== JWT cracking

With the HMAC with SHA-2 Functions you use a secret key to sign and verify the token. Once we figure out this key
we can create a new token and sign it. So it is very important the key is strong enough so a brute force or
dictionary attack is not feasible. Once you have a token you can start an offline brute force or dictionary attack.

=== Assignment

Given we have the following token try to find out secret key and submit a new key with the username changed to WebGoat.
