05\/padre-Padding-Oracle-Exploiter-Attack-Tool.png\" alt=\"\" class=\"wp-image-39338\" srcset=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2023\/05\/padre-Padding-Oracle-Exploiter-Attack-Tool.png 904w, https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2023\/05\/padre-Padding-Oracle-Exploiter-Attack-Tool-640x312.png 640w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure>\n\n\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n\n\n\n<p>Features:<\/p>\n\n\n\n<ul>\n<li>blazing fast, concurrent implementation<\/li>\n\n\n\n<li>decryption of tokens<\/li>\n\n\n\n<li>encryption of arbitrary data<\/li>\n\n\n\n<li>automatic fingerprinting of padding oracles<\/li>\n\n\n\n<li>automatic detection of cipher block length<\/li>\n\n\n\n<li>HINTS! if failure occurs during operations, padre will hint you about what can be tweaked to succeed<\/li>\n\n\n\n<li>supports tokens in GET\/POST parameters, Cookies<\/li>\n\n\n\n<li>flexible specification of encoding rules (base64, hex, etc.)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Usage for padre &#8211; Padding Oracle Attack Tool<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>Usage: padre &#091;OPTIONS] &#091;INPUT]\n\nINPUT: \n\tIn decrypt mode: encrypted data\n\tIn encrypt mode: the plaintext to be encrypted\n\tIf not passed, will read from STDIN\n\tNOTE: binary data is always encoded in HTTP. Tweak encoding rules if needed (see options: -e, -r)\nOPTIONS:\n-u *required*\n\ttarget URL, use $ character to define token placeholder (if present in URL)\n-enc Encrypt mode\n-err Regex pattern, HTTP response bodies will be matched against this to detect padding oracle. Omit to perform automatic fingerprinting\n-e Encoding to apply to binary data. Supported values:\n\t\tb64 (standard base64) *default*\n\t\tlhex (lowercase hex)\n-r Additional replacements to apply after encoding binary data. Use odd-length strings, consiting of pairs of characters &lt;OLD>&lt;NEW>.\n\tExample:\n\t\tIf server uses base64, but replaces '\/' with '!', '+' with '-', '=' with '~', then use -r \"\/!+-=~\"\n-cookie Cookie value to be set in HTTP requests. Use $ character to mark token placeholder.\n-post String data to perform POST requests. Use $ character to mark token placeholder. \n-ct Content-Type for POST requests. If not specified, Content-Type will be determined automatically.\n-b Block length used in cipher (use 16 for AES). Omit to perform automatic detection. Supported values:\n\t\t8\n\t\t16 *default*\n\t\t32\n-p Number of parallel HTTP connections established to target server &#091;1-256]\n\t\t30 *default*\t\t\n-proxy HTTP proxy. e.g. use -proxy \"http:\/\/localhost:8080\" for Burp or ZAP<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Impact of padding Oracles<\/h2>\n\n\n\n<ul>\n<li>disclosing encrypted session information<\/li>\n\n\n\n<li>bypassing authentication<\/li>\n\n\n\n<li>providing fake tokens that the server will trust<\/li>\n\n\n\n<li>generally, a broad extension of attack surface<\/li>\n<\/ul>\n\n\n\n<p>You can download padre here:<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/glebarez\/padre\/archive\/refs\/tags\/v2.1.0.zip\">padre-v2.1.0.zip<\/a><\/p>\n\n\n\n<p>Or read more <a href=\"https:\/\/github.com\/glebarez\/padre\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>padre\u00a0is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.<\/p>\n","protected":false},"author":25,"featured_media":39338,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"padre - Padding Oracle Attack Tool Advanced Exploiter","_seopress_titles_desc":"padre\u00a0is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[9],"tags":[],"featured_image_src":"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2023\/05\/padre-Padding-Oracle-Exploiter-Attack-Tool-600x400.png","featured_image_src_square":"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2023\/05\/padre-Padding-Oracle-Exploiter-Attack-Tool-600x441.png","author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/33343"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=33343"}],"version-history":[{"count":18,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/33343\/revisions"}],"predecessor-version":[{"id":39352,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/33343\/revisions\/39352"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media\/39338"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=33343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=33343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=33343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}