Pentester Lab: Padding Oracle

  • Name: Pentester Lab: Padding Oracle
  • Date release: 9 Dec 2016


(Size: 25 MB)

This course details the exploitation of a weakness in the authentication of a PHP website. The website uses Cipher Block Chaining (CBC) to encrypt information provided by users and use this information to ensure authentication. The application also leaks if the padding is valid when decrypting the information. We will see how this behaviour can impact the authentication and how it can be exploited.


  • Filename: padding_oracle.iso
  • File size: 25 MB
  • MD5: E1CC3F89F8204749F25F3ABEAB6665AB
  • SHA1: C72AF418218F82C07F607E5522C4EF747BCF9AF9

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign