I'm testing a site that authenticates using an HS-256 signed JWT. However the json payload inside the JWT is about 2500 characters. This has become an impediment to trying to crack the signing key. My question is what efficient tooling exists for cracking the signature on longer messages. (Hashcat has a max buffer size of 256, an order of magnitude too small).
If I try to use jwt_tool (https://github.com/ticarpi/jwt_tool) I get something like
$ jwt_tool.py --crack -d ~/src/SecLists/Passwords/darkc0de.txt $(<auth)
$$$$$\ $$\ $$\ $$$$$$$$\ $$$$$$$$\ $$\
\__$$ |$$ | $\ $$ |\__$$ __| \__$$ __| $$ |
$$ |$$ |$$$\ $$ | $$ | $$ | $$$$$$\ $$$$$$\ $$ |
$$ |$$ $$ $$\$$ | $$ | $$ |$$ __$$\ $$ __$$\ $$ |
$$\ $$ |$$$$ _$$$$ | $$ | $$ |$$ / $$ |$$ / $$ |$$ |
$$ | $$ |$$$ / \$$$ | $$ | $$ |$$ | $$ |$$ | $$ |$$ |
\$$$$$$ |$$ / \$$ | $$ | $$ |\$$$$$$ |\$$$$$$ |$$ |
\______/ \__/ \__| \__|$$$$$$\__| \______/ \______/ \__|
Version 1.3 \______|
Loading key dictionary...
File loaded: /home/kali/src/SecLists/Passwords/darkc0de.txt
Testing passwords in dictionary...
[*] Tested 1 million passwords so far
[-] Key not in dictionary
===============================
As your list wasn't able to crack this token you might be better off using longer dictionaries, custom dictionaries, mangling rules, or brute force attacks.
hashcat (https://hashcat.net/hashcat/) is ideal for this as it is highly optimised for speed. Just add your JWT to a text file, then use the following syntax to give you a good start:
[*] dictionary attacks: hashcat -a 0 -m 16500 jwt.txt passlist.txt
[*] rule-based attack: hashcat -a 0 -m 16500 jwt.txt passlist.txt -r rules/best64.rule
[*] brute-force attack: hashcat -a 3 -m 16500 jwt.txt ?u?l?l?l?l?l?l?l -i --increment-min=6
===============================
If I then follow the advice of jwt_tool and try to pass the JWT on to hashcat l get something like
$ hashcat -a 0 -m 16500 auth
hashcat (v6.1.1-120-g15bf8b730) starting...
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Hashfile 'auth' on line 1 (eyJhbG...RqvDaYoENIYDH8tVWzI5ZlBrMUBqZEvM): Token length exception
No hashes loaded.
Started: Mon Apr 4 11:13:10 2022
Stopped: Mon Apr 4 11:13:11 2022
I've tried with John the Ripper as well, converting the auth token to an (apparently) JtR friendly format using jwt2jtr (https://github.com/MarcoLugo/jwt2jtr) with fairly opaque results
$ ~/src/JohnTheRipper/run/john --format=HMAC-SHA256 jwt.john
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)
My best current option seems to be using JtR to generate a list of possible signing keys, and then feeding that into jwt_tool, but that involves generating massive files of potential passwords and a comparatively slow attempt to crack the signing key. If there are better options l would like to know them.
