JaWT Scrachpad

Description

AUTHOR: JOHN HAMMOND

Check the admin scratchpad! https://jupiter.challenges.picoctf.org/problem/63090/ or http://jupiter.challenges.picoctf.org:63090

Internal server errors can be intentionally returned by this challenge. If you experience one, try clearing your cookies. {. prompt-info }

Analysis

Our goal is to become admin and see what he has.

You will need to log in to access the JaWT scratchpad. You can use any name, other than admin... because the admin user gets a special scratchpad!

We also get a hint, JohnTheRipper. To forge new JWT token we need a secret_key and john will be useful in this field.

If you don't like your name, use a short and cool one like John!

Our JWT token can be found in cookies. You can use tool like https://jwt.io to inspect tokens. Algorithm is HS256 = HMAC-SHA256.

Solution

└─$ john --wordlist=$rockyou jwt.token --format=HMAC-SHA256
Using default input encoding: UTF-8
Loaded 1 password hash (HMAC-SHA256 [password is key, SHA256 256/256 AVX2 8x])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
ilovepico        (?)     
1g 0:00:00:03 DONE (2023-07-06 15:01) 0.3215g/s 2378Kp/s 2378Kc/s 2378KC/s ilovetitor..ilovemymother@
Use the "--show" option to display all of the cracked passwords reliably
Session completed.

I used same tool to forge new token with known secret key.

Flag: picoCTF{jawt_was_just_what_you_thought_f859ab2f}

PreviousIrish Repo Name NextJava Code Analysis!?!

Last updated 8 months ago

hashtagDescription

hashtagAnalysis

hashtagSolution

Description

Analysis

Solution