HACKR.GG
HACKR
Roadmap
Academy
Pricing
Blog
Resources
...
Labs
→
Session Token
⚑ Report a problem
JWT Attacks
Medium
Session Token
FirstBank signs session JWTs with a weak secret. Crack it, forge a new token with role: admin.
Tools:
jwt_tool
curl
python3 (PyJWT)
↗ View walkthrough
// Machine control
Checking session...
// Submit flag
Submit
