Home
Cmdi
XSS
Sqli
Web Service
JWT
Other
Redis
By default, there is only one account that can be used in the login form (jwt_user).
Once login & password are verified, a jwt token is generated.
If the submited token is valid (validate signature), you will be logged as jwt_user.
The goal of this challenge is to be logged as \'admin\' by forgering a new jwt token.
To help you, you can use the following tool to forge a new jwt_token (you need to find the good secret !)
Please enter your username & password.