As we shot gun through various Web applications. This one won't be in your Fire race project. I don't think. Maybe when we're done saying what we want to say, maybe we can go looking for it. But probably you won't find it if you do you know. But maybe EC two, you know, like maybe one of the people who didn't do our stack would have it. Okay. So we talked about like sessions and stuff like that back in the HP day, right? And that is I've got a server and the server wants to remember you and so you make a little session ID and on the server, the session stores keys and values. With me on that remembered plot line, it was like weird little serialized HP data. Did I hit record? Yeah, I'm good. All right, so have you ever heard the word Hid? It was a big deal. 200910, something like that. It's what unleashed cloud computing. That is where I get data centers. The data centers have a ton of different commoditized pieces of hardware. And they like shard the database over them with redundancies and you just expect those servers to just die and be replaced. But they're cheap and there's a lot of them. That's Cloud computing 2010. If I'm in that world now, think ph sessions are like the old paradigm is a little bit like the file servers. And I know that it tricked you all up because when we got to the project, a lot of people wanted to have a physical HTML page for each different tournament. That's like the 1999 way of thinking. And I do teach this course like historically. So you can see all the wacky trends in the pendulum slings and I've lived it all. The paradigm is Php session ID. Nobody has a singular server with a singular kernel that has session data in it anymore, right? That session data is down and that's HDB, whatever do and I'm not going to transfer that around all the different browsers, right? And so you bring your session ID, and now you went from box one to box two. And I no longer have any idea who you are right in the data center for the user, I want to just be able to use whatever server I've got. This is the Cloud era version of Php sessions. All right. And it's called a Jason Webtoken. What I'm going to do is I'm going to take this thing and I'm going to encode into it some data, some wacky data. And I imagine any number of an army of ants, a swarm of ants each could respond to your web requests. I don't know which one is going to respond to my web request, but one of these 80 computers is going to respond to your web request. That computer needs to know who you are and resume your play by text, dungeon adventure game or whatever, and the data stored somewhere in a session or in a database or something. Okay? What this thing will do is generate this wacky little JWT, and you're going to send it back and forth with every future request. Here's what goes into a JWT. It's got three different parts. They can get all three on there, and it has a header, payload and signature. I actually show you what they look like. Let's go over to J. All right. Here is a JWT one. Do you recognize the format? Yeah. What's this is base 64. All right. Except for the dots. The dots are not base 64. All right. So this is three separate base 64 encoded chunks of Jon data, two chunks of Json data signature, right? Yeah, so that it is a little bit more compact. Google, if you go to the Google page or whatever, the optimization is made to minimize the number of bytes that go down, right? So part of why I complain about frameworks and stuff or whatever is that I have like 500 megabytes of stuff that I don't need in order to not have Jquery or whatever is fine. Okay. So this is the same thing. Every bite I pay for if I'm a cloud service provider and that's like the driver behind Jats. Okay, so how does this literally work? Well, I've got the thing that's going to indicate some header data. What type of algorithm am I using to sign it? And what type of thing am I, which seems a little redundant if I am an HWT. There's all sorts of other wacky little algorithms that are possible inside the spec. I wonder what could go in other than JWT. Maybe that's just a waste of bites. I don't know. Then here's the actual session data of sorts. It's not as nice as session data because it's not private at all. Is totally plain text. They just presume you've got this thing and you can know it. For instance, if I drop this thing in the Discord General or something, all right. You can take that base 64 if ever you need to part around with base 64. My little online tool of choice is called Cyber Shoot Over to Cyber Chef and I put this in my input, A little magic wand will wake up and say, oh, I recognize this. This is base 64, there's that middle part. All right, so what does that tell you that says that? This thing, whatever it is, it carries this data in all but plain text. All right? And it definitely means that clients can edit any part of this they want, right? Imagine it says, you know, admin true or whatever, or admin false. As a client, I can definitely go and try to change that from admin false to admin true. Right? You know, and that's not that hard to do. Unbase 64, encode it. I change a false to a true, I re base 64. Encode it. You know, whatever you're with me. We feel a little low energy today. Sorry it was late, maybe everyone. Okay, like your personal lives phone. I think it's guys got airpods in, you know, whatever. But he always like slinks into the background, catch it later. Okay. All right. All right. It's a little dry. Dry. But it's not really, I think it's actually a really fun hacking thing once we get to the hack. So let's get to the hack. What am I hacking? And when, okay, this starts to give you an idea of what I want to hack, right? Which is I want to be able to edit this thing and make it true for whatever I want. All right, so I want to go from admin false to admin true or whatever wacky thing is stored in there. So what's the security measure for me, not just editing this thing or actually, heck, before you even care about that, you probably just want to know who holds it and sends it, right. So now we can go back to this thing. I get my first JWT, and from now on I send my JWT in my headers every single time. So I'm going to send that little base 604-60-4604 with every web request as if it were a cookie. I'm going to authorization. Yeah, that was sorry. All right. Okay. So I'm going to send this with every single thing, just like PhB session ID. All right? And it's always going to have my whacky data in it and the data is always going to be this format. Blob base 64 encoded, Blob base 64 encoded, and then a signature. All right, I was literally just watching like Defcon talk this morning where they hacked at the HM signature which is typically secures very fine or whatever. And it'll be secure here. But we All right. Maybe at this point I might have done a set of like cryptolures. The crypto of the web, would you be interested in that? Like how certs work and things like that or whatever? I don't know how many guys are getting like crypto in other places. One. All right. Cool, cool. It's important to me that you guys know some crypto just because I don't know. Bath is beauty and computer science is bureaucracy. So like the good parts of computer science are just math, right? So just learn math but all right. All right. Type script or the bad parts? We say hi there, et cetera. What is the actual security of the thing? Well, the security of the thing comes down to the crypto. We haven't really learned a lot of crypto as a team yet. Here's how this works. I'm just going to show you, I'm just going to look for like an image from Wikipedia or this is probably the most technically accurate as maybe this is fine. We did some hashing when we did password storage. Right. Open image in Num. We did some hashing. All that H Mac does does super hashing, but it adds a secret key in. Now I'm going to take your message and my password or whatever and I'm going to hash that. I do that on the server side and send it back to you. And then when you bring it back to me, if you've changed anything about like the admin preds or whatever, your signature won't validate, I'm going to has the same thing, but I'm going to add in my little secret password in there and hash that. All right? You're with me on that kind of notion. It's just like a password thing. Yeah, yes. Literally, I'm going to take this data here as J Sons or whatever. I'm going to hash that with a key inside of it and that's what will become my signature. Just like we did stretching when we did our hashing, add the password in and things like that or whatever. Here, the literal H. Now we can look at the literal one. Now that our mind is awake, this is the actual set of hashes. They do two hashes, you secret. They take your secret and they pat it. Then they take the inner padded secret and the message and hash that. And then they take the outer secret thing and this hash and they hash that. All right, so there's two hashes involved. One inner padded, one outer padded key over here, key over here. And that's the literal H Mac algorithm. Okay? The inner and outer is what's the nature of the padding and just go in the left or the right. So if your key is less than 64 bytes or whatever, they're going to add some amount of padding to make it 64 bytes, either on the left or the right, different bytes each time. It's just a padding convention. Okay, that's the H max signature algorithm. All right. Now if you've ever studied how Bitcoin works or anything like that that uses a digital signature algorithm to signatures are pretty cool inside of the land of just decentralized Internet or whatever. This is one that has a shared secret. Anybody with the same shared secret create a new signature, but anybody without the secret cannot create the signature. Nobody can validate it unless they have the secret, which is not true in block chain. Like in block chain, the digital signature is a public one, and anybody can validate the signature. But only the person with a private key can generate the signature. Here, only one person can generate the signature and only