Race Conditions - Toy to The World | Advent of Cyber 2025 - Day 20

This guide contains the answer and steps necessary to get to them for the Race Conditions - Toy to The World room.

Race Condition

Race Condition

What is the flag value once the stocks are negative for SleighToy Limited Edition?

Make sure to open Burpsuite, enable Foxy proxy's burp toggle, and turn of intercept in Burpsuite. Then log into the web portal using the given credentials. On this dashboard we select the toy, add it to our cart, click to checkout. Confirm the order and go to the orders screen.

We can see one items has been deducted and the new stock is 9. Now that we have created a legitimate purchase, head over to burpsuite and look for the POST request in the HTTP history list under the Proxy tab. Send this request over to Burpsuite Repeater.

Now we create the tab group as instructed and duplicate the original request about 15 times. Once that is done, select the 'send in parallel' method and click send.

After sending the requests, we can see that the stock is not in the negative.

Click for answer
THM{WINNER_OF_R@CE007}
Repeat the same steps as were done for ordering the SleighToy Limited Edition. What is the flag value once the stocks are negative for Bunny Plush (Blue)?

Lets create another legitimate order, this time for the Bunny toy.

Look this request up again the the HTTP history list. Add it to Repeater. Now create anoth tab group and duplicate the original request 4 more times. Set the mode to parallel and send the requests.

If we look at the orders, we can see that the stock for the bunny toy is also negative!

Click for answer
THM{WINNER_OF_Bunny_R@ce}
Feel free to check out the Race Conditions room if you enjoyed this task.

Race Conditions - Toy to The World Banner

Race Conditions - Toy to The World Logo

Race Conditions - Toy to The World | Advent of Cyber 2025 - Day 20

This guide contains the answer and steps necessary to get to them for the Race Conditions - Toy to The World room.

Race Condition

Race Condition

What is the flag value once the stocks are negative for SleighToy Limited Edition?

Make sure to open Burpsuite, enable Foxy proxy's burp toggle, and turn of intercept in Burpsuite. Then log into the web portal using the given credentials. On this dashboard we select the toy, add it to our cart, click to checkout. Confirm the order and go to the orders screen.

We can see one items has been deducted and the new stock is 9. Now that we have created a legitimate purchase, head over to burpsuite and look for the POST request in the HTTP history list under the Proxy tab. Send this request over to Burpsuite Repeater.

Now we create the tab group as instructed and duplicate the original request about 15 times. Once that is done, select the 'send in parallel' method and click send.

After sending the requests, we can see that the stock is not in the negative.

Click for answer
THM{WINNER_OF_R@CE007}
Repeat the same steps as were done for ordering the SleighToy Limited Edition. What is the flag value once the stocks are negative for Bunny Plush (Blue)?

Lets create another legitimate order, this time for the Bunny toy.

Look this request up again the the HTTP history list. Add it to Repeater. Now create anoth tab group and duplicate the original request 4 more times. Set the mode to parallel and send the requests.

If we look at the orders, we can see that the stock for the bunny toy is also negative!

Click for answer
THM{WINNER_OF_Bunny_R@ce}
Feel free to check out the Race Conditions room if you enjoyed this task.

Race Conditions - Toy to The World | Advent of Cyber 2025 - Day 20

Race Conditions - Toy to The World | Advent of Cyber 2025 - Day 20

Table of contents

Race Condition

Race Conditions - Toy to The World | Advent of Cyber 2025 - Day 20

Race Conditions - Toy to The World | Advent of Cyber 2025 - Day 20

Table of contents

Race Condition