advent-of-cyber-2025

Room Link:
https://tryhackme.com/room/race-conditions-aoc2025-d7f0g3h6j9

▶️ The Bearded I.T. Dad – Day 20 Video Walkthrough

Official walkthrough for quick onboarding:

🔗 YouTube Link:
https://youtu.be/PGQNlM45mqQ?si=HpVA-V7xlKHHkOqO

🎄 Advent of Cyber 2025 — Day 20 Write-Up

🧩 Race Conditions — Toy to The World

✅ Challenge Answers

🧸 Exploiting the Race Condition

1️⃣ What is the flag once the stock becomes negative for SleighToy Limited Edition?

initial stock ordering process burp setup intruder config race execution stock manipulation

🔐 Credentials

username: attacker
password: attacker@123

login order confirm negative stock flag process flag screen race success final step confirmation flag prompt race done

Once the race condition succeeds the flag is revealed:

flag 1

THM{WINNER_OF_R@CE007}

2️⃣ Repeat the attack for Bunny Plush (Blue). What is the flag once the stock becomes negative?

The same race-condition technique is reused against Bunny Plush (Blue) by rapidly submitting parallel purchase requests.

flag 2

THM{WINNER_OF_Bunny_R@ce}