Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Crack JWT (HMAC) with HashCat/JohnTheRipper on MacOS
Target:
{
"alg": "HS256",
"typ": "JWT"
}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
$ echo -n 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.hWgU00w-Sq8jKHr7MD5DSUCMznj5GtHVARKNFgljc9A' > /tmp/jwt.hash
1. HashCat (v.4.1.0)
$ brew install hashcat
$ hashcat -h |grep JWT
16500 | JWT (JSON Web Token) | Network Protocols
$ hashcat -m 16500 /tmp/jwt.hash /path/to/wordlist.txt
...
eyJhbGciOiJ....GtHVARKNFgljc9A:p@ssw0rd
Session..........: hashcat
Status...........: Cracked
Hash.Type........: JWT (JSON Web Token)
...
2. john
; default john on Kali and MacOS's brew do not support JWT Cracking.
$ brew install gcc openssl
$ brew upgrade gcc
$ brew upgrade openssl
$ git clone https://github.com/Sjord/jwtcrack
$ cd jwtcrack/jwtcrack
$ python jwt2john.py eyJhbGciOiJI...c9A > /tmp/jwt.john
$ git clone https://github.com/magnumripper/JohnTheRipper
$ cd JohnTheRipper/src
$ ./configure CPPFLAGS="-I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" --disable-pkg-config
$ make clean && make
$ make install
$ ../run/john /tmp/jwt.john --wordlist /path/to/wordlist.txt
3. don't use jwtcrack.py, it's suck.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.