Loading page
Review the challenge brief, files, and requirements.
The server uses JWT for authentication but has a critical flaw in algorithm verification. You have a valid guest token:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiZ3Vlc3QiLCJhZG1pbiI6ZmFsc2V9.signature
Write Python code that forges a JWT to gain admin access by exploiting the algorithm validation.
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds