Cracking JWT Keys

A JWT is made up of three parts:

The header which gives information about how the JWT is constructed, as a minimum it specifies the method used to generate the signature.
The payload contains the claims, this is the authentication information the token is carrying, things such as a user ID or privilege levels.
The final segment is the signature, this is generated using the method specified in the header.

When the signature is generated using a HMAC, the function generating the signature requires a secret key. If you can get that key in some way, either by stealing it from the server, guessing it, or brute forcing it, then you are able to sign your own tokens, which, in most cases, means you can make whatever modifications you want to the payload and the claims it contains.

Unless you are really lucky and manage to get Local File Inclusion (LFI), or somehow get shell on the web server, your only real option on most tests is to try to brute force the key. One way to do this is to use a tool such as John the Ripper or Hashcat in the same way you would to crack password hashes acquired during a network test.

This lab generates four levels of token, the first three with with a progressively stronger key, the last one with a more obscure key. All of the keys can be cracked on a standard workstation, none require a dedicated password cracking rig, the first three with commonly available word lists. For the last one, you may want to have a read about the Ironman racing and have a think about some of my other tools.

If you get stuck, or want more information, see my walkthrough.

Weak JWT Keys

The challenge is simple, ask the server for a token, crack the key, update the claims, re-sign the JWT, submit the new token and hope that the server accepts it.

The debugger on JWT.IO is a very useful tool for decoding and re-encoding tokens.

Difficulty:

The token is:

Test this token:

Back to home

Lab created by Robin Wood - DigiNinja