JSON Web Token Hacking

Рет қаралды 79,037

2 жыл бұрын

// Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

Пікірлер: 152

@LoiLiangYang 2 жыл бұрын

Do you prefer Tom or Jerry?

@waterandafter 2 жыл бұрын

Full disclosure: I know little to nothing about hacking. Using these hacks on sites (also your other video on JSON), wouldn't they be able to find you once you try to send a product bought on a site and send it to yourself? Hopefully you aren't sending it to your house.

@aksn1515 2 жыл бұрын

Hi 'Loi Liang Yang' Please You Can Do a Help For Me Please Please

@anormalguy2529 2 жыл бұрын

Hi hacker loi sir,kindly make a video on kon boot please

@DurgaPrasad-we1yn 2 жыл бұрын

Tom

@devesh1721 2 жыл бұрын

I prefer myself 🤔

@redmatrice4709 Жыл бұрын

Correct me if i'm wrong! but the main reason for using the JWT is to verify the user without the need to connect a database and compare the values? and also changing the values of the payload misses completely the signature , which already encrypted with secret key and should be rejected in the first place, if someone uses the JWT without verifying it somehow in their website he shouldn't use JWT at all, it's like giving access to everyone and trusting blindly every user!! Steps as far as i know : 1 - get the JWT 2 - verify the signature by decrypting it using the secret key (the most important), exp ... 3 - proceed to the next step (perform any action you need) if 1 fails, reject everything if 1 doesn't fail and 2 fails reject everything if 1 and 2 doesn't fail now you can go to the step three and perform the action

@COLMANRYAN62 8 ай бұрын

Brother, I love all your videos. They are concise, quick, no bullshit, no music and you could not have done a better job.

@JanRautiainen 2 жыл бұрын

Interesting technique, another scenario to add to my vuln checking, thanks for sharing

@dmitriylevy7865 2 жыл бұрын

how did key-id with sql query from some table that gives you no useful information, give you the authorization to delete user? server side key id targets nothing and server does not throw an error so then it authenticates you?

@zzsql Жыл бұрын

Good brief, Loi. Thanks. I touch on this subject for the PenTest+ class I teach. Useful content here.

@VineetYadav 2 жыл бұрын

While this is good one, it very much depends on dal layer which is by default prevented by dal fw. Also someone using jwt must be using some sort of lib, and not.directly doing jwt implementation. So might not be taht much practical in real world.... Not sure if there is some one that idiot in real world.who queries SQL directly.

@hackerxploit7 2 жыл бұрын

U always have good vids! 👏 Keep going!

@md.riyasathossain590 2 жыл бұрын

Sir Loi, it was a great hacking tutorial! But now the thing is, how can "we" secure our JWT tokens and the websites using JWT?

@FabulousFitsFantasy 2 жыл бұрын

is it mean you have to know the server containing the key first?

@Peterb200295 2 жыл бұрын

I've also done this once in a CTF by setting the algorithm to none :D

@macbook6507 2 жыл бұрын

Thank you Teacher Loi liang for the educative tutorials 🤝🏾.

@Sonictag24940 2 жыл бұрын

Hey how did you learn to hack , like any courses or like college ?

@jjones3705 2 жыл бұрын

Really good and informative vid!

@johnwayne8059 2 жыл бұрын

Yeah man, thanks for your vids!

@MuhammadAli-zg2nw 2 жыл бұрын

every website encrypt token different with different algorithms. I tried that website and it didnt tell me token information.

@Abasalt_Yar 2 жыл бұрын

Hello, Thanks for the video. How can we prevent this ?

@abura1han 6 ай бұрын

Is it possible to hack if MongoDB is being used?

@rainfallen1064 2 жыл бұрын

I'm a bit confused. I thought the whole purpose of the JWT being secure is that the token CAN'T be manipulated (without knowing the private key). When the KID property, EXP property, etc. was changed, I would assume the the server will immediately reject it because the signature would no longer match. Or is the JWT token being used differently in this example?

@aquaman8870 2 жыл бұрын

yea this wont happen why would you ever run or check something against the database if the Token isn't even verified. The first step is to always check the token signature and if that's invalid you just return. Why would you trust a token that isn't even verified?

@Unhacker 2 жыл бұрын

The signature check just never happened, it swallowed the SQL injection while looking up the key id, before it even got to verifying it. However, I'm skeptical that this reflects the order of those operations in real-world implementations, as others have noted.

@flymoracer 9 ай бұрын

The point is that in order to check the signature is valid, you must handle and process the supplied header and payload. If that processing code isn’t written securely, you leave open the risk of an injection attack.

@rainfallen1064 8 ай бұрын

@@flymoracer because the ones listening to him are beginners and don’t know actual details?

@flymoracer 8 ай бұрын

@@rainfallen1064 not sure I understand you’re point here. The difference is subtle, but the important thing to realise is that there’s nothing to prevent a JWT being changed, the security comes from being able to detect that it’s changed.

