# Tanuki

Level: Easy\
Points: 10\
Type: Daily Challenge

Lab Interface

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2F73L05lLJjo2SQGAKDn0f%2Fimage.png?alt=media&#x26;token=6f208096-7abb-41f5-8104-663d481ef65e" alt=""><figcaption></figcaption></figure>

there is nothing intresting feature to check.

So, I moved onto check JWT

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2F3SmbEA4W31oKCY0MCkFU%2Fimage.png?alt=media&#x26;token=6b506653-7dae-425c-a91f-cb62b4796867" alt=""><figcaption></figcaption></figure>

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FeOF8KXXIke4eMSciCp66%2Fimage.png?alt=media&#x26;token=3bd639b3-0757-4d49-9ec0-d0026fc418cb" alt=""><figcaption></figcaption></figure>

Edit username field in JWT Payload<br>

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2F8DmRDGcvLHzFMrhRegEw%2Fimage.png?alt=media&#x26;token=b6f6ae5b-69af-4408-9579-834835c6ae3c" alt=""><figcaption></figcaption></figure>

Simply changing the values on JWT Payload doesnot work, I tried `none sign algortithm` and it worked

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FZ8CUaKRw9LCyr8O4pSKr%2Fimage.png?alt=media&#x26;token=9d49fe62-6008-4496-84e8-3d9ad575d564" alt=""><figcaption></figcaption></figure>

Next, I changed the id, and username also

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2F8Gvvlx008G2DuAfwQOaE%2Fimage.png?alt=media&#x26;token=0cd05625-fc58-4c1f-8141-3141ac075a45" alt=""><figcaption></figcaption></figure>

Now use this new JWT and we will have access to admin panel

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2FppwWyxUHmRBzksllfWzB%2Fimage.png?alt=media&#x26;token=c14084b4-e705-4e20-979d-6043b92198bd" alt=""><figcaption></figcaption></figure>

<figure><img src="https://559802299-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8C3FiojCIEtxH7nox2Do%2Fuploads%2Fsb2qRljmF0sv1RqlKRn3%2Fimage.png?alt=media&#x26;token=cb496eb1-6c06-4f9f-ab43-dadb16b68393" alt=""><figcaption></figcaption></figure>