GM Hacker/Developer(s)☀️

- Hashtags :
#HOW_TO_PLAY
#HTB_CHALLENGE
#CAPTURE_THE_ETHER
#ONLY_PWNER
#DAMN_VULNERABLE_DEFI
#ETHERNAUT
#level_0 #Hello_Ethernaut
#level_1 #Fallback
#level_2 #Fallout
#level_3 #Coin_Flip
#level_4 #Telephone
#level_5 #Token
#level_6 #Delegation
#level_7 #Force
#level_8 #Vault
#level_9 #King
#level_10 #Re_entrancy
#level_11 #Elevator
#level_12 #Privacy
#level_15 #Naught_Coin
#level_17 #Recovery
#level_21 #Shop

#HOW_TO_PLAY #HTB_CHALLENGE

⁉️ How To Play ?
1️⃣ Start Challenge: create new instance and download Challenge files
2️⃣ Get Connection Info: get connection info such as (player address, private key, rpc_url, contract address) at /connection
3️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
4️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
5️⃣ Hack: Call your attack() function, then submit Flag


⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project

mkdir HTB
cd HTB
forge init .

2️⃣ Deploy Contract

forge create src/ATTACK_FILE_NAME.sol:ATTACK_CONTRACT_NAME --rpc-url $RPC_URL --private-key YOUR_WALLET_PRIVATE_KEY --value 0.01ether

⁉️ Extra Notes
1️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
2️⃣ you can find challenges by searching using this hashtag syntax:
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
3️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
4️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
5️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
6️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch

🥷🍷 <Happy Hacking/>

#HOW_TO_PLAY #ETHERNAUT

⁉️ How To Play ?
1️⃣ Get Contract Address: Open the challenge web page [ https://ethernaut.openzeppelin.com/ ], click on Get new instance Button, check Console tab and copy Instance address
2️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
3️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
4️⃣ Hack: Call your attack() function, then submit Submit instance.


⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project

mkdir Ethernaut
cd Ethernaut
forge init .

2️⃣ Deploy Contract

forge create src/ATTACK_FILE_NAME.sol:ATTACK_CONTRACT_NAME --rpc-url wss://ethereum-sepolia-rpc.publicnode.com --private-key YOUR_WALLET_PRIVATE_KEY --value 0.01ether

⁉️ Extra Notes
1️⃣ i put sepolia RPC url for you but you can get from [ https://chainlist.org/chain/11155111?testnets=true ]
2️⃣ you can get 0.25 ETH sepolia faucet daily from [ https://faucets.chain.link/sepolia ]
3️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
4️⃣ you can get more information about challenge from Console tab and call help() function
5️⃣ you can find challenges by searching using this hashtag syntax:
- #level_X (X = level number)
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
6️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
7️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
8️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
9️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch

🥷🍷 <Happy Hacking/>

0️⃣ #ETHERNAUT #level_0 #Hello_Ethernaut

🥷🍷 <Happy Hacking/>

1️⃣ #ETHERNAUT #level_1 #Fallback

🥷🍷 <Happy Hacking/>

2️⃣ #ETHERNAUT #level_2 #Fallout

i solved this challenge using cast :

cast send $CHALLENGE_CONTRACT_ADDRESS "Fal1out()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY

but i wrote the Solidity code too.

🥷🍷 <Happy Hacking/>

4️⃣ #ETHERNAUT #level_4 #Telephone

must run the attack() function using cast:

cast send $CHALLENGE_CONTRACT_ADDRESS "attack(address)" $PLAYER_ADDRESS --rpc-url $RPC_URL --private-key $PRIVATE_KEY

🥷🍷 <Happy Hacking/>

5️⃣ #ETHERNAUT #level_5 #Token

🥷🍷 <Happy Hacking/>

6️⃣ #ETHERNAUT #level_6 #Delegation

must solve this challenge using cast and call the challenge contract :

cast send $CHALLENGE_CONTRACT_ADDRESS "pwn()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY

but i wrote the Solidity Code too,

🥷🍷 <Happy Hacking/>

7️⃣ #ETHERNAUT #level_7 #Force

🥷🍷 <Happy Hacking/>

8️⃣ #ETHERNAUT #level_8 #Vault

you can access the private variables using cast :

cast storage $CHALLENGE_CONTRACT_ADDRESS 1 --rpc-url $RPC_URL

🥷🍷 <Happy Hacking/>

9️⃣ #ETHERNAUT #level_9 #King

🥷🍷 <Happy Hacking/>

🔟 #ETHERNAUT #level_10 #Re_entrancy

🥷🍷 <Happy Hacking/>

1️⃣1️⃣ #ETHERNAUT #level_11 #Elevator

🥷🍷 <Happy Hacking/>

1️⃣2️⃣ #ETHERNAUT #level_12 #Privacy

you can access the private variables using cast :

cast storage $CHALLENGE_CONTRACT_ADDRESS 5 --rpc-url $RPC_URL

🥷🍷 <Happy Hacking/>

🔑 Smart Contract Obfuscation Techniques

1️⃣ https://titan.csit.rmit.edu.au/~e13322/hai_dong/papers/Bian_TSE2022.pdf
2️⃣ https://www.mecs-press.org/ijmsc/ijmsc-v8-n3/IJMSC-V8-N3-3.pdf
3️⃣ https://degatchi.com/articles/smart-contract-obfuscation/

📦 Transient Storage

1️⃣ https://hackernoon.com/transient-storage-ethereums-game-changing-feature
2️⃣ https://etherworld.co/2022/12/13/transient-storage-for-beginners/
3️⃣ https://soliditylang.org/blog/2024/01/26/transient-storage/
4️⃣ https://youtu.be/0-hiB5I39Mk?si=-0qy3ZeiuW_L9D8p
5️⃣ https://solidity-by-example.org/transient-storage/
6️⃣ https://www.evm.codes/#5c?fork=cancun