@vishal4338 2 жыл бұрын

from a developers perspective highly unlikely to happen that someone will query a set of keys to just verify a token usually, the public keys are stored in some form of cache for a lower response time, and the "unsafe headers" are not usually passed down directly to any query. if the key is not found in the cache the authentication fails

@SirAppSec Жыл бұрын

From an Application security Enginer pespective. It happens a lot in the wild, devs make mistakes, even when they are not aware. I saw tokens being only decoded(not verified at all), I saw exploits that occure when the Algorithm changes, heck I even saw sqlinjection from a jwt key(the actual key, not the value). You don't always have to actually reach full authentication to exploit a web server.

@moazsayed7246 9 ай бұрын

me who was just thinking to save the secure key of the tokens in the database :🙄🙄🙄

@benjaminargueta3777 2 жыл бұрын

How would you protect against this attack?

@sto2779 Жыл бұрын

1:18 - "We're trying to remove the cats account"... That sounds so wrong lmao

@teeyaar 2 жыл бұрын

Ur awesome, thank you for sharing😊😊

@audiosmarts675 2 жыл бұрын

Thanks for the informative video!

@lakshaynz Жыл бұрын

how did you know which table you needed to insert into ?

@ousseynoungom9937 6 ай бұрын

Good question !!!

@codasnotif4815 Жыл бұрын

Did you really read those books thoroughly ?

@littleguardian421 2 жыл бұрын

Sir, How do i watch member only content?

@hocinemhz8610 2 жыл бұрын

1 comment ur good men ❤️

@Uneke 2 жыл бұрын

How did you know the location? Usually I’ve had to run sql multiple times to escalate ad find location names.

@SirAppSec Жыл бұрын

He's familiar with the database scheme/ structure via writeup or earlier challenges. What you can do is route the request via sqlmap with a tamper script that would decode the token, change a parameter to the sqlmap payload, and sign the payload token to the website. that way you can use sqlmap and fuzz the server. try it with every parameter. and you'd cover a lot of potential entry points.

@Uneke Жыл бұрын

@@SirAppSec I’m not familiar with fuzzing, but I have some man pages I can read on my kali distro. If I can get a grasp, I’ll give it a shot. Thanks for the advice. Seems like it would make things easier

@ramlal-kq1qr 2 жыл бұрын

Make a video in sql injection

@anooppk2341 2 жыл бұрын

But the jwt tokens are created using a secret key in server . So if we change the payload then the server will not verify the token. Because the secret will be changed..So will this method work?

@lighty262 2 жыл бұрын

He forgot to mention that the jwt token from his example are unsigned. I'm not sure why is he not mentioning this important part with jwt.

@henryofozor1602 2 жыл бұрын

@@lighty262 not a serious hack just for video sake

@k1dprogaming108 2 жыл бұрын

I run linux but i can’t use anything because it’s telling me to remove Kali-menu when i try i get an error can anyone help me please?? 🙏🏻🙏🏻

@ayoubomari1347 2 жыл бұрын

So How can we use JWT safely?

@baadrqaaba9529 2 жыл бұрын

So how can i protect my jwt from being hacked ?

@anormalguy2529 2 жыл бұрын

Hi hacker loi sir,kindly make a video on kon boot please

@il90 Жыл бұрын

I didn't understand how you knew the key?

@rehmankhan6081 2 жыл бұрын

What if pub or pvt key in place..? 😒

@atlonrg 2 жыл бұрын

Woooww Loi Liang Please, please friend activate the subtitles (es) to be able to follow you more clearly.

@bocabersuit 2 жыл бұрын

@user-wi3id2si8g 2 жыл бұрын

yah, no properly encrypted tokens and no csrf... what could go wrong?

@tunisiaFANS 2 жыл бұрын

same question I don't know jwt too much But are'nt they supposed to be encrypted based on some algorithms and secret key's 🤔🤔 Can someone explain to a noob please how this is possible...

@tunisiaFANS 2 жыл бұрын

And what is the purpose of jwt anyway If anyone could miss around with it 😓🤔🤔

@mohammedalthamy367 2 жыл бұрын

HI can anyone know how to watch video protected with pass word video master app

@iqbalaramyco5759 2 жыл бұрын

How to creat apk like open slot?

@Kirito-yk3sp 2 жыл бұрын

Sir pls can you tell me how to join your telegram

@alkasahani9636 2 жыл бұрын

Is adguard DNS safe

@CreatorLoos 2 жыл бұрын

Where telegram group for basic hacking step by step thanks you so much🤔

@prodbydramatic 2 жыл бұрын

lol

@CreatorLoos 2 жыл бұрын

@@prodbydramatic 😆😆😆😆😆

@theanonymous9110 2 жыл бұрын

Love all your videos dude... instead of hijacking an account I used it to turn my accounts into paid sub....

@neverreality5150 2 жыл бұрын

Bro create video your roadmap in hacking

@Jeridi Жыл бұрын

Yehe , Exact , so how i can safe this in my web ?

