line ctf
Radha Mounika Radha Mounika
jail boy /web
- problem
- the endpoint
- we see it is using jwt tokens from the letter e
black box approach
- straight away as we see it has 100 points which means it is a beginner
- it mostly could be a simple jwt issue
- decode the jwt token
- so we see it uses hs256
- so we know there exiss
- so we try none algorithm in header did not work (reomve signaurue keep the dot,remove sign remove the dot) both did not wokr
- then went through this article
- https://blog.dixitaditya.com/exploiting-jwt-lack-of-signature-verification
- what if the signature is not verifed at all
- so remove the signaure but keep the dot to maintain the sturcutre of jwt
- and it works
- GET /?j=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiJ9.
- just changed the subject to amdin and encoded
<p>flag is <code>LINECTF{337e737f9f2594a02c5c752373212ef7} 🎉</code></p>white box approach
- we are given the source code
- from docker file we see it uses java
- here we see the parsing of jwt token in line 29 which is the insecure line
jail boy /web
- problem
- the endpoint
- we see it is using jwt tokens from the letter e
black box approach
- straight away as we see it has 100 points which means it is a beginner
- it mostly could be a simple jwt issue
- decode the jwt token
- so we see it uses hs256
- so we know there exiss
- so we try none algorithm in header did not work (reomve signaurue keep the dot,remove sign remove the dot) both did not wokr
- then went through this article
- https://blog.dixitaditya.com/exploiting-jwt-lack-of-signature-verification
- what if the signature is not verifed at all
- so remove the signaure but keep the dot to maintain the sturcutre of jwt
- and it works
- GET /?j=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiJ9.
- just changed the subject to amdin and encoded
<p>flag is <code>LINECTF{337e737f9f2594a02c5c752373212ef7} 🎉</code></p>white box approach
- we are given the source code
- from docker file we see it uses java
- here we see the parsing of jwt token in line 29 which is the insecure line
jalyboy-jalygirl/web
- pretty much the same as before
- but from code review here it looks like it uses asymmetric keys
- but there does not apper a alogrithm imposition during verfication
-
- so may be we can use the public key and sign ourselves as admin with it and say the algorihm uses hs256 (place alg:hs256)
- decoding the token we see it uses es256
- to understand edcsa https://www.youtube.com/watch?v=0NGPhAPKYv4
- from this https://www.cryptomathic.com/news-events/blog/explaining-the-java-ecdsa-critical-vulnerability
- and we see it is java 17
- so the main check that r,s being zero condition is not checked in this implementation
- so now we need to bypass the signature
- https://www.linkedin.com/pulse/exploitation-psychic-signatures-cve-2022-21449-zakhar-fedotkin/
- first sent this request
GET /?j=eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJndWVzdCJ9._____wAAAAD__________7zm-q2nF56E87nKwvxjJVH_____AAAAAP__________vOb6racXnoTzucrC_GMlUQ HTTP/1.1 - same sub as guest but signature is with 0,0
- we are still guest only with this request
- now change the sub to admin
-
now with this request we get the flag and login as admin
<p>flag is <code>LINECTF{abaa4d1cb9870fd25776a81bbd278932}</code> 🎉</p>solved challenges
score board