CTF-Writeups/Portswigger/JWT/Lab3.md

Portswigger JWT - Lab 3

JWT authentication bypass via weak signing key

In this lab we need to modify the JWT of the user we log in and brute force the secret key to sign JWT and edit JWT to become administrator user

After logging we'll get a JWT for the user wiener

For brute forcing the secret key against the JWT we can use the worldlist provided in the lab, we can use hashcat to crack the secret key

WIth this we got the secret key which is secret1

To sign the token with the secret and modify the username we can use this site

https://jwt.io/

Now replacing the token through developer tools

We are now the administrator user and can access the admin panel

On deleting the carlos user we can solve the lab

References

• https://hashcat.net/wiki/doku.php?id=example_hashes
• https://jwt.io/