关联漏洞
描述
Automate JWT Exploit (CVE-2018-0114)
介绍
# jwt-spoof-tool
### Tool Description :
I made this tool for learning purpose and automating jwt token hijacking without depending on using burpsuite
the code is well documented and easy to follow
Based on (CVE-2018-0114)
The Vulnerabilty happend because in backend the server check jwk object embeded inside jwt header, it contain n and e which are 2 paramters used to form the public key
### How to exploit :
<br> 1) An attacker generate new RSA KEY PAIRS,
<br> 2) Get n and e and inject them inside the jwk object in jwt headers
<br> 3) Change any values in jwt body section then sign it with his private key
<br> 4) The server uses the attacker public key to verify the signature .
<br> 5) i made a verify function to make sure the jwt is exploited successfulyy or not by trying to decode it using attacker public key (n and e)
### How to run it :
<br> 1) overwrite value of variable "jwt_orginal at line 125" by the new vulnerable jwt
<br> 2) add any attributes you wanna change inside the dictionary object "dict_values at line 126"
<br> 3) Enjoy
文件快照
[4.0K] /data/pocs/68591c0c85512b115a0f049e606dfcdd88733ce1
├── [4.0K] jwt_attacker_gen
│ ├── [5.6K] jwt_attacker_gen.py
│ ├── [1.5K] jwt_attacker_gen.pyproj
│ ├── [1.6K] privkeyAttacker.pem
│ └── [ 450] publickeyAttacker.pem
├── [ 967] jwt_attacker_gen.sln
└── [1.0K] README.md
1 directory, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。