TechCamp 2022 - JWT101

Notes, slides and sources of "TechCamp 2022 - JSON Web Token 101" talk.

https://techcamp.hamburg/

Disclaimer

THE CONTENT OF THIS REPOSITORY INCLUDING ANY REFERENCED EXTERNAL CONTENT IS FOR EDUCATIONAL PURPOSE ONLY.

IT COMES WITHOUT WARRANTY OF ANY KIND, CORRECTNESS AND/OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

USE AT YOUR OWN RISK!

Any source code included is licensed under the MIT License (see the repositories LICENSE file)

Slides

RFCs

Signing algorithms

Code snippets

Common vulnerabilities

Code snippets

Examples

Hands on

Six-digit passphrase recovery (`secret`)

hashcat --increment-min=4 --increment-max=8 --increment -m16500 \
  'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJ0ZWNoY2FtcC5oYW1idXJnIiwianRpIjoiOTZmNzBkODkiLCJpYXQiOjE2NjEzMzAzMDgsIm5iZiI6MTY2MTMzMDMwOCwiZXhwIjoxNjYxMzM3NTA4LCJzdWIiOiJtLnJlaWNoZWwiLCJpc3MiOiJpZC50ZWNoY2FtcC5oYW1idXJnIn0.mKdydmAO5Mh6bHFBtguwLAdLtxIR3oczRl7hCjsiK0w' \
   -a3 -1 "?l" "?1?1?1?1?1?1?1?1" -D 2 -d 5 -w 3

Seven-digit passphrase recovery (`hamburg`)

hashcat --increment-min=4 --increment-max=8 --increment -m16500 \
  'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJ0ZWNoY2FtcC5oYW1idXJnIiwianRpIjoiOTZmNzBkODkiLCJpYXQiOjE2NjEzMzAzMDgsIm5iZiI6MTY2MTMzMDMwOCwiZXhwIjoxNjYxMzM3NTA4LCJzdWIiOiJtLnJlaWNoZWwiLCJpc3MiOiJpZC50ZWNoY2FtcC5oYW1idXJnIn0.tVtDVw5BlIYEQt1lVdo0YFdlS9yrNvQR0JnGU81DYQA' \
   -a3 -1 "?l" "?1?1?1?1?1?1?1?1" -D 2 -d 5 -w 3

Sources, references and further readings

Big thanks and kudos going to:

About

TechCamp 2022 - JSON Web Token 101

MIT License

TechCamp 2022 - JWT101

Disclaimer

Slides

RFCs

Signing algorithms

Code snippets

Common vulnerabilities

Code snippets

Examples

Hands on

Six-digit passphrase recovery (secret)

Seven-digit passphrase recovery (hamburg)

Sources, references and further readings

About

Six-digit passphrase recovery (`secret`)

Seven-digit passphrase recovery (`hamburg`)