3 Videos for JWT Algorithm Confusion with RSA Public Key Recovery

PRO
Tier
Hard
< 1 Hr.
184
Brown Badge
image of exercise JWT XIII: Introduction
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
JWT XIII: Introduction

In this video, we cover the challenge JWT XIII as part of the Brown badge. We discuss the structure and verification process of JWT tokens, focusing on RSA and HMAC signing methods, and demonstrate how an attacker can exploit the algorithm field to forge tokens.

video duration icon04:48 number of views icon93

 

image of exercise JWT XIII: Exploitation part 1
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT XIII: Exploitation part 1

In this video, we tackle the JWT XIII challenge as part of the Brown Badge series. We explore the exploitation process, including setting up the necessary tools and dependencies, and demonstrate how to exploit algorithm confusion to gain unauthorized access.

video duration icon03:41 number of views icon156

 

image of exercise JWT XIII: Exploitation part 2
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT XIII: Exploitation part 2

In this video, we delve into the second part of exploiting the JWT XIII challenge as part of the Brown Badge. We focus on tampering with the script to create a token that logs us in as an admin.

video duration icon02:27 number of views icon120