that person can validate the signature. This is like, I don't know, I send my kid out on an errand to the grocery store or something like a free range parenting thing and I don't know, hide something in their backpack and they come back and it's still the same kid. Now that analogy is really jumped. Nobody cloned my kid and swapped them out with a different one or something because I got this apple, a pod tracker or whatever. Okay, that's a dumb analogy, but roughly I send the thing out to the world and when it comes back to me, I want to know that it was exactly mine and not somebody else's. All right. Now I think you've got the architecture roughly down of like how these things are used in the wild. I do my post requests, I authenticate, you know who I am, I have a secret server, password, hash all your crap with my password and your crap will be public. And then a signature based on my password and I send that back to you. Anytime it comes back in, I validate it again with that same password. If I valid thatassword, I was trying to think of like a person you all trust but you guys probably just trust each other. I want to say like your grandma or something or whatever, we're at the end of history. You didn't grow up the Internet grandma, what do you know? You should trust your grandma More grandmas. You've said it, more likely to be true, but you don't trust your grandma. That's fine. You like being stereotyped. Either trust your grandma, if they comes in, they trust it as if it were grandma's good advice. All right. So let's do the thing. Every one of these tasks, like all semester, haunts me a little bit because they're all made as like interactive. Okay everybody, let's do with things that you go from that passive mood that you're in now into like active hacker mood. Active hacker mood is good for the brain. Passive laid back mood is not as good for the brain, but I've got to kindergarten teacher enforce that. I got to be like, all right, we're all going to do this. Let's take 30 seconds to do that thing, whatever. I don't know, I just embraced the passivity. And then two weeks later, you're like, yeah, I had no idea what he was talking about. It's a little bit of a wacky back and forth here. Every time I get to this moment in my notes where it's like, now go do it, I'm like, do I force you to go do it or do I not? There's no laptop there or whatever I could say. I'm going to force you do it's just going to sit and stare at me for 30 seconds. That's a culture setting failure on my part. A, Maybe I'll do it for you. That always works. I'm just kidding. I just wanted to validate these things a little bit. Honestly, I'm in a weird state. I was up until whatever to writing an esoteric language about blue hens and things. This is like the thing that I'd most want to see if I were you learning this thing for the first time. I want to see literally, can I recreate that signature if I know the password? That's like my goal of those little wacky things say, all right, I'll do it and you can just enjoy me geeking art. I'm just going to refresh this site and take their default out of the box thing here. Okay. Actually I'm going to sign it with my own. Oh, that's probably literally their secret. Good. All right, I'm going to try to recreate this JWT from their data, just like prove to myself that I know how the encoding works. Probably that only appeals to like 10% of you. But I think it's just say, okay, I get the whole thing now, maybe I don't need to do this. Let's see if we can make it fast. We take this guy, I'm going to go over to Cyber, I'm going to reverse. I'm going to put this in over here. I'm going to go to base 64 and I'm going to just strip out all the white space. Every time I strip out the white space, you'll see the base 64 changes just a little bit, and now I get this thing. Now there alphabet seems like it's the URL safe alphabet. There's a white space in there. Oh yeah, You're right. You're right, thanks. Cool. All right, I think it's the URL safe alphabet, not the standard. Okay, let's see if this validates. Does that match this guy? Yes, that looks like a match looks good enough to me. All right, so I'm basically saying the thing I just created and that thing are the same. Okay, cool. I'll do the next one. All right. Now IAT business, that's a convention inside of H Mac in this world, in this space, they'll put in a time stamp in the thing that will be its expiration date. So like you say, hey, this isn't good. Forever invalidate this if this time stamp has passed or whatever. Invalidate after time is what IAT stands for. I bet. All right, here we go. All right, probably now we trust that this is good enough. I don't have to continue this part. Ok, and a little bit of that. Okay, let's see, M, N, O at the end. Not quite actually. I got another white space. Damn it. Yeah. Yeah, you're right. Okay. Y, F, Y, FQ, let's go. You're totally right. You're totally right. That does look longer. So you caught me bullshitting, you caught me bullshit. The other answer I was thinking about