# TU CTF – Pet Padding Inc.

A web challenge worth 150 points, with description

We believe a rouge whale stole some data from us and hid it on this website. Can you tell us what it stole?

http://104.196.60.112/

Visiting the site, we see that there is a cookie youCantDecryptThis. Alright… lets try to fiddle with it.

We run the following command
and we observe that there is an error which is not present compared to

when running it with the correct cookie is set, i.e.,

Clearly, this is a padding error (actually, there is an explicit padding error warning but it is not shown by curl). OK, so decryption can be done by a simple padding oracle attack. This attack is rather simple to implement (basically, use the relation $P_i = D_K(C_i) \oplus C_{i-1}$ and the definition of PCKS padding, see the wikipedia page for a better explanation), but I decided to use PadBuster. The following (modified example) code finds the decryption:

def __init__(self, **kwargs):
self.session = requests.Session()
self.wait = kwargs.get('wait', 2.0)

def oracle(self, data, **kwargs):

while 1:
try:
response = self.session.get('http://104.196.60.112',
stream=False, timeout=5, verify=False)
break
except (socket.error, requests.exceptions.RequestException):
logging.exception('Retrying request in %.2f seconds...', self.wait)
time.sleep(self.wait)
continue

self.history.append(response)
return