webPromedium

RSA or HMAC? Part 2

cryptohack

Task: JWT RS256/HS256 algorithm-confusion (CVE-2016-10555) where the RSA public key is NOT exposed by any route. Solution: recover the RSA modulus n via GCD of two RS256 signatures (s^e - EMSA-PKCS1 pad), rebuild the PKCS#1 'RSA PUBLIC KEY' PEM, and forge an HS256 token signing {admin:true} with the exact PEM bytes (trailing newline included) as the HMAC secret.

jwt token_forgery hs256 privilege_escalation rsa algorithm_confusion rs256 cve_2016_10555 pyjwt pkcs1_v15 pem_formatting

gcd_modulus_recoveryhmac_with_public_keypublic_key_recoveryrs256_to_hs256_confusionemsa_pkcs1_v15_reconstruction

$ ls tags/ techniques/

jwt token_forgery hs256 privilege_escalation rsa algorithm_confusion rs256 cve_2016_10555 pyjwt pkcs1_v15 pem_formatting

gcd_modulus_recoveryhmac_with_public_keypublic_key_recoveryrs256_to_hs256_confusionemsa_pkcs1_v15_reconstruction

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups