You$$ve been informed that the system has a weak key vulnerability that can be decrypted using a brute$-$force attack. The weak key corresponds to the employee ID of one of the developers who developed the code, assuming that no one could guess the employee ID$.$

A friendly employee in the company has leaked the pattern for the employee ID number, which would consist of numeric digits and could be up to seven digits. Pass this weak key on to the flag$6$ API and you should get the flag.

To earn your flag you must perform the following actions.

Invoke the flag$9$token API to get the vulnerable token with a weak key. The token is provided below.

Once you have the jwt token, carefully analyze the token header and the contents and note it down.

Explore various possibilities to hack into the JWT token. Various open source tools can be used to decrypt a weak key. You are free to explore any of these tools or write your code to decrypt the token. John Ripper is the best tool for this one.

eyJ$0$eXAiOiJKV$1$QiLCJhbGciOiJIUzI$1$NiJ$9.$eyJleHAiOjQyMTY$2$MzIwMDAsImlhdCI$6$MTczMzMzODM$5$NX$0.$hIW$7$o$9$HewRDV$5$wKcDDykjm$2$raW$-$G$6$PwMKAqGGb$39$C$4$