SANS Holiday Hack 2023
  • 🌴Overview
  • 🆙Linux PrivEsc
  • 🃏Na'an
  • 🎣Phish Detection Agency
  • 😼Hashcat
  • 🧝Elf Hunt
  • 🐚Certificate SSHenanigans
  • 📒Active Directory
  • 🚪Space Island Door Access Speaker
  • 📸Camera Access
  • 🚀Missile Diversion
  • 🏴‍☠️I'm Gonna be King of the Pirates!
Powered by GitBook
On this page
  • Objective
  • Solution

Elf Hunt

Pixel Island: Rainraster Cliffs

PreviousHashcatNextCertificate SSHenanigans

Last updated 1 year ago

Objective

"Piney Sappington needs a lesson in JSON web tokens. Hack Elf Hunt and score 75 points."

Solution

This challenge involves manipulating the provided JWT to slow the Elves down to where you can hit them.

Then, edit your cookie and reopen the challenge for it to load. You should notice the elves moving at a much slower speed and thus easier to hit.

You can easily see the values of your JWT by using . When we decode it, we can see that there is a "speed" data payload.

This part of the token is just base64, so you can use any tool to generate an edited payload. I used an to make sure that I was able to make it url safe. I moved the speed to -100, but it may take some trial and error to find a good speed.

this tool
online base64 encoder
🧝
Page cover image
Speed before JWT tampering
Speed after JWT tampering