amaterasu-sec.com Open in urlscan Pro
162.159.153.4  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Open in app

Sign up

Sign In

Write


Sign up

Sign In


Amaterasu Security
Follow

Jan 16

·
3 min read
·

Listen



Save








SECRETS — AMATERASU SECURITY

This challenge deals with JWT (Java Web Tokens) and the premise of the story
below is that we were the ones that originally created the tokens and we have to
prove ourselves on why we deserve to keep our position for creating such a
malicious thing.

Here are a list of resources used for this challenge:

 1. Cyberchef (https://cyberchef.io/)
 2. JWT Decoder (https://jwt.io/)
 3. Hashcat-JWT
    (https://www.notion.so/amaterasu-sec/Hashcat-JWT-68c295641dc148258c47d3ce810330a7)



You’re a senior cyber security engineer and during your shift, we have
intercepted/noticed a high privilege actions from unknown source that could be
identified as malicious. We have got you the ticket that made these actions.

You are the one who created the secret for these tickets. Please fix this and
submit the low privilege ticket so we can make sure that you deserve this
position.

Here is the ticket:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmbGFnIjoiQlRMe180X0V5ZXN9IiwiaWF0Ijo5MDAwMDAwMCwibmFtZSI6IkdyZWF0RXhwIiwiYWRtaW4iOnRydWV9.jbkZHll_W17BOALT95JQ17glHBj9nY-oWhT1uiahtv8

JSON Web Tokens (JWT) have become increasingly popular in recent years due to
their efficiency and security in transmitting data between parties. In this
article, we will be exploring the structure and usage of JWT tokens, and how to
solve a cybersecurity challenge that involves these tokens.


STRUCTURE OF JWT TOKENS

JWT tokens are made up of three sections: header, payload, and signature. The
header section contains information about how the JWT token is encoded, while
the payload section contains the claims. Claims are statements about an entity,
such as the entity’s name and the rights associated with it. The signature is
used to verify that the sender of the JWT token is who it claims to be and to
ensure that the message wasn’t changed along the way.


SOLVING A CYBERSECURITY CHALLENGE WITH JWT TOKENS

The challenge we will be exploring involves identifying a token, finding the
structure of the token, and decoding it to find the secret and a new verified
signature ticket.

 1. Identifying the Token: The first step is to drop the token into a tool
    called Cyberchef, which will tell you what the token is decoding. In this
    case, the token is a JWT token.
 2. Understanding the Structure: Using the JWT decoder in Cyberchef, the left
    panel will show each section of the token color-coded with a period (.)
    separating each section. The structure of the token is
    header.payload.signature.
 3. Finding the Hint: To find the hint, focus on the “flag” section of the
    decoded token. In this case, the hint is “4_eyes”.



4. Finding the Secret: To find the secret, some OSINT (Open Source Intelligence)
and bruteforcing techniques, such as Hashcat or John, may be used. In this case,
the secret is “bT!0”.

5. Generating a New Verified Signature Ticket: To generate a new verified
signature ticket with a low privilege, the decoded token’s “admin access” can be
changed to false and the token can be taken. The resulting signature would look
like this:
“eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmbGFnIjoiQlRMe180X0V5ZXN9IiwiaWF0Ijo5MDAwMDAwMCwibmFtZSI6IkdyZWF0RXhwIiwiYWRtaW4iOmZhbHNlfQ.nMXNFvttCvtDcpswOQA8u_LpURwv6ZrCJ-ftIXegtX4”.




In conclusion, JWT tokens play a crucial role in secure data transmission and
understanding their structure and usage is essential in solving cybersecurity
challenges. By following the steps outlined in this article, you can
successfully decode and manipulate JWT tokens.

https://blueteamlabs.online/achievement/share/challenge/8095/35



Originally published at https://www.amaterasu-sec.com.

Btlo






ENJOY THE READ? REWARD THE WRITER.BETA

Your tip will go to Amaterasu Security through a third-party platform of their
choice, letting them know you appreciate their story.

