rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!
hex, base64, base64urlUsing rustpad to attack a padding oracle is easy. It requires only 4 pieces of information to start:
--oracle)--decrypt)--block-size)web/script, see below); rustpad --help rustpad Multi-threaded Padding Oracle attacks against any service. USAGE: rustpad [OPTIONS] --block-size <block_size> --decrypt <decrypt> --oracle <oracle> <SUBCOMMAND> OPTIONS: -B, --block-size <block_size> Block size used by the cypher [possible values: 8, 16] -D, --decrypt <decrypt> Original cypher text, received from the target service, which is to be decrypted --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -E, --encrypt <encrypt> Plain text to encrypt. Encryption mode requires a cypher text to gather necessary data -h, --help Prints help information --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -O, --oracle <oracle> The oracle to question with forged cypher texts. This can be a URL or a shell script. See the subcommands `web --help` and `script --help` respectively for further help. -o, --output <output> File path to which log output will be written -t, --threads <threads> Amount of threads in the thread pool -V, --version Prints version information -v, --verbose Increase verbosity of logging SUBCOMMANDS: web Question a web-based oracle script Question a script-based oracle Web mode specifies that the oracle is located on the web. In other words, the oracle is a web server with a URL.
For a padding oracle attack to succeed, an oracle must say so if a cypher text with incorrect padding was provided. rustpad will analyse the oracle's responses and automatically calibrate itself to the oracle's behaviour.
; rustpad web --help rustpad-web Question a web-based oracle USAGE: rustpad --block-size <block_size> --decrypt <decrypt> --oracle <oracle> web [OPTIONS] OPTIONS: -c, --consider-body Consider the response body and content length when determining the web oracle's response to (in)correct padding -d, --data <data> Data to send in a POST request --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -h, --help Prints help information -H, --header <header>... HTTP header to send -k, --insecure Disable TLS certificate validation -K, --keyword <keyword> Keyword indicating the location of the cypher text in the HTTP request. It is replaced by the cypher text's value at runtime [default: CTEXT] --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -o, --output <output> File path to which log output will be written -x, --proxy <proxy> Proxy server to send web requests over. Supports HTTP(S) and SOCKS5 --proxy-credentials <proxy_credentials> Credentials to authenticate against the proxy server with [format: <user>:<pass>] -r, --redirect Follow 302 Redirects -t, --threads <threads> Amount of threads in the thread pool -T, --timeout <timeout> Web request timeout in seconds [default: 10] -A, --user-agent <user_agent> User-agent to identify with [default: rustpad/<version>] -v, --verbose Increase verbosity of logging Indicate the cypher text's location! See `--keyword` for clarification. Script mode was made for power users or CTF players
Scripts allow you to run attacks against local oracles or more exotic services. Or you can use script mode to customise and extend rustpad's features. However, if you're missing a feature, feel free to open an issue on GitHub!
; rustpad script --help rustpad-script Question a script-based oracle USAGE: rustpad --block-size <block_size> --decrypt <decrypt> --oracle <oracle> script [OPTIONS] OPTIONS: --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -h, --help Prints help information --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -o, --output <output> File path to which log output will be written -t, --threads <threads> Amount of threads in the thread pool -v, --verbose Increase verbosity of logging Script must respond with exit code 0 for correct padding, and any other code otherwise. Cypher text is passed as the 1st argument. rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!
hex, base64, base64urlUsing rustpad to attack a padding oracle is easy. It requires only 4 pieces of information to start:
--oracle)--decrypt)--block-size)web/script, see below); rustpad --help rustpad Multi-threaded Padding Oracle attacks against any service. USAGE: rustpad [OPTIONS] --block-size <block_size> --decrypt <decrypt> --oracle <oracle> <SUBCOMMAND> OPTIONS: -B, --block-size <block_size> Block size used by the cypher [possible values: 8, 16] -D, --decrypt <decrypt> Original cypher text, received from the target service, which is to be decrypted --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -E, --encrypt <encrypt> Plain text to encrypt. Encryption mode requires a cypher text to gather necessary data -h, --help Prints help information --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -O, --oracle <oracle> The oracle to question with forged cypher texts. This can be a URL or a shell script. See the subcommands `web --help` and `script --help` respectively for further help. -o, --output <output> File path to which log output will be written -t, --threads <threads> Amount of threads in the thread pool -V, --version Prints version information -v, --verbose Increase verbosity of logging SUBCOMMANDS: web Question a web-based oracle script Question a script-based oracle Web mode specifies that the oracle is located on the web. In other words, the oracle is a web server with a URL.
For a padding oracle attack to succeed, an oracle must say so if a cypher text with incorrect padding was provided. rustpad will analyse the oracle’s responses and automatically calibrate itself to the oracle’s behaviour.
; rustpad web --help rustpad-web Question a web-based oracle USAGE: rustpad --block-size <block_size> --decrypt <decrypt> --oracle <oracle> web [OPTIONS] OPTIONS: -c, --consider-body Consider the response body and content length when determining the web oracle's response to (in)correct padding -d, --data <data> Data to send in a POST request --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -h, --help Prints help information -H, --header <header>... HTTP header to send -k, --insecure Disable TLS certificate validation -K, --keyword <keyword> Keyword indicating the location of the cypher text in the HTTP request. It is replaced by the cypher text's value at runtime [default: CTEXT] --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -o, --output <output> File path to which log output will be written -x, --proxy <proxy> Proxy server to send web requests over. Supports HTTP(S) and SOCKS5 --proxy-credentials <proxy_credentials> Credentials to authenticate against the proxy server with [format: <user>:<pass>] -r, --redirect Follow 302 Redirects -t, --threads <threads> Amount of threads in the thread pool -T, --timeout <timeout> Web request timeout in seconds [default: 10] -A, --user-agent <user_agent> User-agent to identify with [default: rustpad/<version>] -v, --verbose Increase verbosity of logging Indicate the cypher text's location! See `--keyword` for clarification. Script mode was made for power users or CTF players
Scripts allow you to run attacks against local oracles or more exotic services. Or you can use script mode to customise and extend rustpad‘s features. However, if you’re missing a feature, feel free to open an issue on GitHub!
; rustpad script --help rustpad-script Question a script-based oracle USAGE: rustpad --block-size <block_size> --decrypt <decrypt> --oracle <oracle> script [OPTIONS] OPTIONS: --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -h, --help Prints help information --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -o, --output <output> File path to which log output will be written -t, --threads <threads> Amount of threads in the thread pool -v, --verbose Increase verbosity of logging Script must respond with exit code 0 for correct padding, and any other code otherwise. Cypher text is passed as the 1st argument. Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment