JWT Authentication Bypass via Weak Signing Key

Опубликовано: 15 Июнь 2023
на канале: Intigriti

6,195

104

👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. The server uses an extremely weak secret key to both sign and verify tokens. This can be easily brute-forced using a wordlist of common secrets. To solve the lab, we'll brute-force the website's secret key. Once we've obtained the key, we'll use it to sign a modified sessions token and gain access to the admin panel, then delete the user carlos.

Overview:
0:00 Intro
0:13 Recap
0:37 Brute-forcing secret keys
1:33 Brute-forcing secret keys using hashcat
3:04 Lab: JWT authentication bypass via weak signing key
4:22 Solution #1: python
6:44 Solution #2: burp suite (and hashcat)
10:12 Solution #3: jwt_tool
11:51 Conclusion

If you're struggling with the concepts covered in this lab, please review the Introduction to JWT Attacks video first: • Introduction to JWT Attacks 🧠
For more information, check out https://portswigger.net/web-security/jwt

🔗 Portswigger challenge: https://portswigger.net/web-security/...

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

🐍 Python scripts demonstrated in this series can be found here: https://github.com/Crypto-Cat/CTF/tre...