Can you find the administrator’s secret message?
In the first look, it seems like a page which save our text. I decided to create an account, login, and observe in burp-suite. Something interesting appears:
There are many base64 parts encode chain with dot, it absolutely using JWT token to authentication. Decode it, we get some information:
Yes, it uses RS256 algorithm to encrypt our payload. So changing it value to admin will solve the challenge? Nope.
RS256 (RSA Signature with SHA-256) is an asymmetric algorithm, and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature.
So on, we got kid: “keys/3c3c2ea1c3f113f649dc9389dd71b851” on the header, which means it will find the public key in file path defined in kid (in this case: http://188.8.131.52:20012/keys/3c3c2ea1c3f113f649dc9389dd71b851.pem)
To sum up, we already got:
– The Header format
– The Payload format
– default public key in the file which defined in kid
At this point, i decided to do an attack which using HS256 instead of RS256 and make the public key become a decrypt key but no luck, i stucked for several hours.
Luckily, my friend told me what if we still using RS256 and trick the authentication to accept our payload? Well, based on this idea, we have to get:
– our Private key
– our Public key
– The admin in payload which using our private key to sign
So, we are going to force JWT using our public key to verify our crypt 🙂
The attack is as below:
1/ Create the pub/priv key pair
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
2/ Encode our payload with value set to admin in JWT, to do it, go to jwt.io:
3/ set “kid” point to our public key
How to do it? Remember that we also got a function which let us save our paste, i create a new paste, set everyone can see it, and paste the content of our public key into it:
Well, we also can download it
So, set it to kid and the problem solved? no! the path in “kid” will auto append .pem at the end and make our public key turn wrong, so we need to bypass it.
Simply add & into it, and .pem will become the parameter which means we wont need to care more about it.
So our final payload:
4/ get flag
Interesting Challenge 😀