Add padding oracle funcionality #10
1 changed files with 10 additions and 6 deletions
|
|
@ -40,7 +40,7 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
let q_block_count: u16 = 255;
|
let q_block_count: u16 = 255;
|
||||||
|
|
||||||
//Send the first ciphertext chunk
|
//Send the first ciphertext chunk
|
||||||
eprintln!("Sending Ciphertext chunk: {:002X?}", chunk);
|
//eprintln!("Sending Ciphertext chunk: {:002X?}", chunk);
|
||||||
stream.flush()?;
|
stream.flush()?;
|
||||||
stream.write_all(&chunk)?;
|
stream.write_all(&chunk)?;
|
||||||
stream.flush()?;
|
stream.flush()?;
|
||||||
|
|
@ -56,16 +56,20 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
//eprintln!("L_msg sent");
|
//eprintln!("L_msg sent");
|
||||||
|
|
||||||
// Generate attack blocks
|
// Generate attack blocks
|
||||||
|
// TODO: Collect all and send in one
|
||||||
|
let mut payload: Vec<u8> = vec![];
|
||||||
for j in 0..q_block_count {
|
for j in 0..q_block_count {
|
||||||
// Next byte
|
// Next byte
|
||||||
//eprintln!("Sending attack block: {:02X?}", attack_counter);
|
//eprintln!("Sending attack block: {:02X?}", attack_counter);
|
||||||
|
|
||||||
//thread::sleep(Duration::from_millis(1000));
|
//thread::sleep(Duration::from_millis(1000));
|
||||||
stream.write_all(&attack_counter)?;
|
payload.append(attack_counter.clone().as_mut());
|
||||||
stream.flush()?;
|
|
||||||
attack_counter[i as usize] += 1;
|
attack_counter[i as usize] += 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
stream.write_all(&payload)?;
|
||||||
|
stream.flush()?;
|
||||||
|
|
||||||
// Read server response
|
// Read server response
|
||||||
let mut buf = [0u8; 0xFF];
|
let mut buf = [0u8; 0xFF];
|
||||||
stream.read_exact(&mut buf)?;
|
stream.read_exact(&mut buf)?;
|
||||||
|
|
@ -73,19 +77,19 @@ pub fn padding_oracle(args: &Value) -> Result<Vec<u8>> {
|
||||||
|
|
||||||
// extract valid position
|
// extract valid position
|
||||||
let valid_val = buf.iter().position(|&r| r == 0x01).expect("No valid found") as u8;
|
let valid_val = buf.iter().position(|&r| r == 0x01).expect("No valid found") as u8;
|
||||||
//eprintln!("Valid value found: {:02X?}", valid_val);
|
eprintln!("Valid value found: {:02X?}", valid_val);
|
||||||
|
|
||||||
// Craft next attack vector padding; 0x01, 0x02, ...
|
// Craft next attack vector padding; 0x01, 0x02, ...
|
||||||
attack_counter[i as usize] = valid_val;
|
attack_counter[i as usize] = valid_val;
|
||||||
|
|
||||||
if chunk_counter + 1 < cipher_chunks.len() {
|
if chunk_counter + 1 < cipher_chunks.len() {
|
||||||
eprintln!("XOR Next Ciph block");
|
//eprintln!("XOR Next Ciph block");
|
||||||
plaintext.push(
|
plaintext.push(
|
||||||
cipher_chunks[chunk_counter + 1][i]
|
cipher_chunks[chunk_counter + 1][i]
|
||||||
^ (attack_counter[i as usize] ^ (15 - i as u8 + 1)),
|
^ (attack_counter[i as usize] ^ (15 - i as u8 + 1)),
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
eprintln!("XOR IV");
|
//seprintln!("XOR IV");
|
||||||
|
|
||||||
plaintext.push(iv[i] ^ (attack_counter[i as usize] ^ (15 - i as u8 + 1)));
|
plaintext.push(iv[i] ^ (attack_counter[i as usize] ^ (15 - i as u8 + 1)));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue