Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jas502n/JWT_Brute

JWT_Brute
https://github.com/jas502n/JWT_Brute

Last synced: 3 months ago
JSON representation

JWT_Brute

Host: GitHub
URL: https://github.com/jas502n/JWT_Brute
Owner: jas502n
Created: 2019-10-10T07:17:58.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2019-10-10T07:47:16.000Z (about 5 years ago)
Last Synced: 2024-05-02T18:54:40.950Z (6 months ago)
Size: 302 KB
Stars: 32
Watchers: 3
Forks: 9
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - jas502n/JWT_Brute - JWT_Brute (Others)

README

        # JWT_Brute

## Example

`eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8`

```

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 >> base64 decode >>  {"alg":"HS256","typ":"JWT"}

eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9 >> base64 decode >>  {"user":"nana","action":"upload"}

56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8 >> 需要指定key 加密得到

```

![](./jwt_brute_success.png)

## jwt io网站验证也是同样结果

![](./jwt-io.jpg)

## python usage:

`python3 jwt_brute.py 4.txt `

```

root@kali:~/jwt# python3 jwt_brute.py 4.txt 

      ___        _______     ____             _       

     | \ \      / /_   _|   | __ ) _ __ _   _| |_ ___ 

  _  | |\ \ /\ / /  | |     |  _ \| '__| | | | __/ _ \

 | |_| | \ V  V /   | |     | |_) | |  | |_| | ||  __/

  \___/   \_/\_/    |_|     |____/|_|   \__,_|\__\___|

                                                      

          Usage: python3 jwt.py dict.txt 

                                                           

For Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8

             This key is  >>> $admin$

_________________________________________________________________________________________________________________________________________

Please Input Your Encode JWT Str= eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoibmFuYSIsImFjdGlvbiI6InVwbG9hZCJ9.56wwCrB9tIgmUnYpLPxkO8GYj1soCjuu_skTlbH_Gg8                                                                                                                         try admin                                                          

jwt.decode={'user': 'nana', 'action': 'upload'}

bingo11! found key --> $admin$ <--

root@kali:~/jwt# 

```

## 参考链接

https://www.freebuf.com/vuls/211842.html

https://jwt.io/