challenge info  
Name: Cookie Bakery
Category: Web
Difficulty: Medium
Points: 100
Link: CyberHackathon

   

Description

Web instance

Approach

  1. Initiated a search for subdirectories withffuf -u http://ip/FUZZ -w /wordlists/dirb/common.txt

  2. Found /register directory

  3. Created an account & login to it.

  4. A cookie was assigned to me: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTcwMjM3NjAwMCwianRpIjoiY2E4MmZlNzUtZTcyNi00NWY5LWE0ODctYzM2Y2EyZWRjNGJkIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6Im1hbGlrIiwibmJmIjoxNzAyMzc2MDAwLCJleHAiOjE3MDIzNzY5MDB9.NXnbWTOMpZLnHCacJ-KI-uRPL3faJ7a5tpeYwG3_1BM

  5. Tried different attacks but nothing worked, then I tried to bruteforce the secret key of JWT token using jwt_tool new

  6. Grabbed the secret key & pasted in jwt.io & then it allowed me to make changes to jwt token. I changed my username ‘malik’ to ‘admin’ & removed the “exp”: 1702376900 new

  7. Copied the new jwt token & replaced with original token in burpsuite & got this flag:

 

  flag   Flag{QCFANjVhSkR3dnl1R2VtZ2t2UmRQbmJiQT09NzVmNTc4MzZkMmEzN2M1NQ==}