🔐
EAkl Blog
  • 👋Welcome!
  • 🐛Web Application Findings
    • Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    • Authentication bypass using empty parameters.
    • IDOR at Login function leads to leak user’s PII data
  • ℹ️Recon automation, tips and tricks
    • Simple Recon Methodology
    • How to write a simple script to automate finding bugs
  • 🔐Hack The Box Machines
    • Feline Walkthrough
    • Reel2 Walkthrough
    • Active Walkthrough
    • PopCorn Walkthrough
    • Jewel Walkthrough
    • Passage Walkthrough
    • Time Walkthrough
    • Devel Walkthrough
    • Lame Walkthrough
    • Beep Walkthrough
    • Blue Walkthrough
    • Jerry Walkthrough
    • Optimum Walkthrough
    • Grandpa Walkthrough
    • Legacy Walkthrough
    • Mirai Walkthrough
    • Valentine Walkthrough
    • Shocker Walkthrough
    • Netmon Walkthrough
    • Bank Walkthrough
    • Granny Walkthrough
    • Tabby Walkthrough
    • Access Walkthrough
    • Swagshop Walkthrough
    • OpenAdmin Walkthrough
    • Remote Walkthrough
    • Sauna Walkthrough
    • FriendZone Walkthrough
    • Hack The Box — Networked
    • Hack The Box — Forest
    • Hack The Box — WriteUP
    • Hack The Box — Academy
    • Hack The Box — Luanne
  • 🏴‍☠️CTF Challenges
    • CTF CyberTalents  — Bypass the world Writeup
    • CTF CyberTalents — Admin Gate First
    • CTF CyberTalents — Inbox
    • CTFlearn — Inj3ction Time
    • CTF ringzer0ctf — Challenge Access List
    • CTF ringzer0ctf — Login portal 2
    • CTF ringzer0ctf — SQLi challenges — part 1
    • CTF ringZer0ctf — Login form
  • 🔴Red Teaming Tips & Tricks
    • MOTW Defensive and Bypass techniques
  • ☁️Cloud Security
    • [Azure] Real Example to know different types of app concepts in Azure
    • [Azure] What To Do If?
Powered by GitBook
On this page
  1. CTF Challenges

CTF CyberTalents — Admin Gate First

PreviousCTF CyberTalents  — Bypass the world WriteupNextCTF CyberTalents — Inbox

Last updated 2 years ago

CTF CyberTalents — Admin Gate First

Welcome to the write-up of how to capture the flag of the challenge “Admin Gate First” from

Challenge info.

Challenge description: Flag is safe in the admin account info

From the description of the challenge you’ll notice that the flag is in something related to the account info like cookies for example

Lets start the challenge

When you entered to the challenge you’ll get login page with test user account credentials, check the source code but you’ll not find anything interested!

So let’s get logging into and see the source again

Check the source code

Note that there’s check of the authorization header so let’s relaod the page and check the request headers

If you notice in the 3rd part Signature there’s our secret key can be edited, if you don’t know how dangerous of it or how this key is used for see this screenshot

How to use it ?

jwt-cracker <token> [<alphabet>] [<maxLength>]

token: the full HS256 JWT token string to crack

alphabet: the alphabet to use for the brute force (default: “abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789”)

maxLength: the max length of the string generated during the brute force (default: 12)

Note! our value is 123456

Go to jwt.io and put it into it’s place and change the username and the password to admin and copy the new JWT and replace it into the authorization header in the request

See What will happen !

Bingoooo! We’ve the FLAG :”)

You should note that there’s (JSON Web Token) which check the user role, so now we’ll note talk about it more but you should know that it consist of 3 parts Header, Payload and Signature and all of this parts are base64 encoded so the website deals with this format and get it decrypted, so let’s go there and paste our jwt format in its place

Before we continuing you should know about the 3 parts of the JWT so if you don’t know about the content of them read this first and continue

Importance of secret_key

So in this case we’ll try to predict the value of this key. You can use a lot of tools which make the same thing but I prefer tool to do this mission

Download it from here

To know more about Bearer authentication

🏴‍☠️
JWT
jwt.io
https://jwt.io/introduction/
JWT-Cracker
https://github.com/lmammino/jwt-cracker
https://swagger.io/docs/specification/authentication/bearer-authentication/
CyberTalents