Portswigger JWT — Lab 3

JWT authentication bypass via weak signing key

In this lab we need to modify the JWT of the user we log in and brute force the secret key to sign JWT and edit JWT to become administrator user.

After logging we’ll get a JWT for the user wiener

For brute forcing the secret key against the JWT we can use the worldlist provided in the lab, we can use hashcat to crack the secret key

With this we got the secret key which is secret1,to sign the token with the secret and modify the username we can use this site

https://jwt.io/

Now replacing the token through developer tools

We are now the administrator user and can access the admin panel

On deleting the carlos user we can solve the lab

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store