Advent of Cyber 2022 - Day 8 | AtomicMaya's Blog

~$ Advent of Cyber 2022 - Day 8

Posted on Dec. 8th, 2022.

| Est. reading time: 2 minutes

Author:

Unknown

Category:

Blue Team: CyberChef

Link:

TryHackMe

I initially decided against covering this room, because its relation to cryptocurrency.

Question 1

If not already completed, download the zip folder attached to this task, and open Remix in your preferred browser.

Answer: No answer needed

Question 2

What flag is found after attacking the provided EtherStore Contract?

First we compile both contracts.

Screenshot of Remix compiling a contract.

Then we deploy EtherStore.Sol on an first account.

Which gives us a deployed contract with 0 balance.

Screenshot of the EtherStore contract holding 10 ETH

We then set the value to any number (e.g. 10) and hit "deposit" to "give the contract money" (or whatever).

We then copy the address of the EtherStore contract, switch to another account, and add it as a parameter to the Attack.sol contract we then deploy.

Screenshot of us deploying the Attack contract

Then we set the value to 1, and press "attack" (which steals not 1, but 1 plus the balance in the contract). Oh and the flag!

Screenshot of the updated balance, as well as the flag that was spammed to the console.

Of course... One could have simply copied the JS in EtherStore.sol and done the console.log operation ourselves...

Answer: flag{411_ur_37h_15_m1n3}

Return to the Index

atomicmaya

maya's blog at the end of the universe.

~$ Advent of Cyber 2022 - Day 8

Question 1

Question 2

~$ Find me here

~$ Latest Posts

~$ Tags