← All Challenges
Challenge 26 of 66

Secret Cracker

🟡 Medium Auth +75 XP

A JWT token is signed with a weak secret. Crack it using a wordlist, then forge a token with admin privileges.

Secret Cracker // sandbox
Use jwt_tool or hashcat mode 16500 to crack the HMAC secret from the token.

🏆 Challenge Complete!

+75 XP earned
Next Challenge →