Padding-oracle admin cookie, AES credential recover, and SUID SROP root
Advanced boot2root engagement: PadBuster forged an administrator session cookie; AES-CBC material from robots/iv.png and a secondary service recovered SSH creds; SUID binary buffer overflow / SROP yielded root.
- Case files
- Padding-oracle admin cookie, AES credential recover, and SUID SROP root
Web enum + padding oracle to admin; crypto/RE for SSH; SUID overflow to root — artifacts thm{hc0n_christmas_2019!!!} and thm{3xplo1t_my_m1nd}.
Identified Invalid padding; PadBuster forged admin cookie from robots username.
Recovered SSH foothold; exploited SUID hola via overflow/SROP; read root flag.
Engagement summary
Web enum + padding oracle to admin; crypto/RE for SSH; SUID overflow to root — artifacts thm{hc0n_christmas_2019!!!} and thm{3xplo1t_my_m1nd}.
HC0N CHRISTMAS CTF was an Advanced multi-discipline boot2root. Surface: HTTP (and related services) with registration that produced length-dependent session cookies; tampering returned Invalid padding — textbook CBC padding oracle. PadBuster against the hcon cookie with plaintext user=administratorhc0nwithyhackme (name from robots.txt) forged an admin session and exposed a secret key / next-stage material. Parallel paths recovered AES-CBC inputs (password from profile, IV from /iv.png referenced in robots, ciphertext from a secondary HTTP service) to decrypt SSH credentials. Hidden folders served a SUID binary (hola); reverse engineering and a buffer-overflow / SROP exploit escalated to root. User artifact thm{hc0n_christmas_2019!!!}; root artifact thm{3xplo1t_my_m1nd}. Engagement value: crypto oracle + RE + binary exploit in one client narrative.
Business impact
Padding-oracleable session cookies are remote account takeover without passwords. Splitting AES key/IV/ciphertext across “hidden” web paths is still public. SUID binaries without hardening (NX/ASLR/canaries) remain reliable root paths once a user foothold exists.
Padding oracle to administrator session
Identified Invalid padding; PadBuster forged admin cookie from robots username.
OPERATOR · CRYPTO
savvy@lab:~$ curl -s http://10.10.10.10/robots.txt
Disallow paths · administratorhc0nwithyhackme · /iv.png
savvy@lab:~$ padbuster http://10.10.10.10/index.php "$COOKIE" 8 -cookies "hcon=$COOKIE" -error "Invalid padding" -plaintext "user=administratorhc0nwithyhackme"
forged admin cookie → secret key / next stage
ORACLE NOTE
padding-oracle.txt
Symptom: cookie length tracks username; bit-flip → Invalid padding
Tool: PadBuster / similar CBC oracle client
Goal: plaintext user=<admin-from-robots>
Next: AES-CBC (pass + iv.png + ciphertext) → SSHSUID binary exploit to root
Recovered SSH foothold; exploited SUID hola via overflow/SROP; read root flag.
OPERATOR · PWN
savvy@lab:~$ ssh user@10.10.10.10
user flag: thm{hc0n_christmas_2019!!!}
savvy@lab:~$ ls -l /path/to/hola # SUID
-rwsr-xr-x ... hola
savvy@lab:~$ # overflow / SROP exploit → root shell
root@lab:~# cat /root/root.txt
thm{3xplo1t_my_m1nd}
Remediation
Use authenticated encryption (AES-GCM) or HMAC-protected cookies — never raw CBC without integrity. Remove padding oracle oracles (constant-time decrypt failures). Drop unnecessary SUID; compile with full RELRO/PIE/canary; audit custom binaries like production code.