Under Construction

$ nikto -h http://188.166.168.204:31525
+ Server: No banner retrieved
+ Retrieved x-powered-by header: Express
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: /auth
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Allowed HTTP Methods: GET, HEAD 
+ OSVDB-3092: /auth/: This might be interesting...
+ 7917 requests: 0 error(s) and 6 item(s) reported on remote host
$ dirb http://188.166.168.204:31525
---- Scanning URL: http://188.166.168.204:31525/ ----
+ http://188.166.168.204:31525/auth (CODE:200|SIZE:2149)                                                                                         
+ http://188.166.168.204:31525/logout (CODE:302|SIZE:27) 
$ whatweb http://188.166.168.204:31525
http://188.166.168.204:31525 [302 Found] Country[RUSSIAN FEDERATION][RU], IP[188.166.168.204], RedirectLocation[/auth], X-Powered-By[Express]
http://188.166.168.204:31525/auth [200 OK] Bootstrap[4.4.1], Country[RUSSIAN FEDERATION][RU], HTML5, IP[188.166.168.204], JQuery, PasswordField[password], Script, Title[Under Construction - Login], X-Powered-By[Express]
$ wapiti -u http://188.166.168.204:31525
[*] Launching module http_headers
Checking X-Frame-Options :
X-Frame-Options is not set
Checking X-XSS-Protection :
X-XSS-Protection is not set
Checking X-Content-Type-Options :
X-Content-Type-Options is not set
Checking Strict-Transport-Security :
Strict-Transport-Security is not set
/home/kali/.wapiti/generated_report
JSON Web Token (JWT) Authentication Bypass
https://snyk.io/test/npm/jsonwebtoken/4.0.0#npm:jsonwebtoken:20150331
CVE-2015-9235 JWT HS/RSA key confusion vulnerability
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9235
http://jwt.io
$ ~/jwt_tool/jwt_tool.py eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImNwdCIsInBrIjoiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBOTVvVG05RE56Y0hyOGdMaGpaYVlcbmt0c2JqMUt4eFVPb3p3MHRyUDkzQmdJcFh2NldpcFFSQjVscW9mUGxVNkZCOTlKYzVRWjA0NTl0NzNnZ1ZEUWlcblh1Q01JMmhvVWZKMVZtak5lV0NyU3JEVWhva0lGWkV1Q3VtZWh3d3RVTnVFdjBlekM1NFpUZEVDNVlTVEFPemdcbmpJV2Fsc0hqL2dhNVpFRHgzRXh0ME1oNUFFd2JBRDczK3FYUy91Q3ZoZmFqZ3B6SEdkOU9nTlFVNjBMTWYybUhcbitGeW5Oc2pOTndvNW5SZTd0UjEyV2IyWU9DeHcydmRhbU8xbjFrZi9TTXlwU0tLdk9najV5MExHaVUzamVYTXhcblY4V1MrWWlZQ1U1T0JBbVRjejJ3Mmt6QmhaRmxINlJLNG1xdWV4SkhyYTIzSUd2NVVKNUdWUEVYcGRDcUszVHJcbjB3SURBUUFCXG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIsImlhdCI6MTYyMDYwNDcxOH0.oAQkFClEsy3IKX_Jvm6AvJL9d59neLwcNxtpmpqq9OBAEyVtWDBZi4cGIejFakmwuwgyytd2Ow7ikqv9vhFyNhnRGBFttI8Ca-lXi158feJTv4C-hKrQahZwz87uF8-2PCZ7uSAQYOcONKRpljl3w4YNb352Nzs4_eLnWNH9VM5_npgtnVhwltN6Ko4DFq1ZFcQ97tRoZ7Tlx1J3qqAGY3PouTDqnAKHpeGPkwek7K2eX-HWuhtu2mS7jLTTvQN0i7nuHNrTlROmzE8FDkbEGwW8OotHK9htnOeqxpYHXeUhe4MiZDK-GFn7aBZncJh1TeWvIEH3Mpbo4V1x_Nt-4g
Decoded Token Values:                                                                                                       
Token header values:                                                                                                        
[+] alg = "RS256"
[+] typ = "JWT"

Token payload values:                                                                                                       
[+] username = "cpt"
[+] pk = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95oTm9DNzcHr8gLhjZaY                                                            
ktsbj1KxxUOozw0trP93BgIpXv6WipQRB5lqofPlU6FB99Jc5QZ0459t73ggVDQi                                                            
XuCMI2hoUfJ1VmjNeWCrSrDUhokIFZEuCumehwwtUNuEv0ezC54ZTdEC5YSTAOzg                                                            
jIWalsHj/ga5ZEDx3Ext0Mh5AEwbAD73+qXS/uCvhfajgpzHGd9OgNQU60LMf2mH                                                            
+FynNsjNNwo5nRe7tR12Wb2YOCxw2vdamO1n1kf/SMypSKKvOgj5y0LGiU3jeXMx                                                            
V8WS+YiYCU5OBAmTcz2w2kzBhZFlH6RK4mquexJHra23IGv5UJ5GVPEXpdCqK3Tr                                                            
0wIDAQAB                                                                                                                    
-----END PUBLIC KEY-----                                                                                                    
"                                                                                                                           
[+] iat = 1620604718    ==> TIMESTAMP = 2021-05-09 19:58:38 (UTC)

----------------------                                                                                                      
JWT common timestamps:                                                                                                      
iat = IssuedAt                                                                                                              
exp = Expires                                                                                                               
nbf = NotBefore                                                                                                             
----------------------    






Navigation