-
Notifications
You must be signed in to change notification settings - Fork 24
/
RemoteTestServer.rb
49 lines (40 loc) · 1.27 KB
/
RemoteTestServer.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# encoding: ASCII-8BIT
##
# RemoteTestServer
# Created: December 10, 2012
# By: Ron Bowes
#
# A very simple application that is vulnerable to a padding oracle
# attack. A Sinatra app with two paths - /encrypt and /decrypt. /encrypt
# sends data encrypted with the current key, and /decrypt attempts to
# decrypt it but only reveals whether or not it was successful.
##
require 'base64'
require 'openssl'
require 'sinatra'
set :port, 20222
# Note: Don't actually generate keys like this!
KEY = (1..32).map{rand(255).chr}.join
get '/encrypt' do
text = "SkullSpace is a hackerspace in Winnipeg, founded December 2010. SkullSpace is a place for hackers, builders, programmers, artists, and anybody interested in how stuff works to gather in a common place and help focus their knowledge and creativity."
c = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
c.encrypt
c.key = KEY
return (c.update(text) + c.final).unpack("H*")
end
get(/\/decrypt\/([a-fA-F0-9]+)/) do |data|
begin
data = [data].pack("H*")
c = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
c.decrypt
c.key = KEY
result = c.update(data)
result += c.final
puts("Result: \"%s\"" % result.unpack('H*'))
puts('SUCCESS')
return "Success!"
rescue
puts('FAIL')
return "Fail!"
end
end