RSA Padding Oracle Attack

Hard Difficulty

Exploit weak RSA implementation with padding oracle vulnerability to decrypt sensitive information

Stage 1/3

Identify the vulnerability type in this RSA implementation:

// Server-side validation function function validate_padding($ciphertext) { $decrypted = rsa_decrypt($ciphertext); $padding = check_pkcs_padding($decrypted); if ($padding == "INVALID") { return "PADDING_ERROR"; } else if ($padding == "VALID") { return "DECRYPTION_OK"; } else { return "UNKNOWN_ERROR"; } }

Question: What type of oracle does this create?

Hint: The server reveals whether padding is valid or not

Learning Objectives

  • Understand RSA padding oracle attacks
  • Learn PKCS#1 v1.5 padding structure
  • Practice adaptive chosen ciphertext attacks
  • Implement padding validation exploitation
Back to CTF Portal Reset Challenge