Day 12: If I can’t steal their money, I’ll steal their joy!

Note:

Hey! Before you go through this writeup try the task first by your self and if you get stuck come back and checkout the writeup.

HTTP/2 Overview

HTTP/2 is a modern version of the HTTP protocol, designed to improve web performance by reducing latency and enhancing server efficiency. Unlike HTTP/1.1, HTTP/2 uses multiplexing, allowing multiple requests and responses to be sent over a single connection simultaneously. This eliminates the need for multiple TCP connections and reduces overhead. Additionally, HTTP/2 introduces header compression, prioritisation, and binary framing, making data transfer faster and more efficient while maintaining backward compatibility with HTTP/1.1.

TOCTOU (Time-of-Check to Time-of-Use)

TOCTOU is a type of race condition vulnerability that occurs when a system checks a condition (e.g., access permissions) and later uses the result without ensuring the condition remains unchanged. In the interim, an attacker may manipulate the state to exploit the gap between the check and the use. For example, a file permission check might confirm access, but before the file is accessed, the attacker could replace it with malicious content. Mitigating TOCTOU requires atomic operations or locks to ensure consistency between the check and use phases.

Q: What is the flag value after transferring over $2000 from Glitch's account?

A: Open BurpSuite and you can use the default project settings.

Head over to the Proxy -> Intercept tab and click on Open Browser In the browser window head over to the Wareville bank site.

Login with account 101 and password glitch

Initiate a transfer of $500 to account 111

Head back to BurpSuite and under HTTP history check for a POST request sent to the /transfer URL.

Right click on it and click Send to Repeater

Head to the Repeater tab and press Ctrl+R to duplicate the tab. Do this about 10 times.

Next to the tabs there is a + button click on that and click Create tab group

Give this tab group a name and select all tabs listed and click on Create

Next to the Send button there is a drop down arrow click on it and select Send group in parallel (last-byte sync)

Once this has been selected the Send button should change to Send group (parallel) click on this button.

Head back to the browser window and refresh the page.

Q: If you enjoyed this task, feel free to check out the Race Conditions room!

A: No answer needed!

Q: Where balances shift and numbers soar, look for an entry - an open door!

A: No answer needed!