search

digininja / DVWA

Damn Vulnerable Web Application (DVWA)
GNU General Public License v3.0
10.36k stars 3.64k forks source link

oracle padding #646

Closed vivekdeva212 closed 3 months ago

vivekdeva212 commented 3 months ago

HELLO IS IT SUPPORT FOR ORACLE PADDING

digininja commented 3 months ago

Is what support for oracle padding?

vivekdeva212 commented 3 months ago

HELLO SIR I NEED ORACLE PADDING WITH VULNERBLE WEBAPPLICATION WILL YOU GUIDE ME AND SHARE ME

On Tue, Aug 13, 2024 at 2:23 AM Robin Wood @.***> wrote:

Is what support for oracle padding?

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284887584, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJMBQIM4TQ47GGSIQARSAHLZREOFNAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4DONJYGQ . You are receiving this because you authored the thread.Message ID: @.***>

digininja commented 3 months ago

Stop with the all capitals!

Have you looked at this?

https://cryptopals.com/sets/3/challenges/17

On Mon, 12 Aug 2024, 21:58 vivekdeva212, @.***> wrote:

HELLO SIR I NEED ORACLE PADDING WITH VULNERBLE WEBAPPLICATION WILL YOU GUIDE ME AND SHARE ME

On Tue, Aug 13, 2024 at 2:23 AM Robin Wood @.***> wrote:

Is what support for oracle padding?

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284887584, or unsubscribe < https://github.com/notifications/unsubscribe-auth/BJMBQIM4TQ47GGSIQARSAHLZREOFNAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4DONJYGQ>

. You are receiving this because you authored the thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284894237, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWNDHGGZQXIF7UE43ATZREOWVAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4TIMRTG4 . You are receiving this because you commented.Message ID: @.***>

vivekdeva212 commented 3 months ago

Sorry sir for my Captial letters . I seen you sent link sir thank you forcyou reply I need program sir exact this one to recover my lost btc wallet.dat I have inside wallet 0.2 btc I lost my password so trying this oracle method it will possible to get back please help

On Tue, 13 Aug 2024, 3:09 am Robin Wood, @.***> wrote:

Stop with the all capitals!

Have you looked at this?

https://cryptopals.com/sets/3/challenges/17

On Mon, 12 Aug 2024, 21:58 vivekdeva212, @.***> wrote:

HELLO SIR I NEED ORACLE PADDING WITH VULNERBLE WEBAPPLICATION WILL YOU GUIDE ME AND SHARE ME

On Tue, Aug 13, 2024 at 2:23 AM Robin Wood @.***> wrote:

Is what support for oracle padding?

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284887584,

or unsubscribe <

https://github.com/notifications/unsubscribe-auth/BJMBQIM4TQ47GGSIQARSAHLZREOFNAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4DONJYGQ>

. You are receiving this because you authored the thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284894237, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAA4SWNDHGGZQXIF7UE43ATZREOWVAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4TIMRTG4>

. You are receiving this because you commented.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284950915, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJMBQING5KC3FBI7L7NRY7TZRETP7AVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHE2TAOJRGU . You are receiving this because you authored the thread.Message ID: @.***>

digininja commented 3 months ago

No it won't be possible unless the wallet was very badly written using technology which has been known to have serious security issue for many years.

On Mon, 12 Aug 2024, 22:45 vivekdeva212, @.***> wrote:

Sorry sir for my Captial letters . I seen you sent link sir thank you forcyou reply I need program sir exact this one to recover my lost btc wallet.dat I have inside wallet 0.2 btc I lost my password so trying this oracle method it will possible to get back please help

On Tue, 13 Aug 2024, 3:09 am Robin Wood, @.***> wrote:

Stop with the all capitals!

Have you looked at this?

https://cryptopals.com/sets/3/challenges/17

On Mon, 12 Aug 2024, 21:58 vivekdeva212, @.***> wrote:

HELLO SIR I NEED ORACLE PADDING WITH VULNERBLE WEBAPPLICATION WILL YOU GUIDE ME AND SHARE ME

On Tue, Aug 13, 2024 at 2:23 AM Robin Wood @.***> wrote:

Is what support for oracle padding?

— Reply to this email directly, view it on GitHub < https://github.com/digininja/DVWA/issues/646#issuecomment-2284887584>,

or unsubscribe <

https://github.com/notifications/unsubscribe-auth/BJMBQIM4TQ47GGSIQARSAHLZREOFNAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4DONJYGQ>

. You are receiving this because you authored the thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284894237,

or unsubscribe <

https://github.com/notifications/unsubscribe-auth/AAA4SWNDHGGZQXIF7UE43ATZREOWVAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHA4TIMRTG4>

. You are receiving this because you commented.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284950915, or unsubscribe < https://github.com/notifications/unsubscribe-auth/BJMBQING5KC3FBI7L7NRY7TZRETP7AVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHE2TAOJRGU>

. You are receiving this because you authored the thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2284958015, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWMUEDA6VOIQPPUH6JDZREUGNAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBUHE2TQMBRGU . You are receiving this because you commented.Message ID: @.***>

vivekdeva212 commented 3 months ago

Hello sir doing blocks in reverse order 3 2 1 and padding scheme for block 3 is padding with 03 03 03 and block 2 no padding and block 1 padding with 04 04 04 04 it will derive aes key with that key decrypt all cipher blocks in wallet.dat and save that decrypted wallet inside garble data we find passpharae sir and if we impleme t length extension also it will forge hashes and saved data also we get passpharse sir I have seen this exact method one devloper did successfully old wallets has vulnerable he told so I hope its possible sir so please share me time program sir

On Tue, 13 Aug 2024, 3:28 am Robin Wood, @.***> wrote:

Closed #646 https://github.com/digininja/DVWA/issues/646 as completed.

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#event-13855167950, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJMBQILVL5LFPMVSMVVP35TZREVYTAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJTHA2TKMJWG44TKMA . You are receiving this because you authored the thread.Message ID: @.***>

digininja commented 3 months ago

This is a very specific attack against a proven weak encryption setup that would not have been used in a crypto wallet. If it were this easy to recover the key wallets would be being hacked all over the place.

You are not going to get the key back this way.

The only advice I can give you now is to use something like this going forward to avoid getting into the situation in the future.

https://www.crashplan.com/

On Tue, 13 Aug 2024, 04:30 vivekdeva212, @.***> wrote:

Hello sir doing blocks in reverse order 3 2 1 and padding scheme for block 3 is padding with 03 03 03 and block 2 no padding and block 1 padding with 04 04 04 04 it will derive aes key with that key decrypt all cipher blocks in wallet.dat and save that decrypted wallet inside garble data we find passpharae sir and if we impleme t length extension also it will forge hashes and saved data also we get passpharse sir I have seen this exact method one devloper did successfully old wallets has vulnerable he told so I hope its possible sir so please share me time program sir

On Tue, 13 Aug 2024, 3:28 am Robin Wood, @.***> wrote:

Closed #646 https://github.com/digininja/DVWA/issues/646 as completed.

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#event-13855167950, or unsubscribe < https://github.com/notifications/unsubscribe-auth/BJMBQILVL5LFPMVSMVVP35TZREVYTAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJTHA2TKMJWG44TKMA>

. You are receiving this because you authored the thread.Message ID: @.***>

— Reply to this email directly, view it on GitHub https://github.com/digininja/DVWA/issues/646#issuecomment-2285274347, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWJJJ6OXYSM65C4URO3ZRF4WTAVCNFSM6AAAAABMM5IQVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOBVGI3TIMZUG4 . You are receiving this because you modified the open/close state.Message ID: @.***>