Cracking a JWT with MD5_HMAC Algorithm - Marmalade 5 [NahamCon CTF 2023]

Опубликовано: 18 Июнь 2023
на канале: Intigriti

2,152

🚩 Video walkthrough for the "Marmalade 5" Web challenge from the NahamCon Capture the Flag (CTF) competition 2023, organised by ‪@NahamSec‬We need to login to the website as "admin" to retrieve the flag. After creating a new account, we find that the JWT has a "username" claim which we can change to admin. First we try some common attacks with the jwt_tool but they fail. However, in the process we gain the first 11/16 characters of the secret key. Cracking the key with hashcat/jwt_tool is fruitless, since the algorithm is not supported. Therefore, we develop some custom python scripts to brute force the secret and forge a new token 😈

Full write-up and solve script: https://github.com/Crypto-Cat/CTF/tre...

More web challenges from #NahamConCTF2023:    • NahamCon CTF 2023: Web Challenge Walk...  🥰

Overview:
0:00 Intro
0:24 Explore site functionality
1:26 Try to tamper with JWT (null/none attack)
2:42 Attempt hashcat/jwt_tool secret brute-force
4:48 Custom MD5_HMAC cracking script
8:05 Forge new token
9:36 Conclusion

If you're struggling with the concepts covered in this challenge, please review the Introduction to JWT Attacks video:    • Introduction to JWT Attacks   🧠

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com