hello everyone,

I am on various irc networks and i have been seeing people ask about what is the Padded Oracle Exploit Attack, how does it work, and what are
some available tools to help us in exploiting/testing this vulnerability. Well i decided to post a few links for everyone so that they might read up
more on this great vulnerability and test out some of the great tools available to us.

For your information backtrack does carry 'padBuster.pl' which is a perl script that will help you encrypt/decrypt you sample encrypted string.

This is a great tool and can be extremely helpful, and if anyone has anyone questions on usage i would be more than happy to try and help out.
Here is a great link to help you get started using padBuster.pl and for a better understanding of the Padded Oracle Exploit vulnerability.


http://blog.gdssecurity.com/labs/201...padbuster.html

There is another tool that i am hoping that will be added to either the backtrack repo's or be a default app on this great distro. This apps name is
called "POET" and stands for Padding Oracle Exploit Tool, this is a gui app written in the javascript langauge and was written by the gentlemen
responsible for discovering the exploit.

Here is the link to download the javascript application: http://netifera.com/research/

I know that some people are more comfortable using gui apps than they are using command line applications, and if you fall in this category then
POET is the application for you, and it is decently fast considering the work the application must do.

One more perl app that i would like to request codes hand in hand with the padBuster.pl perl app is a perl script called web.config_bruter.pl

This Perl script goes hand in hand with the Perl script padBuster.pl Basically in a brief sense this perl script -> "web.conf_bruter.pl" basically works with padBuster.pl to generate a payload that can be used to gain access to the encrypted query.

You can find the web.conf_bruter.pl Perl script here: http://www.exploit-db.com/exploits/15213/

There are a few videos on youtube to help you use these apps, so be sure to look for help there or if you have any questions i would be happy to
help out.

Well i hope this helps some people out and maybe these apps will be added to BT and if not you can always just download them from the links
provided up above.

I would like to take this time to thank the great people at BT, what you guys do is amazing, and have completely changed the area of computer
security for the better. Thank you again.

Thats it... I hope you have found this helpful.