3 Videos for JWT Algorithm Confusion with RSA Public Key Recovery

PRO
Tier
difficulty_hard_icon
Hard
clock icon
< 1 Hr.
number of users completed icon
190
badge icon
Brown Badge
image of exercise JWT XIII: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
JWT XIII: Introduction

In this video, we cover the challenge JWT XIII as part of the Brown badge. We discuss the structure and verification process of JWT tokens, focusing on RSA and HMAC signing methods, and demonstrate how an attacker can exploit the algorithm field to forge tokens.

video duration icon04:48 number of views icon99

 

image of exercise JWT XIII: Exploitation part 1
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT XIII: Exploitation part 1

In this video, we tackle the JWT XIII challenge as part of the Brown Badge series. We explore the exploitation process, including setting up the necessary tools and dependencies, and demonstrate how to exploit algorithm confusion to gain unauthorized access.

video duration icon03:41 number of views icon169

 

image of exercise JWT XIII: Exploitation part 2
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
JWT XIII: Exploitation part 2

In this video, we delve into the second part of exploiting the JWT XIII challenge as part of the Brown Badge. We focus on tampering with the script to create a token that logs us in as an admin.

video duration icon02:27 number of views icon130