saying with confidence is, this is very copy paste friendly. I'm not going to make a transcription error if I put quotes in the thing and somebody has got some weird code somewhere, maybe quotes is one of those characters that I don't like having inside of some identifier. Url 64 is going to be copy paste friendly. As a token, it's a little bit, if you make a file name and you put spaces in it, I hate you a little bit more than I did before. Faces. Just like, what the hell are you doing? Yes, acid. But I'm saying that with the exact same confidence that I said that the base 64 will be shorter before. So, you know, I don't know if I were making it short. I'd want it to be encoded in a way that makes a copy face friendly, you know, and base 64 is shorter than he digest that is in this alphabet. The normal base 6040 has slashes and crap, if I put slashes in a URL, it's going to think that it's part of the path and not part of the encoding. So it's going to cut my base 64 right in half or whatever. Okay? Okay, look at sharp. Welcome. All right. Now, for the hard part, I'm going to check my notes. Right one, I literally said this in the notes. Take the first two parts of the J, including first up but not the second, and make my recipe H Mac then from Hex to whatever. Okay, now I'm going to go over to Cyber Shep. I'm going to take literally the two things that I just recreated. Now I'm going to make those, my new input. All right. I'm going to put in the H Mac recipe, the hashing function is s256. My key is in Latin one, my key was your 256 bit secret. Okay? Now, that gave me a hexadecimal output, so I need to go from into this nonsense. And then like two base 64. Okay. Base 64. Url safe. Okay. Is it let's go. Yes. Sflk. Okay. Good. I just said S, but it was only one. All right. I've recreated the signature. Okay. Again, waste of time. Maybe you go faster through that, but for me that says I now have completely mastered the entirety of the format. Jason 64, 64. I know exactly what is actually being signed. Now, why does that matter? Because you little hackers are going to receive a JWT that says you are not the admin, you're not allowed special privileges. You're going to hack the JWT and you're going to have to resign it with a new signature that says I'm good to go because your password sucked, right. Like exploit number one is if their password is not very good, you just rock you C until you find the right password and then forge it password. The word typically requires that I understand the mindset of who is doing the JWTing, which is going to be these hu dupe data center types of folks or whatever. It's a little bit wacky because if I'm thinking about a data center, I need to share that password across all the computers. It's a little bit more like a company wide salt then it is like a person by person password. Maybe that company wide salt is genuinely random, 128 bytes or whatever, something like that. But it's definitely distributed between. If I were to guess, I guess it's probably big old random bites but they're random that if I can get a foothold anywhere I can find for CTF, say okay, it's fake password. Now there's a lot of different crazy attacks against hats. That's what we'll mess with next. Next I'll mess with actually deploying it. Again, my mindset here is that you are interactive and you're on your keyboard, you're doing the things. We're going to be those people now running a data center. We're going to deploy this for a live website. Now when I was in the height of my mind craft speed running coding, the folks of that community were like, oh, you should use JWTs or whatever, right? Like it was being recommended by strangers as their thing or whatever. For what it's worth, you will find it. And that question of whether or not it's going to be in your Firebase stuff, now I know what to look for if I'm looking for a JWT. Is there a JWT here? Well, I'm looking for six separated session storage. No, local storage. Won't. Shared storage. No, not on my website. But there is this like fire based local database, maybe it is a plain text encoding of some kind. Base 64 is with dashes and underscores or whatever, something like that. But now it's just part of one of those things that I'm looking for. All right now is just one of those things I'm going to look for when I'm poking around at some website or whatever. Is is there some JWT off token somewhere? That is a flag? Yeah. It was from back in like class three or something or whatever. The local storage notes, this is like local storage that I put there. I didn't put these other ones there. I did that. Other people did those. I think I did that and but they did these ones. Okay. Now let's deploy it real quick. Suppose you actually wanted to use JT's on an actual server or whatever, something like that. Fine, let's do it. Fastest way I've found to do that is Glitch New project. Hello node. I released two flags for today. They're both like glitch things set up with this same kind of stack. If you want to go after my prof ninja jams, get