Challenge #01 · Web · Cryptography
JWT-01: Weak Secret
We intercepted a signed token from the target application.
The developer was… not careful.
Find the HS256 signing secret. The secret is the flag.
Intercepted Token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjE2OTU3LCJlbWFpbCI6InN1cGVyZ2FtZXJmb3JhZHNAZ21haWwuY29tIiwicm9sZXMiOiJjYW5kaWRhdCIsImp0aSI6IjQxNDZhOGFlLTM4YjUtNDg5Ny04MzBlLTQ0NzY4N2ViZGFiMyIsImlhdCI6MTc4MTQzNjAyNCwiZXhwIjoxNzgxNDM2OTI0LCJhdWQiOiJ5b3VyLXVzZXJzIiwiaXNzIjoieW91ci1hcHAifQ.Rf4U62kGdNgQ01Rh13oLX2nCiXvbMxWwqJyCB3oqEow
flag format: CTF{secret}