

Solution 5 JaWT Scratchpad

Problem Statement

Lab 5: JaWT Scratchpad (400 pts, but imo should be 700)

Problem:

Check the admin scratchpad! https://2019shell1.picoctf.com/problem/12283/ or http://2019shell1.picoctf.com:12283

Hints:

1. What is that cookie?
2. Have you heard of JWT?

Write-Up

Use the latest version of John-The-Ripper from GitHub to crack JWT signatures. You can also write a custom Python script to loop through the rockyou password list and perform a dictionary attack.