Information#
Version#
| By | Version | Comment |
|---|---|---|
| noraj | 1.0 | Creation |
CTF#
- Name : IceCTF 2016
- Website : https://icec.tf/
- Type : Online
- Format : Jeopardy
- CTF Time : link
Description#
I have a feeling they were pretty high when they made this website...
Solution#
- Register a user an login with it.
- With your browser network analyser loot at cookies in response header of the HTTP request:
Set-Cookie: jwt_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJhemEifQ.Zfl286kFvhPrNJG-dtoTjbPU7OxlUdTW_XKEL679uU0;. - JWT stands for JSON Web Tokens and is composed of 3 parts:
- Part1: Header, is base64 encoded, show hash algorithm.
- Part2: Payload, base64 encoded, content.
- Part3: Signature, signature, concatenation of header + content and then encoded with the hash algorithm contained in the header.
- So
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJhemEifQ.Zfl286kFvhPrNJG-dtoTjbPU7OxlUdTW_XKEL679uU0match withheader.payload.signature. - So we get:
printf "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" | base64 -d
{"alg":"HS256","typ":"JWT"}
printf "eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJhemEifQ" | base64 -d
{"flag":"IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}","user":"aza"}An introduction to JSON Web Tokens is available here.