Medium
Level 4: JWT Token Manipulation
Objective
Login as a regular user, get the JWT token, then manipulate it. The server uses a weak signing algorithm.
Login: POST /api/login {"username":"alice","password":"alice123"}
Decode the token, modify the payload to change your role to "admin", and access: GET /api/admin/flag
Test Credentials
| alice | : alice123 | (user) |
| bob | : bob456 | (user) |
| admin | : admin789 | (admin) |
API Request
API Response
Waiting for request...
// Response will appear here
FLAG CAPTURED!
Hint: The JWT uses a simple base64 encoding (not real JWT). Decode the token parts using base64, modify the payload to set
"role": "admin", re-encode it, and use the forged token to access GET /api/admin/flag.