Possibly Related Threads…

macavitysworld · 03-21-2024, 05:36 AM

HTB Web Challenge - Insomnia(Quick writeup)

Interception of the login request and deletion of the password parameter.
Entered an existing username in the DB (e.g., "test") to receive the JWT token.
Sent the JWT token to /index.php/profile endpoint with the username changed to "administrator" to obtain the flag.

Flag

Hidden Content

You must register or login to view this content.

Xerion · 03-21-2024, 08:36 AM

Wow this is very helpful

Art10n · 03-22-2024, 06:53 PM

how can I change the JWT? I have not the JWT_SECRET and the JWT became invalid!

TREXNEGRO · 03-22-2024, 08:15 PM

Thanks friend, I'll see... keep it up my king...

macavitysworld · 03-23-2024, 03:42 AM

(03-22-2024, 06:53 PM)Art10n Wrote: how can I change the JWT? I have not the JWT_SECRET and the JWT became invalid!

- Intercept the request
- sent to repeater
- Delete password parameter
- add user as administrator
- you'll get the required token

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	91	7,551	7 hours ago Last Post: ukaugse
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	364	88,800	Yesterday, 07:41 PM Last Post: napo22
	[FREE] HTB-ProLabs APTLABS Just Flags	kewlsunny	23	2,357	03-28-2026, 03:30 AM Last Post: lulaladrow
	HTB Eloquia User and Root Flags - Insane Box	69646B	13	355	03-27-2026, 06:14 PM Last Post: vlxw
	HTB - ALL Challenges you Stuck in	osamy7593	2	652	03-27-2026, 04:24 PM Last Post: catsweet