some points for your bingo or whatever. There's two ody for. All right. I'm going to go over here and I'm going to packages I would like to add. This is a way I'd like to add Jason Web token because I'm not a fan of their fast sulfa or whatever Because an old Naur, I'm going to add Express. All right. Now I have available to me, JWTs here is going to be my first server generated JWT. Here we go. We're just going to go over here to logs. Let's take a look at that code. It's installing, whatever. All right. There's my JWT. Fantastic. I can always literally take this over to here or whatever. I can see that food is set to bar and this will expire October 25 at 09:44 No. All right. Well, that just expired. Fine. I know the coder he's not checking this thing, signed with the keys, told me the thing. Then it has a verify function where I can pass a token and my secret key. And it will run this if I pass the verification. Okay. All right. So that's JWT in node in just a few lines if you want to deploy it yourself or whatever. All right. And that's my server secret, et cetera, which I can hide in like an environment variable or something like that and say, that's this guy, okay, coming out each different time. And it's different each time because the time stamp is changing. Each time the server starts and restarts or whatever, it's starting and restarting like this because glitch is expecting an actual long turn server, so like it thinks it's dead when it actually just did its job. This is a boring infinite loop. All right? Let's put glitch out of its infinite loop, misery, and give it a real thing. All right? With me on the story. All right. I'm not selling it very well today or whatever. Fine blue hens. But we've got the thing, we understand the nature of it. It's for the cloud security sessions of the modern era and I can deploy it in a few lines of node. Now we're going to finally use it to withhold information. So now I'm going to set this up to have information that nobody sees. Here's going to be my secret page. All right. Now for this one, I'm going to put the secret page in like a different folder than public. So to say like secret that HTML. So here's my secret page, and I'm going to change my server around to this guy. Okay? All right, this thing should be up and running. Let's pull it up in a new page. Here we go. All right, so let's see what this server does. Step one, if I'm requesting the root resource, so just to get to, I will sign a JWT token that says allowed. Yes, and I'm going to send that token to you as the output of the page. All right, that's what we're seeing here. This is a perfectly good token that says allowed. Yes can go and test it. Here, that's some good crypto. All crypto is the art of looking random. None of that was ran. All right, Sorry. Probably some number of you actually believe in a mechanistic universe where we don't have free will or whatever. Whatever. You're not fun of parties. Okay, so then I want to make it so that when you fetch the secret, so this is the new thing for you. A node. This is actually a pretty cool thing. This is called middleware node. There's a thing called middleware where when you go to request a resource, I can first run you through a function, then farts around with your state before you get to the actual handle it. All right, the middleware is going to change everything about your request before it goes to the actual handler. Let's go to the check token. Actually, let's just validate this real quick. If I go secret, what I'll get is the word forbidden. Yeah, yeah, here's how I got to forbidden. I go to check token, check token receives. It's just like a normal request handler. Like it's got my request data, my response handler. But it also has a function called next, which is the thing that comes after the middlewares. That's the call back. Once you're done called next, I'm going to look in the authorization headers and I'm looking for authorization bearer and then the token. All right, if I don't see it, then I send four oh three and we are done here. We're not calling next. This middleware is acting as the gatekeeper to get into the good stuff. And it's going to send status four oh three to you if you don't have a valid token. All right, I have a header and it's not undefined. I'm going to split it. I'm going to take your token and I'm going to put it into the request and then call next. All right, so even if you give me a crap token, I'm still going to pass you through on my middleware here. I could do more there, but I'm going to pass you through here if there was any errors. I'm sending four oh three, fine. And I'm going to decode a Jtverify, that token with the same password. And if it says allowed yes, then I'm going to send you the contents of secret date HTML. Okay. All right, so how do I get to go see secret? Well, I need to take my token that says allowed. Yes, there was no Hackery yet. It's just the mechanics of the thing. I've got to get over to Postman. Heck, that's not even thing I want. I want this first. I'm going