The REST API is running on the target machine and uses JWT based authentication. An important thing to be noted is that JWT does not offer confidentiality. Therefore, anyone in possession of the token can decode its payload and header part.

Objective: Retrieve the flag from the payload part of the JWT token!

User Information:

| Username | elliot | | Password | elliotalderson | | Email | elliot@evilcorp.com |

API Endpoints:

| Endpoint | Description | Method | Parameter(s) | | /auth/local | Authenticates the user and returns JWT authentication token | POST | identifier, password |

Instructions: 

• This lab is dedicated to you! No other users are on this network :)
• Once you start the lab, you will have access to a Kali GUI instance.
• Your Kali instance has an interface with IP address 192.X.Y.2. Run "ifconfig" to know the values of X and Y.
• The REST API should be running on port 1337 on the machine located at the IP address 192.X.Y.3.
• Do not attack the gateway located at IP address 192.X.Y.1

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-1348.pdf