https://hussienmisbah.github.io/tags/jwt/ Recent content in JWT on 0xMesbaha Hugo en Sat, 07 May 2022 12:49:13 +1000 https://hussienmisbah.github.io/posts/linux-machines/2022-05-07-unicode/ Sat, 07 May 2022 12:49:13 +1000 https://hussienmisbah.github.io/posts/linux-machines/2022-05-07-unicode/ <p>In This medium Box we are playing with JWT Tokens in specific the jku Claim Misuse , which will let us login as admin account then we will use the Unicode Encoding to read files on the system. Eventually we will find a password for user then ssh to login. for the root part we are abusing the sudo privilege on a binary which can read files on the system.</p> https://hussienmisbah.github.io/posts/linux-machines/2022-03-26-secret/ Sat, 26 Mar 2022 00:45:19 +0200 https://hussienmisbah.github.io/posts/linux-machines/2022-03-26-secret/ <p>In this Box we are going to follow documentation instructions to create a new user , will face sensitive data exposure will let us see a delete commit ,this will help us change our token to the admin token and login as admin , reading source codes we find a command injection so we will have a reverse shell as a user, for the root part there is a suid binary that can read any file on the system and count it , and in the source code it has <code>PR_SET_DUMPABLE</code> so we can dump it if it receives a signal while running ,we will send segmentation fault signal and dump the process then performing strings on the dump we can read the root ssh private key and login as root</p>