A script to perform padding oracle attack against IBM Websphere Commerce (CVE-2013-05230) - written by Khai Tran https://twitter.com/ktranfosec
- Ron Bowes' poracle framework: https://github.com/iagox86/poracle
- Meh's threadpool library: https://github.com/meh/ruby-thread thread
- Florian Pilz's micro-optparse: https://github.com/florianpilz/micro-optparse
- John Nunemaker's Httparty https://github.com/jnunemaker/httparty
bundle install
On Kali Linux you may want to run apt-get install ruby-dev
first when encounter this error:
/usr/bin/ruby1.9.1 extconf.rb
/usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- mkmf (LoadError)
from /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require'
from extconf.rb:4:in `<main>'
-s, --sort Sort temporary results
-v, --verboseShow debug messages
-t, --threads SIZE Set threadpool size
-f, --file FILE Save temporary results to file
-h, --help Show this message
ruby KryptoTestServer.rb
ruby DeKryptoDemo.rb -v -f decrypted.txt โt 10
initialize()
-> change target URLattempt_decrypt()
-> Success/Fail condition