to go over to Postman, we're going to make a get request to slash secret. All right? I have no content type. I'm going to send it, it'll say for Boden, I'm going to go up to my headers and I'm going to add authorization. Then. It was bearer. Yeah. Okay. It actually doesn't matter what I put before this thing the way I did the code, but fine, the typical way is bearer and then my token. So now I need to go get my good token. Put that in there. Now I'll send and it says welcome, here's my secret page. All right, This kind thing exists in a lot of different services or whatever that you will find when you go far around with the network requests of whatever. Here's CTFD. I shouldn't be showing you this per se, but we can say, yeah, yeah, three years in the run load This guy up. Let's see if in the headers, do we have an authorization? We have a cookie. That's Google Analytics cookie. I totally have a session ID in there. It's not making me do oh, wait. Api API refer. All right, fine. I didn't test that. I was like, oh, access control, no, that's response request authority, accept scheme refer, not quite. You'll find that authorization header on API services, I think 50% of the time, something like that. You find something or another somewhere I'm doing something in here that's going to let them know my stuff and maybe that's the cookies, my session IDs or whatever, something like that. Recapture probably that guy. That looks like JWT without a signature? No. Tell me, say it so sorry. Sorry. Sorry. You know just no. Okay. Not JBT. All right. All right. It had the format, right? It was like it has the thing. Maybe that's UDCT. Probably not. All right. Okay. So hand fuzzing is not the way eventually, so it's time to start teaching you some fuzzers and stuff like that or whatever, but hunting around to see where does my authorization come from, How is the actual thing like how do they literally know who I am? Is it in my cookies, is it in my headers? All right. That's like this scope is we're thinking like how is it that I'm going to do authorization with whatever that web API is, especially if it's some decentralized server. All right. You with me? Okay. So we've got a 64, we've got these Jasons. Okay? Now let me show you the world's most cool webs. Github, Repo, whoever this person is, they're probably better at this than me. They look like it. At least ramps. All right. All right. This beautiful, beautiful person has got like just tons of wacky little website, Hackeryjust accumulated over the years of whatever their opsec life is or whatever JBT's are in here. Whenever you see RFC, that's going to be like the actual official spec or whatever we did SS on Monday. I warned you about this a little bit universal payload. This thing is friggin beautiful. A 2012, so not modern day. That's fine. But every once in a while you get one of these, oh, this wacky thing would just by visiting the page trigger SS the secret of where I can literally do it to URL, right? Like any URL and I can run Javascript on you clicking to that page via my thing. The wacky way is in the specs of how URIs are redirected, like how they're interpreted. That is to say Russian forum. Yeah. All right. Fine. Not still there. No, not that in these data URI's, you can have the URL that the browser is trying to interpret, have weird things that are technically true within the spec that the browser implements, that nobody ever does. I'm saying all this just from seeing the word RFC inside of this wacky dude, people who put the documentation in their list of like, here's how this thing works, that's the person where you just give them a weekend and a glass of wine or whatever, and say just read the whole thing and find the weird stuff that nobody's doing with it that they honor. Anyway, Right? And that's how you can get a universal SS, we wacky things that might be a reason to study. So lang, this is like weird automata inside the way these things are parsed that nobody uses but they're still coded. Okay, let's take a look at this Jason webtoken flow chart. Okay, stop using JBT's for session part two. Okay, fair enough. Jt's have been hacked a lot. Fine, that's why I'm talking about them. Let's show you a few ways in the JWT. Here are some of the ways. In fact, inside of here you'll find this thing, the J, I'm going to take my own link, JWT attack playbook. All right, here are various attacks on JWTs, known exploits, and various things you can do with it. All of these are perfectly valid CTF problems, step one. If it's misconfigured, I can set my signature algorithm to none. All right. And what that means is that you sent it with a perfectly fine signature. I returned it with a JWT that says, no, I'm not signing it. If your server honors me instead of itself, then I said no signature needed. I'm like, oh cool. Then your admits, right. So they sent it down has great password whatever. And I sent it back and said, no, no, no, no signature here. Okay, cool. That's just, who do you trust to set the algorithm that we list? The algorithms that