Nahamcon 2020 - Flag Jokes

Isopach · June 14, 2020

I only solved a few challenges this CTF as I didn’t have time to play, and this was the most interesting non-guessy one.

Flag Jokes

Category: Web | 76 solves | 200 points

Want to hear a joke? Want the flag? How about both? Why don’t YOU tell me a joke!

Note, it is recommended to clear your cookies for this challenge as some may have the same names used in other challenges.

Connect here:

We see a login form so we try logging in as admin. Sadly it was blocked, so let’s login as test123 instead.

Apparently the flag is supposed to show up here, but we don’t see it because we are not admin.

Analysing the JWT:


We can see that the jku value points to /static/jwks.json, so we try accessing it on

As I wasn’t sure what JWKS was, I went to read this article by auth0 and it helped me.

Moving on, we try to change the payload username to admin, using a self-signed RSA key and hosting the jwks on my server.

Final JWT:


And the file on my server:

  "keys": [
        "e": "AQAB",
        "kid": "sqcE1a9gj9p08zNMR1MWbLLvuaPyUeJEsClBhy7Q4Jc",
        "kty": "RSA",

And we got the flag!


FLAG flag{whoops_typo_shoulda_been_flag_jwks}

I was stuck prior to the final step initially because I missed the format of JWKS - my generated file was only JWK and not a set like on the server.

Anyway it was a good learning experience!

Twitter, Facebook