Possibly Related Threads…

macavitysworld · Mar 21, 2024, 05:36 AM

HTB Web Challenge - Insomnia(Quick writeup)

Interception of the login request and deletion of the password parameter.
Entered an existing username in the DB (e.g., "test") to receive the JWT token.
Sent the JWT token to /index.php/profile endpoint with the username changed to "administrator" to obtain the flag.

Flag

Hidden Content

You must register or login to view this content.

Xerion · Mar 21, 2024, 08:36 AM

Wow this is very helpful

Art10n · Mar 22, 2024, 06:53 PM

how can I change the JWT? I have not the JWT_SECRET and the JWT became invalid!

TREXNEGRO · Mar 22, 2024, 08:15 PM

Thanks friend, I'll see... keep it up my king...

macavitysworld · Mar 23, 2024, 03:42 AM

(Mar 22, 2024, 06:53 PM)Art10n Wrote: how can I change the JWT? I have not the JWT_SECRET and the JWT became invalid!

- Intercept the request
- sent to repeater
- Delete password parameter
- add user as administrator
- you'll get the required token

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	27	2,802	4 minutes ago Last Post: Johe
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	87	7,976	1 hour ago Last Post: char0n1507
	[FREE] HackTheBox All Cheatsheets	Tamarisk	9	565	1 hour ago Last Post: char0n1507
	CBBH Write Ups	hiddenhacker	23	6,343	2 hours ago Last Post: somecrazykid
	[FREE] CPTS 12 FLAGS	pulsebreaker	72	2,219	4 hours ago Last Post: coolguyaroundyou