← All posts

Posts tagged #jwt

6 posts

writeup

2024 Hack The Boo: Waywitch

Exploit JWT authentication bypass and token manipulation in a Node.js web application

#htb #ctf #web
+3
writeup

HTB: blazorized Writeup

blazorized is a Hard-difficulty Windows domain controller machine from HackTheBox.

#htb #writeup #windows
+7
writeup

HTB: iClean Writeup

iClean (Capiclean) is a Medium-difficulty Linux machine featuring Flask SSTI exploitation and JWT-based authentication bypass.

#htb #writeup #linux
+6
writeup

2024 Cyber Apocalypse: LockTalk

Exploit JWT vulnerabilities in python-jwt version 3.3.3

#htb #ctf #web
+3
writeup

2023 Cyber Apocalypse: Didactic Octo Paddle

Exploit IDOR and JWT vulnerabilities in shopping application

#htb #ctf #web
+3
writeup

2022 Hack The Boo: Cursed Party

JWT authentication bypass through XSS to steal admin session and access flag

#htb #ctf #web
+5