Step 1: Click on the green button to Start the Lab
Step 2: Hack the URL or IP of the lab
Step 3: Use your skills and logic to find the flags!
You've discovered a web application that uses JWT (JSON Web Tokens) for authentication and authorization. The challenge requires you to manipulate JWT claims to escalate your privileges from a regular user to an administrator, but there's a critical time constraint that makes this attack more complex and realistic.
JWT claims manipulation is a common vulnerability in applications where developers implement custom JWT validation logic. This challenge simulates a scenario where an attacker must craft a valid JWT with modified claims while working within tight timing constraints, similar to real-world attacks where tokens have short validity windows for security purposes.
The application has strict validation rules: the JWT must have admin privileges, a valid signature, and most importantly, the token's validity window (exp - iat) cannot exceed 10 seconds. This forces attackers to work within realistic time constraints while maintaining all security requirements.
Sign-in to your account to access your hacking courses and cyber security labs.
Access all hacking courses and cyber security labs.