An attacker discovers a padding vulnerability.

Breaking Crypto – Padding Oracle Attacks

BlogLeave a comment

Overview This post presents a lab-based demonstration of a padding oracle attack targeting AES-CBC with PKCS#7 padding. The aim is to illustrate how an oracle that reveals padding errors can be leveraged to decrypt ciphertext—and even encrypt arbitrary plaintext—within a controlled environment, using publicly available tooling.https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC) A “Padding Oracle” tells you whether or not the…

Attacker discovers that ECB is in use to generate password reset tokens.

Breaking Crypto – Known Plaintext Attack on ECB – Abuse Password Reset for Account Takeover

BlogLeave a comment

OverviewThis write-up demonstrates a known-plaintext attack against AES-ECB within a controlled lab environment. It showcases how predictable password reset codes in ECB mode can be exploited to forge valid tokens and hijack accounts. The key objective of this lab is to highlight how misuse of ECB mode in sensitive operations—like password resets—can lead to account…

XXE in File Upload via Metadata

BlogLeave a comment

OverviewThis post demonstrates an XML External Entity (XXE) injection in a lab environment through a .docx file upload. The purpose of this exercise is to show how XML metadata parsing can be abused if secure parser configurations are not applied. ObservationsWhen uploading a .docx resume, the application returned the “Test Title” field from docProps/core.xml. This…