Curtis Hildebrand, Linux Systems Engineer. With 20 years Devops experience engineering, deploying and securing Linux systems in the cloud and bare metal. Specializing in systems audits for security, stabilization, and scale migration of infrastructure going through growing pains.
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Automating the Attack with SQLmap and a Custom Tamper Script Let’s review what I know and where I’m at in capturing the flag: The web server is NodeJS Express The database is SQLite The hole in the wall is the JSON Web Token. The JWT username field is vulnerable…
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT The Path of Attack After reading the documentation on JWT’s, I decided that this will be my next path of attack. There were a few hints to push me down this path. First, I looked up JWT vulnerabilities. Most attack techniques go after the algorithm for signing…
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT Digging Deeper into the Code Lets start to look under the hood of the site some more. Maybe the developers left a comment in the website code pointing to a hole. Maybe some JavaScript gets loaded that holds the vulnerability. Whatever it is, I have to look…
ATTACKING JWT’S WITH A CUSTOM SQLMAP TAMPER SCRIPT First look I know the challenge is a website so open up the IP:Port address in a browser. It forwards to /auth: I’m given a simple login screen (user and password) with two buttons, “Login” and “Register”. First, lets see how it is supposed to work and then…
Attacking JWT’s with a Custom SQLmap Tamper Script Introduction If you’ve ever watched a movie or TV show that involves computer “hacking”, you’ll recognize these scenes. Someone wearing a hoody (of course) hunched over six monitors of scrolling text, frantically typing and instantly programming some complex code to break past a firewall. My favourite (facepalming)…