GM Hacker/Developer(s)☀️
- Hashtags :
#HOW_TO_PLAY
#HTB_CHALLENGE
#CAPTURE_THE_ETHER
#ONLY_PWNER
#DAMN_VULNERABLE_DEFI
#ETHERNAUT
#level_0 #Hello_Ethernaut
#level_1 #Fallback
#level_2 #Fallout
#level_3 #Coin_Flip
#level_4 #Telephone
#level_5 #Token
#level_6 #Delegation
#level_7 #Force
#level_8 #Vault
#level_9 #King
#level_10 #Re_entrancy
#level_11 #Elevator
#level_12 #Privacy
#level_15 #Naught_Coin
#level_17 #Recovery
#level_21 #Shop
- Hashtags :
#HOW_TO_PLAY
#HTB_CHALLENGE
#CAPTURE_THE_ETHER
#ONLY_PWNER
#DAMN_VULNERABLE_DEFI
#ETHERNAUT
#level_0 #Hello_Ethernaut
#level_1 #Fallback
#level_2 #Fallout
#level_3 #Coin_Flip
#level_4 #Telephone
#level_5 #Token
#level_6 #Delegation
#level_7 #Force
#level_8 #Vault
#level_9 #King
#level_10 #Re_entrancy
#level_11 #Elevator
#level_12 #Privacy
#level_15 #Naught_Coin
#level_17 #Recovery
#level_21 #Shop
👌1
#HOW_TO_PLAY #HTB_CHALLENGE
⁉️ How To Play ?
1️⃣ Start Challenge: create new instance and download Challenge files
2️⃣ Get Connection Info: get connection info such as (player address, private key, rpc_url, contract address) at /connection
3️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
4️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
5️⃣ Hack: Call your attack() function, then submit Flag
⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project
2️⃣ Deploy Contract
⁉️ Extra Notes
1️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
2️⃣ you can find challenges by searching using this hashtag syntax:
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
3️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
4️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
5️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
6️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch
🥷🍷 <Happy Hacking/>
⁉️ How To Play ?
1️⃣ Start Challenge: create new instance and download Challenge files
2️⃣ Get Connection Info: get connection info such as (player address, private key, rpc_url, contract address) at /connection
3️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
4️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
5️⃣ Hack: Call your attack() function, then submit Flag
⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project
mkdir HTB
cd HTB
forge init .
2️⃣ Deploy Contract
forge create src/ATTACK_FILE_NAME.sol:ATTACK_CONTRACT_NAME --rpc-url $RPC_URL --private-key YOUR_WALLET_PRIVATE_KEY --value 0.01ether
⁉️ Extra Notes
1️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
2️⃣ you can find challenges by searching using this hashtag syntax:
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
3️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
4️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
5️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
6️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch
🥷🍷 <Happy Hacking/>
getfoundry.sh
foundry - Ethereum Development Framework
Foundry is a smart contract development toolchain. It manages your dependencies, compiles your project, runs tests, deploys, and lets you interact with the chain from the command-line and via Solidity noscripts.
#HOW_TO_PLAY #ETHERNAUT
⁉️ How To Play ?
1️⃣ Get Contract Address: Open the challenge web page [ https://ethernaut.openzeppelin.com/ ], click on Get new instance Button, check Console tab and copy Instance address
2️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
3️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
4️⃣ Hack: Call your attack() function, then submit Submit instance.
⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project
2️⃣ Deploy Contract
⁉️ Extra Notes
1️⃣ i put sepolia RPC url for you but you can get from [ https://chainlist.org/chain/11155111?testnets=true ]
2️⃣ you can get 0.25 ETH sepolia faucet daily from [ https://faucets.chain.link/sepolia ]
3️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
4️⃣ you can get more information about challenge from Console tab and call help() function
5️⃣ you can find challenges by searching using this hashtag syntax:
- #level_X (X = level number)
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
6️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
7️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
8️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
9️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch
🥷🍷 <Happy Hacking/>
⁉️ How To Play ?
1️⃣ Get Contract Address: Open the challenge web page [ https://ethernaut.openzeppelin.com/ ], click on Get new instance Button, check Console tab and copy Instance address
2️⃣ Code an Exploit: make new foundry project, create an Solidity file at /src Folder.
3️⃣ Deploy: Deploy your Attack contract using foundry. it will return some data which include the address of Attack contract [ Deployed to ]
4️⃣ Hack: Call your attack() function, then submit Submit instance.
⁉️ Foundry Commands:
1️⃣ Make New Temp Foundry Project
mkdir Ethernaut
cd Ethernaut
forge init .
2️⃣ Deploy Contract
forge create src/ATTACK_FILE_NAME.sol:ATTACK_CONTRACT_NAME --rpc-url wss://ethereum-sepolia-rpc.publicnode.com --private-key YOUR_WALLET_PRIVATE_KEY --value 0.01ether
⁉️ Extra Notes
1️⃣ i put sepolia RPC url for you but you can get from [ https://chainlist.org/chain/11155111?testnets=true ]
2️⃣ you can get 0.25 ETH sepolia faucet daily from [ https://faucets.chain.link/sepolia ]
3️⃣ you can read more about Foundry form [ https://book.getfoundry.sh/ ]
4️⃣ you can get more information about challenge from Console tab and call help() function
5️⃣ you can find challenges by searching using this hashtag syntax:
- #level_X (X = level number)
- #CHALLENGE_NAME (first letter of every word is big and the space replaced with _)
6️⃣ you can have an interaction with contracts using cast. read more about it from [ https://book.getfoundry.sh/reference/cast ]
7️⃣ if you got unknown sh*t error while using cast and the function which called is transfering ether, just set gas limit on 10000000 or something else
8️⃣ i don't explain the attack senario, i don't analysis the code & i don't explain how to prevent, just post the solution of challenge for you
9️⃣ you can pass arguments to your constructor while deploying contract using --constructor-args switch
🥷🍷 <Happy Hacking/>
Openzeppelin
The Ethernaut
Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.
2️⃣ #ETHERNAUT #level_2 #Fallout
i solved this challenge using cast :
but i wrote the Solidity code too.
🥷🍷 <Happy Hacking/>
i solved this challenge using cast :
cast send $CHALLENGE_CONTRACT_ADDRESS "Fal1out()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY
but i wrote the Solidity code too.
🥷🍷 <Happy Hacking/>
4️⃣ #ETHERNAUT #level_4 #Telephone
must run the attack() function using cast:
🥷🍷 <Happy Hacking/>
must run the attack() function using cast:
cast send $CHALLENGE_CONTRACT_ADDRESS "attack(address)" $PLAYER_ADDRESS --rpc-url $RPC_URL --private-key $PRIVATE_KEY
🥷🍷 <Happy Hacking/>
6️⃣ #ETHERNAUT #level_6 #Delegation
must solve this challenge using cast and call the challenge contract :
but i wrote the Solidity Code too,
🥷🍷 <Happy Hacking/>
must solve this challenge using cast and call the challenge contract :
cast send $CHALLENGE_CONTRACT_ADDRESS "pwn()" --rpc-url $RPC_URL --private-key $PRIVATE_KEY
but i wrote the Solidity Code too,
🥷🍷 <Happy Hacking/>
8️⃣ #ETHERNAUT #level_8 #Vault
you can access the private variables using cast :
🥷🍷 <Happy Hacking/>
you can access the private variables using cast :
cast storage $CHALLENGE_CONTRACT_ADDRESS 1 --rpc-url $RPC_URL
🥷🍷 <Happy Hacking/>