The security of JWT relies entirely on the attacker not guessing the secret or encryption key used in its signature.

This we can test with various tools such as hashcat or JTR (john the ripper) which are designed to attempt to guess the secret of the JWT at a staggering speed.

The first step is to determine which algorithm JWT is signed with. This can be found out, as we have learned, from the JOSE header. You can decode the JWT in Hakatemian JWT Studio or on jwt.io website.

In this case, the algorithm was HS256, which is HMAC SHA256.

We can list supported algorithms of JTR and search for HMAC algorithms, for example like this:

. JTR supports JWT format automatically, so it does not need to be separately instructed.

Start by writing the token to the token.txt file, for example:

You also need a password list, such a list can be found on the exercise task machine at the path /usr/share/wordlists/rockyou.txt.

If the JWT is signed using a secret word found from a list, it will be found instantly.

When the secret is known, it is easy to sign new tokens in a JWT studio:

Try it yourself! You'll get the JWT again when you peek at the HTTP traffic with Burp while trying to fetch the flag.

Read the flag from the /api/v1/flag endpoint.

In this lab, you will get to crack the encryption key of a JWT token using the JTR (john the ripper) tool.

Cracking the JWT Secret

## Weak secret

The security of JWT relies entirely on the attacker not guessing the secret or encryption key used in its signature.

This we can test with various tools such as hashcat or JTR (john the ripper) which are designed to attempt to guess the secret of the JWT at a staggering speed.

---

## Algorithm solving

The first step is to determine which algorithm JWT is signed with. This can be found out, as we have learned, from the JOSE header. You can decode the JWT in Hakatemian JWT Studio or on jwt.io website.

![](sanity:image-5f0b9e50b4468410614a66e0cc4e484a4166f59b-709x320-png)

In this case, the algorithm was HS256, which is HMAC SHA256.

---

## John the Ripper

We can list supported algorithms of JTR and search for HMAC algorithms, for example like this:

![](sanity:image-cd0ae2dd99f57a26db541bc03cbea0a3ae2deed7-870x189-png)

The correct one is **HMAC-SHA256**. JTR supports JWT format automatically, so it does not need to be separately instructed.

Start by writing the token to the token.txt file, for example:

```sh
echo "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" > token.txt
```

You also need a password list, such a list can be found on the exercise task machine at the path /usr/share/wordlists/rockyou.txt.

Then simply start JTR as follows:

```sh
john token.txt --format=HMAC-SHA256 --wordlist=/usr/share/wordlists/rockyou.txt
```

If the JWT is signed using a secret word found from a list, it will be found instantly.

![](sanity:image-8cdb42796a1c1aaf6c9d862064c422f1b0d6b4b9-1286x248-png)

---

## Using a Compromised Secret

When the secret is known, it is easy to sign new tokens in a JWT studio:

![](sanity:image-061dc6f95477654154f2e2f54c59f96ff20b1827-834x500-png)

---

## Exercise

Try it yourself! You'll get the JWT again when you peek at the HTTP traffic with Burp while trying to fetch the flag.

@exercise ce3ab59ea6a1


JWT and Encryption Key Cracking

There are JWT tokens almost everywhere you look these days. However, the choice or configuration of the JWT library often goes wrong, which can lead to token forgery, which in turn typically leads to a total breach of the application's security.

JWT tokens are almost everywhere nowadays. However, the selection or configuration of the JWT library often goes wrong, which can lead to token forgery, which typically results in a total breach of application security.

JWT and Encryption Key Cracking

Weak secret

Learn to hack — start here