Skip to content

Elf Hunt⚓︎

Difficulty:
Direct link: Objective Terminal

Objective⚓︎

Request

Piney Sappington needs a lesson in JSON web tokens. Hack Elf Hunt and score 75 points.

Piney Sappington

Hey there, friend! Piney Sappington here. You look like someone who's good with puzzles and games.
I could really use your help with this Elf Hunt game I'm stuck on.
I think it has something to do with manipulating JWTs, but I'm a bit lost.
If you help me out, I might share some juicy secrets I've discovered.
Let's just say things around here haven't been exactly... normal.
So, what do ya say? Are you in?
Oh, brilliant! I just know we'll crack this game together.
I can't wait to see what we uncover, and remember, mum's the word!.

Hints⚓︎

JWT Secrets Revealed

Unlock the mysteries of JWTs with insights from PortSwigger's JWT Guide.
https://portswigger.net/web-security/jwt

Solution⚓︎

After inspecting web application we have found cookie is JWT Token decodable with CyberChef using JWT Decode.

eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzcGVlZCI6LTUwMH0.

Also decoding using Base64 we got initial info:
{"alg":"none","typ":"JWT"}>{"speed":-500}>

decoded using JWT Decoder:
{
    "speed": -500
}

Then encoded JWT Token into new hash with speed -100

eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzcGVlZCI6LTEwMCwiaWF0IjoxNzAzOTQxNDg2fQ.

Terminal output

And after scroing 75 points we won game!

Game Over

There was also captains journal which will be helpfull in Captain's comms challange.

Journal

Answer

Score 75 points in terminal game

Response⚓︎

Piney Sappington

Well done! You've brilliantly won Elf Hunt! I couldn't be more thrilled. Keep up the fine work, my friend!
What have you found there? The Captain's Journal? Yeah, he comes around a lot. You can find his comms office over at Brass Buoy Port on Steampunk Island.