# JaWT Scratchpad

## Problem

> Check the admin scratchpad! <https://2019shell1.picoctf.com/problem/12283/> or <http://2019shell1.picoctf.com:12283>

* [Website](https://2019shell1.picoctf.com/problem/12283/)

## Solution

1. Login as any user. I used `john`.
2. Get the `jwt token` from the `jwt cookie`. Example token: `eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiam9obiJ9._fAF3H23ckP4QtF1Po3epuZWxmbwpI8Q26hRPDTh32Y`
3. Paste the `jwt token` into a file called `token.txt`
4. Run this command with hashcat to crack the token: `hashcat -a0 -m 16500 token.txt rockyou.txt`
5. Run the same command but with `--show` to get the password used: `hashcat -a0 -m 16500 token.txt rockyou.txt --show`
6. Paste original token into <https://www.jsonwebtoken.io/>
7. Type password `ilovepico` into the `Signing Key` field and change `user` in the payload to `admin`
8. Copy and paste the new token into the `jwt cookie`
9. Refresh the page to get the flag

### Flag

`picoCTF{jawt_was_just_what_you_thought_9de8e25511a8841ab9ade0aa092be116}`