CTF

Ethernaut: Hello Ethernaut

0xjarix

4 min read
Ethernaut: Hello Ethernaut

My take on CTFs

CTFs constitute a crucial part in the process of becoming a successful security researcher as they require from you an eye for details, a good understanding of solidity and great technical skills to perform the attack and capture the flag. The most talented security researchers are great at CTFs, at solving them of course and sometimes at designing them. CTFs will not turn you into a great web3 security researcher over night, but it will surely arm you with good enough technical skills to be able to write decent coded PoCs to have your finding validated and maybe get selected for report.

What is Ethernaut?

Ethernaut is a CTF(Capture The Flag) developed by the openzeppelin team that you most propbably already heard of. If you haven't, consider taking a look at this roadmap https://www.0xjarix.com/if-i-had-to-start-again/
This CTF gathers 31 challenges for the moment, this number keeps increasing so check their website every now and then: https://ethernaut.openzeppelin.com/
Maybe you'll design your challenge one day and send it to the openzeppelin team.

Also why you here?

Of all the kinds of articles I publish, CTF writeups are those I wish you read the least. I am a big advocate of giving everything the time it needs, if you cannot solve a challenge that you know for a contains an intentional bug in such a small codebase, do not expect to do really well in the contests. There are 2 reasons why someone can fail at solving a challenge, and when I say 'fail' I mean giving up and looking at the writeups, knowing damn well these CTFs are not time-bounded. So if you failed you either:

  • aren't ready for this challenge yet and that is most probably due to the fact that you skipped some steps in the roadmap
  • are lazy, you read the challenge, read the codebase, maybe not enough times, you had some assumptions maybe, you might have identified some entrypoints or some conditions to bypass or break, but you did not give it enough time, you did not allow yourself to succeed and that's a shame

Hello Ethernaut

Take this first challenge as a foot baths for the pool of challenges you're about to encounter in this CTF.

1. Set up MetaMask

If you're here you surely already have a metamask wallet to test your smart contracts, for this CTF I will use the holesky testnet. Make sure you select the same network on both your metamask extension and the ethernaut website

2. Open the browser's console

Mac users:

  • CMD + option + I or J
  • Right click + inspect

Windows users:

  • Ctrl + Shift + J.
  • Right click + inspect

Read the instructions

3 to 5

Read the instructions

6. Get test ether

Here are some faucets to get test ether:
https://www.alchemy.com/list-of/crypto-faucets-on-ethereum

7 to 9

Read the instructions

1st step
2nd step
3rd step
4th step

And what do we see now, all the nerds know it and if you're here, you're definitely one, so yes you're right the answer to the universe, the almighty...

5th step
6th step
7th step

Now we're kind of stuck but there's a way we can check the contract's method, we're eying a function with the name getPassword() or password() and bingo we found it: password()

8th step
9th step
10th step

Now confirm the metamask transaction that pops up on your screen and submit the instance, you should see this appear in your console.

We did it

Congrats on this one, the others will be more challenging