def decryption_oracle(ciphertext, iv):
plaintext = cbc_decrypt(ciphertext, oracle_key, iv)
try:
unpadded_data = pkcs7_unpad(bytes.fromhex(plaintext))
return True
except:
return False
def main():
print( base64.b64decode(rand_msg))
(ciphertext, iv) = encryption_oracle(base64.b64decode(rand_msg).hex())
assert True == decryption_oracle(ciphertext, iv)
plaintext = apply_injections(ciphertext, iv)
unpadded_plaintext = pkcs7_unpad(plaintext.encode())
print(f"Plaintext is \t\t{plaintext.encode()}\nUnpadded is \t\t{unpadded_plaintext}\n\n\n\n")
assert unpadded_plaintext == base64.b64decode(rand_msg)
def decryption_oracle(ciphertext):
plaintext = bytes.fromhex(cbc_decrypt(ciphertext, key, iv))
normal_plaintext = pkcs7_unpad(plaintext)
#print(plaintext)
cookie_data = normal_plaintext.split(b';')
for data in cookie_data:
try:
(pt_key, value) = (data.split(b'=')[0], data.split(b'=')[1])
if b"admin" == pt_key:
return (pt_key, value)
except IndexError:
pass
return 0