A multi-threaded what now?
rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding Oracle vulnerability to decrypt any cypher text or encrypt arbitrary plain text without knowing the encryption key!
- Decryption of cypher texts
- Encryption of arbitrary plain text
- Multi-threading on both block and byte level
- Modern, real-time and interactive TUI!
- No-TTY support, so you can just pipe output to a file
- Supports Web server oracles…
- … and Script-based oracles. For when you need just that extra bit of control.
- Automated calibration of web oracle’s (in)correct padding response
- Progress bar and automated retries
- Smart detection of cypher text encoding, supporting:
hex,base64,base64url - No IV support
- Written in purely safe Rust, making sure you don’t encounter nasty crashes
Using rustpad to attack a padding oracle is easy. It requires only 4 pieces of information to start:
- target oracle (
--oracle) - cypher text to decrypt (
--decrypt) - block size (
--block-size) - type of oracle (
web/script, see below)
<div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="; rustpad –help rustpad Multi-threaded Padding Oracle attacks against any service. USAGE: rustpad [OPTIONS] –block-size <block_size> –decrypt <decrypt> –oracle <oracle> <SUBCOMMAND> OPTIONS: -B, –block-size <block_size> Block size used by the cypher [possible values: 8, 16] -D, –decrypt <decrypt> Original cypher text, received from the target service, which is to be decrypted –delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, –encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -E, –encrypt <encrypt> Plain text to encrypt. Encryption mode requires a cypher text to gather necessary data -h, –help Prints help information –no-cache Disable reading and writing to the cache file -n, –no-iv Cypher text does not include an Initialisation Vector –no-url-encode Disable URL encoding and decoding of cypher text -O, –oracle <oracle> The oracle to question with forged cypher texts. This can be a URL or a shell script. See the subcommands `web –help` and `script –help` respectively for further help. -o, –output <output> File path to which log output will be written -t, –threads <threads> Amount of threads in the thread pool -V, –version Prints version information -v, –verbose Increase verbosity of logging SUBCOMMANDS: web Question a web-based oracle script Question a script-based oracle”>
; rustpad --help rustpad Multi-threaded Padding Oracle attacks against any service. USAGE: rustpad [OPTIONS] --block-size <block_size> --decrypt <decrypt> --oracle <oracle> <SUBCOMMAND> OPTIONS: -B, --block-size <block_size> Block size used by the cypher [possible values: 8, 16] -D, --decrypt <decrypt> Original cypher text, received from the target service, which is to be decrypted --delay <delay> Delay between requests within a thread, in milliseconds [default: 0] -e, --encoding <encoding> Specify encoding used by the oracle to encode the cypher text [default: auto] [possible values: auto, base64, base64url, hex] -E, --encrypt <encrypt> Plain text to encrypt. Encryption mode requires a cypher text to gather necessary data -h, --help Prints help information --no-cache Disable reading and writing to the cache file -n, --no-iv Cypher text does not include an Initialisation Vector --no-url-encode Disable URL encoding and decoding of cypher text -O, --oracle <oracle> The oracle to question with forged cypher texts. This can be a URL or a shell script. See the subcommands `web --help` and `script --help` respectively for further help. -o, --output <output> File path to which log output will be written -t, --threads <threads> Amount of threads in the thread pool -V, --version Prints version information -v, --verbose Increase verbosity of logging SUBCOMMANDS: web Question a web-based oracle script Question a script-based oracle