@mohan___0704___ 7 ай бұрын

Bro ...Any Other Possible to find signature (Key)...Explain Bro

@swonghobby 2 жыл бұрын

Hi, here's a quick question if I may. New Formatted Win 10 system, install a few applications, suddenly I seen the mouse move and one of the desktop icon has been duplicated. I quickly shut down my machine, and rebooted it. Is that a way to try to steal the login id and access to an account? Should I reformat the computer again? thank you

@vinayaklakhotiya2964 2 жыл бұрын

How to hack RS256 Json web token? Can u please make a video on that

@nextpage5707 2 жыл бұрын

That's why I add en encryption layer. To make it "harder"

@loveUbleach4ever 2 жыл бұрын

Bro you scared me to death, my entire career is messed up because i use jwt token auth for users all the time

@snowieow7842 2 жыл бұрын

Loi, I swear you're stalking me. I've just been doing labs all weekend on JWT and it was exploding my brain. Now you come along and make videos about this topic? Don't know if a coincidence or if you've hacked me

@massiveblackwood Жыл бұрын

Are you able to hack now?

@b391i 2 жыл бұрын

Keep Going 😇👌

@chevlonmacguinstudios 2 жыл бұрын

Not all accounts have a delete button, they do have a encrypted password, or Gmail handles the password handling

@liamsoccerpro3040 2 жыл бұрын

Love your videos

@leighton138 2 жыл бұрын

i want my playstation account back i have nto been able to log in in years and stupid sony wont give me it back sense i dont got a 4 year old payment option i have no access to even thought ihave proof on bank statements and i have no access to a old email it might be on that or my account for sony got hacked .

@jasonc6241992 3 ай бұрын

Holy crap.. my app depends entirely on the claims in the jwt :')

@junaidanser7182 2 жыл бұрын

Hello, How can I join your KZbin channel from Pakistan? Warm Regards.

@SonidoScoobyDoo 5 ай бұрын

there's tons of videos about this, but none about PREVENTION

@shortkalam 2 жыл бұрын

Tnx what u did. Pls can u upload video how to hack wifi pass with termux app??

@aminemunire3605 Жыл бұрын

Termux ضعيف و تحتاج الى بطاقة ويفي تسمح بالحقن تربطها مع مخرج usbو تطبق نفس الخطوات في كالي aircrack n-g moon-Wlan0 من الافضل استعمل كالي لأن الهاتف سيسخن بسرعة و البطارية تنفد و الهاتف يضيع

@natzen770 8 ай бұрын

you can help me for hack token?

@blendersovann5123 2 жыл бұрын

Sir can you me how to hack random android password ?

@sto2779 Жыл бұрын

How do you prevent this type of hack?

@dotnet9830 Жыл бұрын

I assume using a verify signature.

@sto2779 Жыл бұрын

@@dotnet9830 yes, however after doing research. JSON is not a good tokenization protocol. Example: The token does not expire instantly, hence when you log out, you really don’t log out. The server has no clue about the factual state of the token. Therefore JSON token is not safe. Security protocol is non-binary it is either safe or not safe, not both or in between. Good security is my preferred implementation, therefore using Redis cookies/tokenization is much faster and safer. However setting up Redis is much more tricky.

@melvinpatomendoza 2 жыл бұрын

Yes.

@jissjose1382 2 жыл бұрын

Now that's i call real hacking

@HamidHamid-ds9uy 2 жыл бұрын

Keep up bro

@itsmeagain0 2 жыл бұрын

Can you do a tutorial about what involves in a online game hacking?

@vilius1532 2 жыл бұрын

Can you play a game Grey Hack

@christiancurtcruz3979 2 жыл бұрын

Is hacking a sin?

@dangerouslystupid2912 2 жыл бұрын

You can use your power for good or you can use your power for bad. The choice is yours but don't forget consequences are real.

@bilalsuleman7741 2 жыл бұрын

I think all technique on youtube block soon

@TruthSeekerClub 2 жыл бұрын

You making it looks like a toy.

@mohammedalimedo5632 2 ай бұрын

There is no translation available into Arabic

@richietech2398 2 жыл бұрын

Can you provide a video on how to install Kali Linux on PC 64bit

@SonaliSingh-ri6jq 4 ай бұрын

Amazing

@alucardtech2136 Жыл бұрын

Everything on KZbin about hacking is already exploited and patched

@aksn1515 2 жыл бұрын

Hi 'Loi Liang Yang' Please You Can Do a Help For Me Please Please

@sumitchahal3972 2 жыл бұрын

Super cool

@RATUSUKUNA 2 жыл бұрын

How to shutdown other peoples computer?

@bahahamdi503 2 жыл бұрын

start with reading your name

@mr.smartech 2 жыл бұрын

@@bahahamdi503 🤣

@RATUSUKUNA 2 жыл бұрын

@@bahahamdi503 lmao i had no other name

@RATUSUKUNA 2 жыл бұрын

@@bahahamdi503 baha ha hahahahha

@PASTRAMIKick 2 жыл бұрын

go to their home/office and click shutdown

@nabeelgulzar269 2 жыл бұрын

❤️

@deadwarrior4981 2 жыл бұрын

sir do video on mitmf installing in new kali release 2021 we are getting many errors while installing pls do a video of installing mitmf without getting any errors pls pls pls sir