When JWT is signed with an asymmetric algorithm, the pair of private keys used for the signature, i.e. the public key, can sometimes be deduced mathematically. The calculation is based on this StackExchange discussion: https://crypto.stackexchange.com/questions/30289/is-it-possible-to-recover-an-rsa-modulus-from-its-signatures/30301#30301

The formula does not need to be understood, a tool has already been found on GitHub with which the calculation has been implemented.

Start the attacker's terminal below. Clone the silentsignal/rsa_sign2n.git repository from GitHub:

You need two different JWT tokens for the tool to work. You can obtain these by logging in during the exercise, sending an HTTP request to the flag address, and capturing the JWT as in the previous modules. Then simply log out, log back in, and repeat the process to capture the next JWT.

Finally, just run the script x_CVE-2017-11424.py, passing it the JWT tokens as parameters, and hope for the best. If the attack succeeds and you obtain the public key, you can try to determine if the application is vulnerable to key confusion attacks, using the key as in the previous module.

In this lab, you will practice calculating the public key of a JWT based on two JWTs when the public key is unknown.

Key Confusion without Public Key

## Public Key Inference

When JWT is signed with an asymmetric algorithm, the pair of private keys used for the signature, i.e. the public key, can sometimes be deduced mathematically. The calculation is based on this StackExchange discussion: https://crypto.stackexchange.com/questions/30289/is-it-possible-to-recover-an-rsa-modulus-from-its-signatures/30301#30301

![](sanity:image-d1bfd19d3a6a42b0e3336c128ffdb6972f24f90f-614x102-png)

The formula does not need to be understood, a tool has already been found on GitHub with which the calculation has been implemented.

---

## Installation of the Tool

Start the attacker's terminal below. Clone the silentsignal/rsa\_sign2n.git repository from GitHub:

```sh
git Clone https://github.com/silentsignal/rsa_sign2n.git
```

Then install the tool's dependencies:

```sh
cd rsa_sign2n/CVE-2017-11424/
pip3.8 install -r requirements.txt
```

Ready.

---

## Acquiring Tokens

You need two different JWT tokens for the tool to work. You can obtain these by logging in during the exercise, sending an HTTP request to the flag address, and capturing the JWT as in the previous modules. Then simply log out, log back in, and repeat the process to capture the next JWT.

---

## Running the tool

Finally, just run the script x\_CVE-2017-11424.py, passing it the JWT tokens as parameters, and hope for the best. If the attack succeeds and you obtain the public key, you can try to determine if the application is vulnerable to key confusion attacks, using the key as in the previous module.

![](sanity:image-2e0b5237869b24db17ed52cc2eeca2dad1538d39-939x348-png)

![](sanity:image-3582cb19fd9ef972e73b54aae9d7ceba100ae110-809x223-png)

@exercise 0d13b8d3b046


JWT Key Confusion Attacks when the Public Key is Unknown

There are JWT tokens almost everywhere you look these days. However, the choice or configuration of the JWT library often goes wrong, which can lead to token forgery, which in turn typically leads to a total breach of the application's security.

JWT tokens are almost everywhere nowadays. However, the selection or configuration of the JWT library often goes wrong, which can lead to token forgery, which typically results in a total breach of application security.

JWT Key Confusion Attacks when the Public Key is Unknown

Public Key Inference

Learn to hack — start here