>/Ctf_tasks/API_lvl_5 $

Category: Web

Difficulty: Medium

You got me. Backward compatibility made me forget to disable the 'none' algorithm signature, but it won’t work this time, hah! You might break the encryption if you're a real hacker.

Requirements:
* Tool: curl or Postman
* Tool: hashcat or similar

curl -X GET "https://barry-dev.xyz/api/v5/flag" -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoidXNlciJ9.uVTyqxAAK1yRyWVOMFSLdsVEULr1tCGzhBTgou-l3K4" -H "API_KEY: your-api-key"

Note: You can find and copy your API key from your profile.