Case file

Padding-oracle admin cookie, AES credential recover, and SUID SROP root

Advanced boot2root engagement: PadBuster forged an administrator session cookie; AES-CBC material from robots/iv.png and a secondary service recovered SSH creds; SUID binary buffer overflow / SROP yielded root.

Advanced30 minPadding Oracle · Cryptography · Reverse Engineering · Binary Exploitation
01

Engagement summary

Web enum + padding oracle to admin; crypto/RE for SSH; SUID overflow to root — artifacts thm{hc0n_christmas_2019!!!} and thm{3xplo1t_my_m1nd}.

HC0N CHRISTMAS CTF was an Advanced multi-discipline boot2root. Surface: HTTP (and related services) with registration that produced length-dependent session cookies; tampering returned Invalid padding — textbook CBC padding oracle. PadBuster against the hcon cookie with plaintext user=administratorhc0nwithyhackme (name from robots.txt) forged an admin session and exposed a secret key / next-stage material. Parallel paths recovered AES-CBC inputs (password from profile, IV from /iv.png referenced in robots, ciphertext from a secondary HTTP service) to decrypt SSH credentials. Hidden folders served a SUID binary (hola); reverse engineering and a buffer-overflow / SROP exploit escalated to root. User artifact thm{hc0n_christmas_2019!!!}; root artifact thm{3xplo1t_my_m1nd}. Engagement value: crypto oracle + RE + binary exploit in one client narrative.

Business impact

Padding-oracleable session cookies are remote account takeover without passwords. Splitting AES key/IV/ciphertext across “hidden” web paths is still public. SUID binaries without hardening (NX/ASLR/canaries) remain reliable root paths once a user foothold exists.

02

Padding oracle to administrator session

Identified Invalid padding; PadBuster forged admin cookie from robots username.

OPERATOR · CRYPTO

savvy@lab:~$ curl -s http://10.10.10.10/robots.txt

Disallow paths · administratorhc0nwithyhackme · /iv.png

savvy@lab:~$ padbuster http://10.10.10.10/index.php "$COOKIE" 8 -cookies "hcon=$COOKIE" -error "Invalid padding" -plaintext "user=administratorhc0nwithyhackme"

forged admin cookie → secret key / next stage

ORACLE NOTE

padding-oracle.txt

Symptom: cookie length tracks username; bit-flip → Invalid padding
Tool:    PadBuster / similar CBC oracle client
Goal:    plaintext user=<admin-from-robots>
Next:    AES-CBC (pass + iv.png + ciphertext) → SSH
03

SUID binary exploit to root

Recovered SSH foothold; exploited SUID hola via overflow/SROP; read root flag.

OPERATOR · PWN

savvy@lab:~$ ssh user@10.10.10.10

user flag: thm{hc0n_christmas_2019!!!}

savvy@lab:~$ ls -l /path/to/hola # SUID

-rwsr-xr-x ... hola

savvy@lab:~$ # overflow / SROP exploit → root shell

root@lab:~# cat /root/root.txt

thm{3xplo1t_my_m1nd}

Remediation

Use authenticated encryption (AES-GCM) or HMAC-protected cookies — never raw CBC without integrity. Remove padding oracle oracles (constant-time decrypt failures). Drop unnecessary SUID; compile with full RELRO/PIE/canary; audit custom binaries like production code.