You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -15,7 +15,14 @@ This is called a [_Padding Oracle Attack_](https://en.wikipedia.org/wiki/Padding
Of course, once you remove (and learn) the last byte of the plaintext, the second-to-last byte becomes the last byte, and you can attack it!
And when you recover the entire last block, you can simply discard it, making the second-to-last block the last block.
You'll need to slightly adjust this attack for the 16th byte of a block, since there is not padding at all, but I trust in your ability to do so!
So, what are you waiting for?
Go recover the flag!
----
**HINT:**
You'll need to slightly adjust this attack for the 16th byte of a block, since there is no padding at all initially, but I trust in your ability to do so!
**FUN FACT:**
The only way to prevent a Padding Oracle Attack is to avoid having a Padding Oracle.
Depending on the application, this can be surprisingly tricky: a failure state is hard to mask completely from the user/attacker of the application, and for some applications, the padding failure is the only source of an error state!
