Possibly Related Threads…

macavitysworld · Mar 21, 2024, 05:36 AM

HTB Web Challenge - Insomnia(Quick writeup)

Interception of the login request and deletion of the password parameter.
Entered an existing username in the DB (e.g., "test") to receive the JWT token.
Sent the JWT token to /index.php/profile endpoint with the username changed to "administrator" to obtain the flag.

Flag

Hidden Content

You must register or login to view this content.

Xerion · Mar 21, 2024, 08:36 AM

Wow this is very helpful

Art10n · Mar 22, 2024, 06:53 PM

how can I change the JWT? I have not the JWT_SECRET and the JWT became invalid!

TREXNEGRO · Mar 22, 2024, 08:15 PM

Thanks friend, I'll see... keep it up my king...

macavitysworld · Mar 23, 2024, 03:42 AM

(Mar 22, 2024, 06:53 PM)Art10n Wrote: how can I change the JWT? I have not the JWT_SECRET and the JWT became invalid!

- Intercept the request
- sent to repeater
- Delete password parameter
- add user as administrator
- you'll get the required token

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	370	92,224	1 hour ago Last Post: lifolifo007
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,196	4 hours ago Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,500	Yesterday, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	401	Yesterday, 10:36 PM Last Post: op334
	CBBH Write Ups	hiddenhacker	22	6,232	Yesterday, 06:39 AM Last Post: Usercomplex