1. Challenge Information

• Challenge Name: Agent Jonathan Walkins Trafalgar
• Category: Web - JWT algorithm confustion attack
• Difficulty: Medium

2. TL;DR Solution Summary

The backend is vulnerable to JWT algorithm confusion attack (RS265 → HS265), allowing JWT token’s signature to be signed using public key instead of secret/ private key.

3. Recon / Initial Analysis

3.1 Files/ Informations Provided

• A public key in PEM format

  -----BEGIN PUBLIC KEY-----
  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzh4QcrzhduRn3K1af38
  WTQMw1QRDjLTjeQKBiQPxyME2piCb+XKUq5WFJOS0VfpDEaSLTJ1W/S662ANgIAy
  6qw6Y3iovB7C8WwIC1dZ2/5VdKTX8yjoVYaofjzZGKnoHMxoBkELmH7z7GFoNZB4
  AJ8XSJx1Ibl4f+Y1TtGN+8xhg+2F8KbbuJhHxYiPPoMGxLNyPvay+t0A8Fxf/Qk8
  LGwxjIN6qnMDCnpZ6MhOj60Poh493EhZ03/1YhGGXE2S0SYm3jOetnueAc4cXxPT
  OCe4yS8u+pDg89swqlR/sEtO1H99pojRGv1LceD2m93isiLqLqvkJAuvmOJ6z9a9
  uQIDAQAB
  -----END PUBLIC KEY-----
  

• The algorithm used is RS265 (an asymmetric algorithm)

4. Vulnerability Breakdown

• Json Web Token (JWT) is a method to verify users. A JWT is JSON data secured with cryptographic signature
• The signing can be done using symmetric or asymmetric cryptography.
• Algorithm confusion attack is to trick the server into validating the signature using different algorithm (in this case, it’s verifying RS265 — a asymmetric algorithm — using HS256 — a symmetric algorithm)

5. Exploitation

5.1 Method / Tools Used

• Burpsuite
• JSON Web Tokens (Burpsuite extension)
• JWT editor (Burpsuite extension)