Tags: web
Rating: 5.0
Toke is a web challenge worth 45points
Url: http://toke.vuln.icec.tf/
Hint: I have a feeling they were pretty high when they made this website...
Starting with registring an account with random credentials. While intercepting the get request to /dashboard we see a jwt token
The jwt token has the format xxxxxxx.xxxxxxxxxxxxxxxx.xxxxxxxxxxxxxx where the parts between the dots are base64encoded.
64decode the middle part of the token and it returns the flag.
{"flag":"IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}","user":"aa"}
Jwt info : https://jwt.io/introduction/
Base64 info : https://en.wikipedia.org/wiki/Base64
