First off, my anal retentive side simply *MUST* correct you: It's "padding oracle". An "oracle" is a system which provides answers to specific types of questions. In cryptography, there is a concept of "padding", extra data appended to the unencrypted message to satisfy the length requirements of a block cipher, which requires that data it is encrypting is to be of a certain length. A padding oracle normally only will reveal if an encrypted message, when decrypted, is properly padded. Vaudenay presented at EUROCRYPT that with PKCS#5 padding, a padding oracle can actually be used as a decryption oracle, given the ability to make lots of submissions to the padding oracle. This allows us to decrypt arbitrary data using a padding oracle. Thai Duong and Juliano Rizzo applied this theoretical attack in a practical way: against Web applications. They also presented a way of using padding oracles as encryption oracles, allowing encryption of arbitrary data. The ASP.NET framework not only had padding oracle flaws, it used PKCS#5 padding, reused keys between different parts of the application, and provided a mechanism for disclosing file contents for any file name you could encrypt. While PadBuster is a generic tool for exploiting padding oracle flaws where PKCS#5 is used, the most well-known example is in old versions of the ASP.NET framework. Many people are under the mistaken impression that this flaw is exclusive to ASP.NET, when it is not. Now that I've satisfied the pedantic side of me, here's the information you've actually asked for: http://blog.gdssecurity.com/labs/2010/10/4/padbuster-v03-and-the-net-padding-oracle-attack.html This blog post explains the usage of padbuster.pl against a vulnerable installation of ASP.NET. It's been very helpful for me and for other people I've spoken with in the past. Feel free to contact me directly with questions about its usage. Cheers, -- Dan Crowley "All the forces in the world are not so powerful as an idea whose time has come." - Victor Hugo