The web security challenge was vulnerable to race condition. The following was the given website. The following were the user details with IDs and funds. the /dump path has a comment, which reveals the source code. The following part of the code was vulnerable to Race Condition. A race window exists in the if condition. We can send multiple request parallelly, it will bypass the if condition before the deduction of funds....

Enumeration Initially I tried pinging the IP address. It is reachable. ┌──(kali㉿kali)-[~] └─$ ping 10.10.10.3 -c 3 PING 10.10.10.3 (10.10.10.3) 56(84) bytes of data. 64 bytes from 10.10.10.3: icmp_seq=1 ttl=63 time=173 ms 64 bytes from 10.10.10.3: icmp_seq=2 ttl=63 time=189 ms 64 bytes from 10.10.10.3: icmp_seq=3 ttl=63 time=172 ms --- 10.10.10.3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 171.906/178.070/189.264/7.928 ms I run nmap all ports on it for getting to know the open ports....

A pcap file was being given for analysis. The pcap file was being opened in the wireshark. I applied the http filter to filter only http requests. There was a zip file that was retrieved through http protocol. There was nothing interesting in this zip file. I moved on, and i found that many requests were being made to the /f_data/data endpoint. All the requests were giving 403 forbidden response except the last one, which gave 200 OK response....

In the following blog post, I will be recounting my personal experience taking the CEH practical exam, while also providing valuable guidance on how to prepare for this beginner-friendly certification. General Info about the CEH Practical Key value Price 550$ (Without training) Questions 20 Passing score 70% (14/20) Allowed time 6 Hours Proctored? Yes Link to purchase Here Cost Back in November 2022, during the Cyber Monday deal, I purchased the exam voucher for a cost of $150....