Challenge #01 · Web · Cryptography

JWT-01: Weak Secret

We intercepted a signed token from the target application.

The developer was… not careful.

Find the HS256 signing secret. The secret is the flag.

Intercepted Token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjE2OTU3LCJlbWFpbCI6InN1cGVyZ2FtZXJmb3JhZHNAZ21haWwuY29tIiwicm9sZXMiOiJjYW5kaWRhdCIsImp0aSI6IjQxNDZhOGFlLTM4YjUtNDg5Ny04MzBlLTQ0NzY4N2ViZGFiMyIsImlhdCI6MTc4MTQzNjAyNCwiZXhwIjoxNzgxNDM2OTI0LCJhdWQiOiJ5b3VyLXVzZXJzIiwiaXNzIjoieW91ci1hcHAifQ.Rf4U62kGdNgQ01Rh13oLX2nCiXvbMxWwqJyCB3oqEow

flag format: CTF{secret}