Hacking PyJWT for Algorithm Confusion Attack [HackTheBox CyberMonday]
In the CyberMonday box from HackTheBox, the foothold involves exploiting an algorithm confusion attack against a JWT. When I went to sign the new JWT with the public key, PyJWT rejected me. In this video, we'll show the rejection, find the code responsible, and modify it to allow me to sign.
HackTheBox CyberMonday: https://www.hackthebox.com/machines/c...
CyberMonday Blog Post: https://0xdf.gitlab.io/2023/12/02/htb...
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[02:16] Review public key
[02:38] Creating Virtual Environment
[04:17] Failure in Python Terminal
[08:10] Finding Responsible Code
[10:08] Modifying to Allow
[11:25] Conclusion
#pentest #ctf #bugbounty #python #pyjwt
Watch video Hacking PyJWT for Algorithm Confusion Attack [HackTheBox CyberMonday] online without registration, duration hours minute second in high quality. This video was added by user 0xdf 02 December 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 760 once and liked it 38 people.