+1 (512) 588 6950
This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn’t verify the signature of any JWTs that it receives.
To solve the lab, modify your session token to gain access to the admin panel at
/admin, then delete the user
You can log in to your own account using the following credentials:
JWT refers to JSON Web Tokens
JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims.
The tokens are signed either using a private secret or a public/private key
2. Now Look at the Cookie using
Cookie Editor or by
Intercepting the Traffic
It Looks like they have used Jwt for Authentication
3. Let’s Decrypt the token using jwt.io
From this, we can able to understand that the
sub value defines the user who is logged in.
If we changed the sub-value to the name of another person, then we can access their account with the Privilege of that user, such as admin
4. Change the Value
As long as you change the value the token also gets changed
The Above token’s value is set to administrator
5. Copy the token, and paste it into the session using the
6. Then try to Access the
7. Now you will have the access to delete users, delete Carlos to solve the lab
Watch the below gif!!