AF-2DFB-JWT · Kriptanaliz / Protokol

Weak JWT Secret

DOWNLOADABLE JWT session token (HS256) + candidate secret wordlist. The server accepts signed admin tokens; the HMAC secret is weak, crack it with the wordlist. The alg=none decoy token in the file is unsigned (invalid); do not fall for its flag.

Scenario

An intercepted JWT session token (HS256-signed). The server accepts validly signed tokens with role=admin; the attack is to crack the HMAC secret and forge an admin token. The secret is weak and present in the given candidate wordlist: it is cracked by signing each candidate with HMAC-SHA256 and comparing to the token signature. The file also has an alg=none token; it is unsigned and carries admin role + a fake flag = decoy. Skill: not falling for the unsigned token (assuming alg=none is rejected); cracking the real HS256 secret with the wordlist.

Anti-forensics techniques

Weak HMAC secret (dictionary-crackable)
alg=none unsigned decoy token (red herring)

Provided artifacts

JWT token (HS256) + candidate secret wordlist

Sample questions

q1: The cracked HMAC secret?
q2: The weakness/method? (e.g. weak hmac secret / dictionary)
trap1: Do NOT report the flag (DFB{jwt_tuzak}) from the alg=none decoy token as the solution.

Soundness trap

The alg=none token is unsigned and carries a readable admin flag; presenting it as the solution is heavily penalized. The real solution is only cracking the HS256 secret.

Scoring

Secret-cracking accuracy + alg=none decoy resistance (soundness).

DOWNLOADABLE

Download and solve

Download artifact

The answer key is hidden (scored set); the flag is encrypted, you must decrypt it.