Check the admin scratchpad!
We can’t log in as admin, so let’s log in as Jose.
Now, let’s use Burp Suite for this.
At the end of the website, it shows something like this : “You can use your name as a log in, because that’s quick and easy to remember! If you don’t like your name, use a short and cool one like John!”
As we know, John the Ripper is used to brute force, so that gives the idea that this should be a brute force challenge. In my case, I decided to use Hashcat.
Terminal
hashcat -a 0 -m 16500 jwt wordlist
secret: ilovepico
I can use this secret password to create a new assigning key
After creating our new key, we changed the user from ‘jose’ to ‘admin’ and assigned the key we created.
After that, we send the request.
Hello admin!