Tags: web 

Rating: 5.0

Toke is a web challenge worth 45points

Url: http://toke.vuln.icec.tf/
Hint: I have a feeling they were pretty high when they made this website...

Starting with registring an account with random credentials. While intercepting the get request to /dashboard we see a jwt token
The jwt token has the format xxxxxxx.xxxxxxxxxxxxxxxx.xxxxxxxxxxxxxx where the parts between the dots are base64encoded.
64decode the middle part of the token and it returns the flag.

{"flag":"IceCTF{jW7_t0K3ns_4Re_nO_p14CE_fOR_53CrE7S}","user":"aa"}

Jwt info : https://jwt.io/introduction/
Base64 info : https://en.wikipedia.org/wiki/Base64

Original writeup (https://github.com/Idomin/CTF-Writeups/blob/master/IceCTF/Toke-Web-45).