Give a tip


ELEVATE YOUR CYBERSECURITY SKILLS TODAY!

Join my exclusive subscription and unlock the secrets of defensive and offensive
security with cutting-edge tools and resources. BlueTeamLabsOnline and
Flaws.cloud await!

By signing up, you will create a Medium account if you don’t already have one.
Review our Privacy Policy for more information about our privacy practices.

Subscribe


MORE FROM AMATERASU SECURITY

Follow


Security Hobbyist | Full-Time Purple Teamer | CompTIA A+, Network+, Security+,
CySA+, Project+ | ISC(2) SSCP

Feb 8


MALICIOUS POWERSHELL ANALYSIS

Decoding the Encoded Powershell Script to Identify the Malware Responsible for
the Attack Recently, a large company named GothamLegend was the victim of a
cyber attack after an employee opened a phishing email containing malware. The
network of the company was severely compromised, leading to a business-wide
disruption. To resolve…

Cyber Attack

6 min read



Cyber Attack

6 min read




--------------------------------------------------------------------------------

Share your ideas with millions of readers.

Write on Medium

--------------------------------------------------------------------------------

Feb 10


AUTOMATICALLY LOG YOUR POWERSHELL SESSIONS WITH EASE

If you are new/still learning or an experienced PowerShell user but you forget
what cmdlets you used during your last session. Fret no more! Today I will show
you to log your PowerShell sessions automatically! Topics: PowerShell Registry
Editor First thing we will need to do is check if a path…

Powershell

2 min read


Powershell

2 min read




--------------------------------------------------------------------------------

Mar 2


“AWS S3 BUCKETS MISTAKES: DON’T LET THEM COST YOU”

“Avoid common errors and protect your data with simple fixes. Keep your AWS S3
Bucket secure and your business safe.” In this series, we will we working with
http://flaws.cloud. These are cloud security challenges that deals with AWS
itself. flAWS _ ____ __ __ _____ | || | / || |__| |/ ___/ | __|| | | o || | | (
\_ | |_ | |___ | || | | |\__ | | _] | || _ || ` ' |/…flaws.cloud

AWS

4 min read



AWS

4 min read




--------------------------------------------------------------------------------

Mar 19


THE CYBER SENTINELS CLUB

Joining the Cyber Sentinels Club on Discord is an absolutely fantastic
opportunity for anyone who is passionate about cybersecurity! In today’s rapidly
evolving digital landscape, staying up-to-date on the latest security trends and
solutions is more important than ever, and this club provides a platform where
members can: Collaborate with…

Cybersecurity

2 min read


Cybersecurity

2 min read




--------------------------------------------------------------------------------

Feb 7


NOTED — A ONENOTE ATTACHMENT MALWARE

Scenario: Compromised Machines in the Finance Department A number of machines
belonging to employees in the Finance department have been compromised. While
other responders are containing the threat, you’ve identified that the employees
all received the same email with an attachment. It’s time to take a closer look
at the…

Btlo

3 min read


Btlo

3 min read




--------------------------------------------------------------------------------

AboutHelpTermsPrivacy

--------------------------------------------------------------------------------


GET THE MEDIUM APP




AMATERASU SECURITY

16 Followers

Security Hobbyist | Full-Time Purple Teamer | CompTIA A+, Network+, Security+,
CySA+, Project+ | ISC(2) SSCP

Follow




MORE FROM MEDIUM

SOCFortress

PART 2. GRAYLOG INSTALL — LOG INGESTION



Mark Ernest

MITRE ATT&CK DEFENDER™ ATT&CK® SOC ASSESSMENTS TRAINING-RECOMMENDATIONS & REVIEW



Mark Ernest

MITRE ATT&CK DEFENDER™ CYBER THREAT INTELLIGENCE TRAINING — LEADERSHIP
RECOMMENDATIONS & REVIEW



Adam Goss

THREAT HUNTING II: ENVIRONMENT SETUP



Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

To make Medium work, we log user data. By using Medium, you agree to our Privacy
Policy, including cookie policy.