~$ Advent of Cyber 2022 - Day 8

Posted on Dec. 8th, 2022. | Est. reading time: 2 minutes

Blue Team: CyberChef

I initially decided against covering this room, because its relation to cryptocurrency.

Question 1

If not already completed, download the zip folder attached to this task, and open Remix in your preferred browser.

Screenshot of the Remix IDE

Answer: No answer needed

Question 2

What flag is found after attacking the provided EtherStore Contract?

First we compile both contracts.

Screenshot of Remix compiling a contract.

Then we deploy EtherStore.Sol on an first account.

Screenshot of contract deploymentt

Which gives us a deployed contract with 0 balance.

Screenshot of the EtherStore contract holding 10 ETH

We then set the value to any number (e.g. 10) and hit "deposit" to "give the contract money" (or whatever).

We then copy the address of the EtherStore contract, switch to another account, and add it as a parameter to the Attack.sol contract we then deploy.

Screenshot of us deploying the Attack contract

Then we set the value to 1, and press "attack" (which steals not 1, but 1 plus the balance in the contract). Oh and the flag!

Screenshot of the updated balance, as well as the flag that was spammed to the console.

Of course... One could have simply copied the JS in EtherStore.sol and done the console.log operation ourselves...

Answer: flag{411_ur_37h_15_m1n3}