Mayank (Hunt2beHunter)

Aug 5, 2020

2 min read

0x0G Google CTF 2020 (Flag Shop)

TASK:- The one stop shop for all your flag needs.

In above challenge we have to get the flag from flag shop

The Flag shop contain a discount code for the new user . The code was valued for $10

But the problem was the flag was valued $20 and we have discount code worth $10 .

I tried to redeem the code 2 times but it shows already used so i decide to use Race condition . The race condition are triggered when users unintentionally (impatient users) or intentionally (malicious actors) are tampering with application functionality timing

So i opened Burpsuite(Proxy Tool) to Capture the request the discount code

After that i send this request to intruder and set payload to null with 500 thread

After that i forward the captured request . Now i was having balance $110

Then i clicked on checkout page and i was able get the Flag

Final Flag:-0G2020{eventual_consistency_pays_the_bills}