are allowed for the signature. All right, fine that you missed. That goes here. If I put this in, it's literally the first Json object, has the algorithm here. Here's a whole list of the algorithm. This is H shaw 256, H Mac shaw 384, H shaw 512. Now some of these are public keys. These H max, that's shared password stuff. But I could do it with my certs and I haven't told you about certs yet or whatever, but I could have my certs do the signing and it's a public key signature. Okay, that's one of the exploits that shows up in advanced JWT, CTF swap. Suppose you send me one that says it uses a public key. I swap the algorithm over to private key because your public key is known to me, and then I use that as my key. A thing where if the algorithm is swapped out and their code is not well done or whatever, something like that, I can use their public key as the private key When I switch from public key mode to private key mode in the signature validation or whatever they're doing their verification and they've got the code is included and I just like, oh, make it a private thing, but I now know that and I can sign it with that, that's CTF thing. Set up your configuration to only allow H Mac or public key, but never both. All right. Don't have your code be so generic that I could do either public or private, because switching from public to private is hard and very different code. Okay? Key injection attack. Okay? How does this work? Ah, yeah, yeah, yeah, yeah, yeah, Okay. Okay. Okay, Here, take a look at this top part. They're using the algorithm. I don't even know what the RS 256 stands for, but let's Google it real quick. R S 256 JWT. What does it stand for? What it's the difference. Rsa. Ah, okay. Okay. Okay. It's an RSA signature instead of an H signature. Fantastic. I love RSA for exploding. Okay. Take a look at this wacky thing. The key JWK is a way where I can specify information about where to find the key for this Chase Web. Remember how I told you before, this is about distributed data centers and I was saying they have to share their password with each other. We there's a way inside the specs where I can say, you know what, we're not going to share the password. I'm just going to let you know where to find it inside of our servers. And I can even put a URL that's like a local host of URL to find where you'll find the pass code for this thing or something wacky like that. Well, if the code honors that and the client can control it, then I can tell you where to go find the key. Or here I can even literally provide my own key that I'm going to sign with in the header. That's wacky. Jbt configuration should explicitly define which public keys are accepted for verification. Okay, fine. Can I provide my own? Sometimes there are some JWT libraries out there that had CV's, where if the signature was literally just null, it got past the logic with that type juggling PhB stuff that we did with the speed runs like it's like, oh cool, I don't have to do anything here or whatever. Like just like some default case was included in some of the popular libraries or whatever that happened in 2020. Probably it's patched out by now, but maybe not. This is part of the JBT spoof, Okay, here's where the key is kept. Every once in a while you'll get one and they'll tell you exactly where to find the keys or whatever that thing, these are header values that will let you put JW key files somewhere or whatever, something like that. And maybe these can be controlled at malicious places instead of your own or whatever, et cetera. You need to be white labeling which URLs are allowed. Can I go in and just fart around with your stuff and say, okay, find the keys at prof ninja instead of at your own site. All right, that's doable ID. Sometimes the header you'll find a Kd thing or whatever. If I'm cracking one of these in a live CTF, I'm immediately taking a look to see what sort of wacky stuff is in the header. Do I see a KID? Do I see a JWK? Do I see anything that implies a URL or any wacky other thing like that? And then I'm going to find any known exploits that use that a thing for farting around Es or whatever. This was a security from 2016 through now or whatever. Just like all the wacky things in this class, you might end up at a place that did their security in 2016. I don't want to get yelled at now. There's two flags here. This too, by the way that I link to it will do a Jack the ripper style attack for you where I can give it Cc and it'll go through every one of those passwords to try to find a matching signature. One of them, it's just a weak password. The other one you can brute force a fine, those are more like crypto weak password problems than they are JT problems.

JWTs (JSON Web Tokens) and exploits

From Andrew Novocin October 25, 2023

14 plays 0 comments You unliked the media.

Zoom Recording ID: 4159319948 UUID: wo1jVRJeQ2u1hlYnXysBCQ== Meeting Time: 2023-10-25 01:15:17pmGMT

Tags: jwt

Department Name: ECE
Department Division: Engineering
Date Established: October 25, 2023
Appears In: Web Sec F23