IceCTF - 45 - Toke - Web

Thursday 25 August 2016 (2016-08-25)

Monday 1 April 2024 (2024-04-01)

🇬🇧

Information#

Version#

By	Version	Comment
noraj	1.0	Creation

CTF#

Name : IceCTF 2016
Website : https://icec.tf/
Type : Online
Format : Jeopardy
CTF Time : link

Description#

I have a feeling they were pretty high when they made this website...

Solution#

Register a user an login with it.
With your browser network analyser loot at cookies in response header of the HTTP request: Set-Cookie: jwt_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJhemEifQ.Zfl286kFvhPrNJG-dtoTjbPU7OxlUdTW_XKEL679uU0;.
JWT stands for JSON Web Tokens and is composed of 3 parts:
- Part1: Header, is base64 encoded, show hash algorithm.
- Part2: Payload, base64 encoded, content.
- Part3: Signature, signature, concatenation of header + content and then encoded with the hash algorithm contained in the header.
So eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJhemEifQ.Zfl286kFvhPrNJG-dtoTjbPU7OxlUdTW_XKEL679uU0 match with header.payload.signature.
So we get:

printf "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" | base64 -d
{"alg":"HS256","typ":"JWT"}

printf "eyJmbGFnIjoiSWNlQ1RGe2pXN190MEszbnNfNFJlX25PX3AxNENFX2ZPUl81M0NyRTdTfSIsInVzZXIiOiJhemEifQ" | base64 -d
{"flag":"IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}","user":"aza"}

An introduction to JSON Web Tokens is available here.

writeups

Information#

Version#

CTF#

Description#

Solution#