Pentester Lab: Padding Oracle

  • Name: Pentester Lab: Padding Oracle
  • Date release: 9 Dec 2016

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 25 MB)

This course details the exploitation of a weakness in the authentication of a PHP website. The website uses Cipher Block Chaining (CBC) to encrypt information provided by users and use this information to ensure authentication. The application also leaks if the padding is valid when decrypting the information. We will see how this behaviour can impact the authentication and how it can be exploited.


  • Filename: padding_oracle.iso
  • File size: 25 MB
  • MD5: E1CC3F89F8204749F25F3ABEAB6665AB
  • SHA1: C72AF418218F82C07F607E5522C4EF747BCF9AF9

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign