🧝Elf Hunt

Objective

"Piney Sappington needs a lesson in JSON web tokens. Hack Elf Hunt and score 75 points."

Solution

This challenge involves manipulating the provided JWT to slow the Elves down to where you can hit them.

You can easily see the values of your JWT by using this tool. When we decode it, we can see that there is a "speed" data payload.

This part of the token is just base64, so you can use any tool to generate an edited payload. I used an online base64 encoder to make sure that I was able to make it url safe. I moved the speed to -100, but it may take some trial and error to find a good speed.

Then, edit your cookie and reopen the challenge for it to load. You should notice the elves moving at a much slower speed and thus easier to hit.