Completed by 14.56% of challenge participants
Piney Sappington needs a lesson in JSON web tokens. Hack Elf Hunt and score 75 points.
Hints provided for Objective 16
- Unlock the mysteries of JWTs with insights from PortSwigger's JWT Guide.
- The elves are really fast aren’t they? If there were only some way to slow them down. I wonder if they got into santa’s magic cookies?
The hints make this one quite straightforward to complete.
Upon loading the game and opening developer tools we see that we are given a cookie called ElfHunt_JWT. This cookie looks something like this:
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzcGVlZCI6LTUwMH0.
From the objective hints and the name of the cookie we can safely assume that this is a JSON Web Token (JWT) and looking at the source code for main.js we can see that the JWT is being split into three parts with the ‘.’ Acting as a delimiter.
The inline comments conveniently let us know that the second part contains the payload.
function parseJwtPayload(token) {
// Split the JWT into its three parts
const parts = token.split('.');
// The payload is the second part. We decode it from base64 and parse the JSON
try {We can also notice that there is nothing after the second ‘.’, which means that this JWT has no signature and therefore we should be able to modify the payload however we like.
By copying the middle part of the JWT; eyJzcGVlZCI6LTUwMH0 and using Cyberchef to decode from base64 we find that the payload consists of the following JSON value:
{"speed":-500}
We can simply modify this to a smaller number (i.e. slower speed) and convert it back to base64 and paste it back in our cookie.
Now we just reload the page and play the game with the nice slow elves 😊 
