The CBC padding oracle is a very famous attack. We have an oracle function that takes in a ciphertext and decrypts it, returning
True if the plaintext is padded properly.
The process behind the attack on each block is:
This is my first writeup, written in 2015 in Word and back-dated
Last weekend, I took to some haxxoring in the NSA Cybersprint Competition, a Capture-The-Flag that took place on a simulated corporate network infrastructure.
Here’s what it was like.