webfreeeasy

OpenSecret

hackthebox

Task: Gain access to a protected section of a website. Solution: Found hardcoded JWT secret in frontend JavaScript, forged admin token to access restricted /tickets endpoint.

$ ls tags/ techniques/

jwt information_disclosure hardcoded_secret

source_code_analysisjwt_forgery

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

OpenSecret — hackthebox

Description

OpenSecret is a web challenge where you need to gain access to a protected section of the website.

Analysis

While examining the frontend source code (JavaScript files), a hardcoded secret key for signing JWT tokens was discovered.

// snippet from frontend JS
const JWT_SECRET = "super_secret_key_123";

The application uses JWT for user authentication. Having the secret key, we can create (forge) a token for any user, including the administrator.

Solution

...

$ grep --similar

Similar writeups

[web][Pro]Lab 12 — NewsGrid — JWT Algorithm Confusion— hackadvisor
[web][Pro]Lab 350 — VaultKeeper— hackadvisor
[web][Pro]Lab 114 — APIForge — JWT JKU Header Injection for Privilege Escalation— hackadvisor
[web][Pro]Разминка с JWT (JWT Warmup)— hackerlab
[web][Pro]Code Control— undutmaning