Quick Debrief

There are multiple vulnerabilities exist within JSON Web Tokens. This is a quick and easy lab for you to understand the fundamentals of JWTs and how to exploit them.

JSON Web Token Basics

A JSON Web Token (JWT) is split into three parts; the header, body, signature. This allows small pieces of information to be securely transmitted between parties. The integrity of the information is enforced by the signature. The most common use for JWTs is Authorization and Information Transfer.

Structure of JWTs

Each section of a JSON Web Token is individually Base64Url encoded.
header.body.signature

Header

The most important information in the header is the algorithm used for the signature. The main algorithms that are supported out there are:

  • HMAC
  • SHA256
  • RSA
Additional information that may be in the header are:
  • 'exp' (Expiration Time) Claim
  • 'nbf' (Not Before Time) Claim
  • 'iss' (Issuer) Claim
  • 'aud' (Audience) Claim
  • 'jti' (JWT ID) Claim
  • 'iat' (Issued At) Claim
  • 'sub' (Subject) Claim
  • 'kid' Key Identifier
The Key Identifier contains a value which can be used to get the key for the signature. This value can have 2 different vulnerabilities; SQL Injection and File Traversal. This will be discussed in more detail in the walkthrough section.

Body

The body of the JWT is separated from the header and signature through the use of full stops. This part of the token contains the information that is being sent. Usually it contains the authenticated user and an iat which is used to verify when the token was created. The iat can be used to give the token a period of validity. In the set of challenges, the goal is to modify the body so that the user = admin.

Signature

The signature is made from the algorithm listed in the header. This is used to ensure the data has not been tampered with. To create the signature, the algorithm needs to be applied on the following payload:

base64urlencoded(header)+"."+base64urlencoded(body)

If it is possible to modify the body and have a valid signature. It would be possible to escalate privileges to a higher user such as admin.

Popular vulnerabilities with JSON Web Tokens

When implementing your own JSON Web Tokens or when encountering it during a penetration test. It is important to look out for the following issues that may occur due to the way it has been implemented.

  1. Check which algorithms are supported

    Try to use the "none" algorithm. This algorithm does not require a signature which means the integrity of the token cannot be checked. Sometimes, the signature isn't even checked!

    Try to check if it is possible to use HMAC (HS256) to sign the signature.

  2. Perform more enumeration to check for unecessarily exposed keys.

    If it is possible to change the algorithm to HS256 and the verification key has been exposed, then it should be possible to create a valid signature

  3. If HMAC (HS256) is used. Try to bruteforce the key.

    If the key is recovered, then it will be possible to create valid signatures. A good tool to use for this is Hashcat.
    hashcat -a0 -m 16500 text.hash [dict]

  4. Look at the header parameters and fuzz them to see if it is vulnerable.

    The kid (key identifier) is used to identify which key is used for the token. This value can be vulnerable to file traversal. Thus if you can find a file exposed on the server (for example a css file). That file can be used as the key for the signature. This kind of vulnerability may exist with the other possible headers such as JKU and x5u as they also may be used to determine which key is used.

    It is also possible for the kid value to access a database and as a result, SQL Injections may be possible.

  5. If the application is written in an out of date version of Ruby and contains the kid value. It could be vulnerable to command injection

    This exploit may occur when libraries use vulnerable system calls to read the file.

A useful link I found to have bookmarked is: https://github.com/ticarpi/jwt_tool/wiki. It contains a list of all the vulnerabilities for JWTs.


The challenges I have made are some of the basic vulnerabilities for poor implementation of JWTs. The main goal is for you to have gained some experience so when the real thing comes along in a test or development process. Therefore, you will have a good methology and mindset for ensuring they are secure.

Enjoy my lab and let me know what you think.

References:
  • https://tools.ietf.org/html/rfc7515
  • https://jwt.io/introduction/
  • https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
  • https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a
  • Pentester Lab Pro - all JWT exercises.
  • https://github.com/ticarpi/jwt_tool/wiki/Known-Exploits-and-Attacks