HACKTHEBOX

PLAYER – (HACK THE BOX)

https://github.com/mazen160/bfac Things to note: Secret key used to sign the JWT token →_S0_R@nd0m_P@ss_. The access code to get the new file location. Masked endpoint →7F2xxxxxxxxxxxxx/ If we decode the JWT token captured in cookie while requesting /launcher/dee8dc8a47256c64630d803a4c40786e.php using jwt.io , we get Copy the cookie https://jwt.io/ paste here the cookie : access=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcm9qZWN0IjoiUGxheUJ1ZmYiLCJhY2Nlc3NfY29kZSI6IkMwQjEzN0ZFMkQ3OTI0NTlGMjZGRjc2M0NDRTQ0NTc0QTVCNUFCMDMifQ and we get […]