1. Challenge Information

• Category: (e.g., Web, Pwn, Forensics, Crypto, OSINT…)

• Difficulty: (Easy/Medium/Hard)

• Challenge Description / Prompt:

2. TL;DR Solution Summary

The endpoint improperly validated JWTs, allowing us to forge a token by modifying the algorithm field to "none", granting admin access.

3. Recon / Initial Analysis

3.1 Files/ Informations Provided

• Describe file(s)
• Tools used to inspect (e.g., strings, Wireshark, CyberChef)
• Initial observations

3.2 Service Enumeration (if applicable)

• Ports & services (nmap)
• Website enumeration (dirsearch, nikto)
• Binary behavior (for pwn)
• Interesting endpoints/features

4. Vulnerability Breakdown

• SQL injection due to unsanitized id parameter
• Buffer overflow because gets() is used without bounds checking
• Base64 → Hex → XOR encoded message