We covered an introduction to blockchain penetration testing by taking on a blockchain challenge from HackTheBox where we were presented with the challenge source code that included a code in solidity language with a couple functions that handle the challenge. We installed foundryup suite of tools to interact with the chain. We used cast tool to interact with the functions, namely loot(), strongattack() and punch() to solve the challenge. This was part of HackTheBox Survival Of The Fittest

Solidity Language
Solidity is a language commonly used in developing blockchain applications.

Interaction With The Chain

To interact with the chain, we will need the below information
Private key
The address of the target contract

Get OSCP Notes


Video Transcript
Now, the description of the challenge is kind of irrelevant.
To solving the challenge and getting the flag. But nevertheless, Always pay attention to details.
So, if we go here and open the web page, we see this is the challenge. I will read survival of the fittest, the title, the description. Are you ready to feed your monitors? And we have two buttons restart and attack.
As you can see. The bar here, gets shifted a bit to the left slightly again.
one more time if you click continuously, as you can see here, So restart assumingly. We will reset the game and attack upon, clicking on the button. It will start attacking. So if you click for one time, The bar.
Continuously is going to the left. But, We keep we need to keep clicking on the attack.
We need this part needs to go all the way to the left until it becomes zero. This represents the life of the monitors here. So if you keep, just keep clicking Right.
so, The bar here represents the life of the monster or the monsters. We need to put this bar or two in order to kill the monster. Eventually you’re going to reach 0.
But we’re gonna do that, we’re supposed to solve the challenge, the methodical, and systematic way.
so, You can go to Docs. And read through the documentation on how to approach this challenge. But I’m Gonna Save the assignment for. I’m Gonna Save Your Time, guys. So connection here.
Say, we need this information. We need the RPC code. How to get this? If you go back to the challenge, You see here slash RPC. RPC endpoint used for interacting with the network. Let’s try to access this URL. Method, not allowed, but to access, but, the RPC orl is this URL. It is the full URL slash RPC.
Okay, that’s for now. So now in now we have all the information needed to interact with the blockchain of the challenge, the private key. We have the address of the Target contract and the RPC URL. Alright, so For both purposes to view or modify the data. And we need to use the cast function to view the data. We use, cast call, but to modify that I need to cast sent.
now, going back to the scenario here, the scenario is to So, let’s go to the code and see if there is some function responsible for storing the energy of the sponsor, you go back.
Going back here to? Yeah, the scenario is to Drain the Monster Energy. So that this bar goes all the way to the left until the energy is zeroed out.
So, see here, we have these functions, strong attack, punch load deal damage, but as you can see, we have life points. So life ones. Represents the energy or the Life Point. Yeah, it’s just life points of the monitor. It is 20. Here. As 20. And then we have another function. so I ordered to beat the monster, we need to send more energy that Strong attack that takes an argument underscore damage and it is the same as the type of the variable. It’s the same as a type of dividable life points. Which means, is more than 20, right? How to do that. As you can see here, the life points is first declared
Underscore damage can be 20 can be less than or can be more than 20. So if you are able to use the strong attack function and specify underscore damage to be more than 20,
You will be able to. Think dilute function. So the root function, as you can see, it doesn’t take any argument.
And it requires in order to call the loot. Okay? It requires that life points. Equal to zero if life points doesn’t equal to zero, it’s not going to execute the loot function means and I’m going to be able to view the data that the root function will return. Is less than 20, we’ll able to call the loot function as supposedly. This will give us the flag.
okay, so obviously Alright, the first thing we need to call again the strong attack function. So to do that, we can have to use the modify. We’re going to modify data here. We’re not viewing data, we’ll just modifying that. So you can have all this formula cast send the other Target.
when we are sure that life points. The function to call. And we Define the RPC call. So this is the private key, we’re going to change that. And we’re gonna need to change the circuit address.
So this is this process in the blockchain is called signing a contract. You need to sign a contract, a transaction story, In order to modify data. So the private key and Target address are very necessary in order to sign a transaction. So this is a transaction in the blockchain.
Retrieve the flag, how to retrieve the flag, by the way. Let’s go back. In the documentation of the challenge, as you can see, Slash flag, after solving, the challenge, accessing the endpoint, Returns the flag and restarts the chain to its initial state. To retrieve the flag again, you must solve the challenge. So assuming we now the life point of the monster equals to zero, so it’s not alive anymore. So if you access the flag now, Note that if you restart a challenge and try to access the flag, it’s not going to work.
So restart. As you can see, conditions, not satisfied. Now,
We have to start over so. We should. Yeah, so that is the flag.
That was it guys. I hope this was I kind and slight introduction to blockchain app. Interesting. And this is these are the notes. These are parts of my channel membership. You can join my channel membership to access these notes. So I finished with this today, and I’m gonna see you in the next.

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles