Possibly Related Threads…

problematicmatcher · 12-13-2024, 10:29 PM

Discussion: I have started with Breaking bank, i think the key is to forge the Authorization header, i found this in the source code:

// TODO: is this secure enough?

        if (!jku.startsWith('http://127.0.0.1:1337/')) {

            throw new Error('Invalid token: jku claim does not start with http://127.0.0.1:1337/');

        }

I am sure this is the intended way but i cannot seem to get the SSRF to work i keep getting an annoying "Invalid signature" error.

Surfacing2325 · 12-14-2024, 02:15 PM

I have the same issue...
Did you manage to make any progress?

wintercaptainsoldier · 12-14-2024, 09:43 PM

there is an open redirect that you can exploit and use your own public key to validate the jwt token

Surfacing2325 · 12-15-2024, 03:40 PM

(12-14-2024, 09:43 PM)wintercaptainsoldier Wrote: there is an open redirect that you can exploit and use your own public key to validate the jwt token

hello, did you complete EncoDecept?
pls any hint

FernandoCaliente · 12-16-2024, 09:51 PM

I had also the same issue...
Did you find a suitable solution please

sabiri · 12-16-2024, 11:40 PM

still no solution? better rename the project

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	360	88,710	03-28-2026, 09:28 AM Last Post: catsweet
	[FREE] HTB-ProLabs APTLABS Just Flags	kewlsunny	23	2,348	03-28-2026, 03:30 AM Last Post: lulaladrow
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	87	7,490	03-27-2026, 07:22 PM Last Post: stn
	HTB Eloquia User and Root Flags - Insane Box	69646B	13	350	03-27-2026, 06:14 PM Last Post: vlxw
	HTB - ALL Challenges you Stuck in	osamy7593	2	646	03-27-2026, 04:24 PM Last Post: catsweet