Chainsaw

I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

Type your comment> @ashr said:

I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

Think on service correlated to smart contract (hint: read smart contract name)…

Type your comment> @Kebby22 said:

Type your comment> @ashr said:

I can get the static value set in the contract but if try set it and get afterwards it doesnt change. A nudge would be appreciated, what am I missing to get the set confirmed/actually set/blah.

Think on service correlated to smart contract (hint: read smart contract name)…

I’m sorted, thanks m8. Went through api versioning ■■■■, but got there through an easier method a nice guy suggested \m/

hmm… I am pretty much stuck. Everything (including getting root) was straight forward. But now i really don’t know what i should try to find. There are definitly some odd things going on, but nothing i looked at seemed to lead to something really “interesting” …

User and “root” went fine, now where is this ■■■■ flag!? Scanned trough all files looking for md5 patterns using grep, still no pony. Feel free to PM me , need a nudge!

flag

For those stuck on the last step… don’t slack off and keep trying :slight_smile:

Got the user Flag now try to get root flag !!!
Edit 1 :- Got root access …

I think this root flag bends a little the rule that the flag have to be inside /root/root.txt … Well, it is not exactly inside but it is very close.

@alamot said:
I think this root flag bends a little the rule that the flag have to be inside /root/root.txt … Well, it is not exactly inside but it is very close.

On the contrary – no rule is bent technically.

Finally got the root flag a big thanks goes to @CyberMnemosyne Again thankuu very much !!

So a really interesting thing… the .txt is not actually necessary! The value that text file holds is deterministic, so given two values (both of which you have immediately), you can calculate the value! Super cool, kind of wish this was the route instead of just giving away the value. Either way it makes for a beautiful programmatic solution!

This box was incredible!!! First time using the foot hold method. Defiantly had some issues regarding the setup of “web3.py” on my side.

hints for user: write a script of your own using the above method and make sure you have the right functions. There’s alot of scripts on github to help you.

hints for root: there’s two ways of doing this. I did it the easy way of finding the right “Path”.

Got root, thanks 2 @CyberMnemosyne for the tip.

Tip for root: CTF-like and a pain in the ■■■ if you didn’t do something alike before or know already what do. Ignore what you have you done till now and get your rubber gloves and scalpel.

Without this, I would never knew how to solve that last part. Thanks man! +respect @will135 said:

For those stuck on the last step… don’t slack off and keep trying :slight_smile:

User to root was a little bit too easy imo but I very much enjoyed programming for this as it’s something I’ve never interfaced with before.

Also, the final step feels too CTFy. I wouldn’t have gotten it without the hint from @will135.

I wouldn’t say this box was easy, there are some clever challenges to this and most steps seemed to require a lot of reading about things I’d never seen before with the occasional gimme and rabbit hole thrown in. Nicely done weaving these into a challenging box and thanks to @stonepresto for the perfect nudge at the end.

I gave this machine a dislike after the root flag idea …

Very nice box, except the last piece, over complicating things IMHO. The idea is very fresh and funny to learn.

  • User : There are some APIs to play with it in several languages. After fighting a lot I used R**** IDE and works perfectly. Then, there is a very common vulnerability but with a different approach.
    After that, enumerate a bit and pay attention to some information that is in front of your eyes. It will give you a hint to what to search.

  • Root: The first path is not hard, just need some interaction. After that, the crazy enumeration comes in place. Thanks @CyberMnemosyne to give me a little hint. To make it easier I suggest to pay attention to this two comments:

@alamot

I think this root flag bends a little the rule that the flag have to be inside /root/root.txt … Well, it is not exactly inside but it is very close.

@will135

For those stuck on the last step… don’t slack off and keep trying

Congrats @artikrh and @absolutezero :slight_smile: I enjoyed it

Type your comment> @MisterBert0ni said:

flag

right in the feels :confused:
great box tho, @Leonishan thanks for the hints.