The REST API is running on the target machine and uses JWT based authentication. The implementation of JWT is very crucial for the safety of a REST API. One of its crucial parts is the algorithm which is used for signing the tokens. However, the library code handling the JWT signature algorithm was buggy.

Objective: Retrieve the flag stored on the server!

User Information:

| Username | elliot | | Password | elliotalderson | | Email | elliot@evilcorp.com |

API Endpoints:

| Endpoint | Description | Method | Parameter(s) | | /auth/local | Authenticates the user and returns JWT authentication token | POST | identifier, password | | /users | Creates a new user | POST | username, password, email, role, provider | | /admin | Access Strapi Admin Panel | GET | - |

Instructions: 

• This lab is dedicated to you! No other users are on this network :)
• Once you start the lab, you will have access to a Kali GUI instance.
• Your Kali instance has an interface with IP address 192.X.Y.2. Run "ifconfig" to know the values of X and Y.
• The REST API should be running on port 1337 on the machine located at the IP address 192.X.Y.3.
• Do not attack the gateway located at IP address 192.X.Y.1

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-1351.pdf