JaWT Scratchpad


Check the admin scratchpad! https://2019shell1.picoctf.com/problem/12283/ or http://2019shell1.picoctf.com:12283


  1. Login as any user. I used john.

  2. Get the jwt token from the jwt cookie. Example token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiam9obiJ9._fAF3H23ckP4QtF1Po3epuZWxmbwpI8Q26hRPDTh32Y

  3. Paste the jwt token into a file called token.txt

  4. Run this command with hashcat to crack the token: hashcat -a0 -m 16500 token.txt rockyou.txt

  5. Run the same command but with --show to get the password used: hashcat -a0 -m 16500 token.txt rockyou.txt --show

  6. Paste original token into https://www.jsonwebtoken.io/

  7. Type password ilovepico into the Signing Key field and change user in the payload to admin

  8. Copy and paste the new token into the jwt cookie

  9. Refresh the page to get the flag



Last updated