IsmailTP/Trial-of-the-Pharaoh-OTP-Gate-CTF

# Trial of the Pharaoh's OTP Gate An Egyptian-themed web security challenge focused on race condition vulnerabilities and OTP authentication bypass techniques. ## Challenge Information * **Category:** Web Security / Authentication Security * **Difficulty:** Medium * **Author:** Ismail TP ## Description Trial of the Pharaoh's OTP Gate is a Capture The Flag (CTF) challenge where players must bypass a highly protected Egyptian authentication gateway guarded by a One-Time Password (OTP) verification system. The application appears secure with randomized OTP generation and brute-force protections. However, hidden flaws in the backend verification workflow allow attackers to exploit asynchronous request handling and bypass authentication entirely. The challenge is designed to teach players how race conditions can impact authentication systems and how shared state vulnerabilities can lead to critical security failures. ## Features * Egyptian-themed authentication system * OTP verification workflow * Asynchronous backend logic * Race condition exploitation * Session-based authentication * Parallel request attack scenario * Real-world inspired backend vulnerability ## Concepts Covered * Race condition vulnerabilities * OTP authentication bypass * Concurrent request exploitation * Shared state vulnerabilities * Session handling * Backend async logic flaws * Authentication security testing ## Technologies Used * Node.js * Express.js * HTML/CSS/JavaScript ## Skills Practiced * Authentication testing * Request interception * Parallel request execution * Race condition analysis * Burp Suite / Turbo Intruder workflow * Backend logic analysis ## Setup Instructions ### Clone Repository git clone https://github.com/IsmailTP/pharaohs-otp-gate.git cd pharaohs-otp-gate ### Install Dependencies npm install ### Run the Challenge node app.js ## Screenshots Add challenge screenshots here. Suggested screenshots: * Login interface * OTP verification page * Parallel request attack * Burp Suite / Turbo Intruder * Dashboard access ## Educational Purpose This project was created for ethical cybersecurity education and hands-on security training purposes only. Do not use these techniques against systems without proper authorization.

标签：后端开发