About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Breaking the Competition (Bug Bounty Write-up)- 160

George OPosted 6 Years Ago
  • This was a bug bounty program on a CTF platform. Some interesting bugs were discovered!
  • The bug that I really enjoyed the Race Condition in Flag Submission. By sending the a flag multiple times (in the multithreaded application) there was no lock put onto this per user. So, a single flag could be sent 10+ times to get all of the points.
  • This was exploited using a tool known as Race the Web. This tool just makes a ton of requests at the same time to test the race condition.
  • There is also a race condition in the amount of players that can join a team too.
  • When should we look for these types of bugs? To me, when a non-reversible action takes place or an action verifies to see if the action has been performed previously (time of check versus time of use).

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed