Busting the padding oracle with PadBuster
Secure cryptosystems shouldn't reveal any plaintext-relevant information about encrypted messages. Oracle attacks are powerful demonstrations of how you don't need much seemingly meaningless information to end up with a full decrypted message. Our CryptOMG web app provides a challenge that can be defeated by exploiting a padding oracle: a system that gives us information about the validity of padding in a decryption process without revealing the key or message.
Interrogating the padding oracle
I load up the CryptOMG main page and select the first challenge (like last time, we're out to get /etc/passwd). On the test page, I see nothing of interest in the actual content of the page, so I examine the URL: http://192.168.108.106/ctf/challenge1/?&c=df2a17a3cf9a378137b2838d8a440bf8ce680f494a8d57c2805c72ad6ca34858.
Take a look at the c= field. That's 64 hexadecimal characters (256 bits). It's safe to say we're dealing with some sort of ciphertext. Again...
