Hello guys, today i gonna show you how i solve the CTF Navigating the Unknown Challenge of the Cyber Apocalypse 2023 from Hack the Box hackthon

In the challenge you have multiple ways to solved, but i decide to show you the most simple way to solve because is much easy to explain whats happend

First at all you need need yo read the challenge :

image

Ok so we start the docker and download the files from the challenge :

image

after extract the file downloaded i see this files :

  • README.md
  • Setup.sol
  • Unknown.sol

So lets see first what says the README.md :

image

Ok ok, but this is a lot a information, we need to understand it per parts, lets go for he ports section first

image

ok this means we have 2 ports for the connection :

  • one is gonna be the information about conne
  • the another gonna be for the RPC connection with the blockchain

So Lets keep reading :

image

ok we have 2 files :

  • Setup.sol
  • Challenge.sol ( this name could be whatever name, in this case called : Unknown.sol )

Lets read the last part

image

Ok we gonna neeed :

  • private key
  • target smart contract
  • rpc url

And if you remember in the first section says one of the ports has information about the connection, so lets check with netcat what server has a response, lets try connect to using nc 165.22.116.7 31092, we wait some seconds and …

image

nothing happends, so we can asume this is the RPC connection

lets try the anotherone …

image

ok this connection is more interesting, lest check the connection information :

image

Ok we now have the information about the connection with the rpc , but how exacly we can connect with him ? and what exactly we need to do with the msart contracts ?

Lets go for parts, first we gonna use a more easy method than the web3js or web3py, ethers or things like that, because is not necessary if the code is not gonna be automatizated for something, so we gonna use :

  • Metamask ( Crypto wallet )
  • Remix IDE ( IDE for solidity Smart contracts )
  • Smart Contracts And we gonna interact with the smart contracts mor easy and more simple to understand what happend really in a general level

ok so first at all we need to download metamask and do the steps for configuration, i gonna skip that part because is not necessary to show how to do that, if you are curious you can check directly with this link : https://metamask.io/

So lets keep going : we gonna use the information showed before to connect, we know the :

  • RPC connection
  • Private key
  • Setup.sol ( code and address )
  • Target.sol ( code and address )

So first we need to connect to the RPC, we gonna use the same metamask to do that ;) :

  • in this case the RPC url is : 165.22.116.7:31092

so we only need to put the http:// before the ip and ports , so looks like this :

  • http://165.22.116.7:31092

image image

And here happends some intersting, you cant add a new network if you dont know the Chain ID :

image

but let show you a trick, when you dont know what chain id it is just put whatever value , in this case i gonna put 1, and then click outside the field to launch the form error : image

Ok we know what is the chain id, not all the time works, but in this case yes, so after i put the new chain id i see this :

image

if you see the symbol can be channged too, but is not necessary for know, just save it

Ok so you gonna se something like this :

image

Now we have the network connected with the random name for the crypto called EXAMPLE, but we dont have the right account

So we gonna import the account using the private key obtained from the netcat connection

  • in this case the private key is : 0xb331b8bcd8882a6d755ee6517d9124feba3563d7d8c0b969c1de10837a21e456

image

image

If you gonna check the address is the same : image

image

and now we have some Cyrptos to test too, so lets go know for the smart contracts and the IDE for see what we can do :

  • Link to the IDE for smart contracts : https://remix.ethereum.org/

Lets create the two files :

  • Setup.sol
  • Unknown.sol

The Steup.sol looks like this :

pragma solidity ^0.8.18;

import {Unknown} from "./Unknown.sol";

contract Setup {
    Unknown public immutable TARGET;

    constructor() {
        TARGET = new Unknown();
    }

    function isSolved() public view returns (bool) {
        return TARGET.updated();
    }
}

And the Unknown.sol :

pragma solidity ^0.8.18;


contract Unknown {
    
    bool public updated;

    function updateSensors(uint256 version) external {
        if (version == 10) {
            updated = true;
        }
    }

}

image

So after adding the smart contracts, lets take a look of the code an what means :

image

So now lets check the Unknown.sol :

image

Ok so only wee need to interact with the smart contract and change the value for 10

So we know what need to do , lets go to compile the smart contracts to interact with him, for this you have two ways to do it :

the first one is only pres ctrl + S ( saving ), and the second is go here and press compile : image

After this we can go to deploy and check if you are deploying the right smart contract :

image

Before Start deploying you need to select the web3 inyected option here and select Metamask :

image

This gonna say to de IDE someting like -> “ use this RPC of my metamask to deploy the smart contract and use my account too “

ok now we can deploy, first gonna deploy the Setup.sol :

Note, be sure you are connected with metamask and the Remix IDE, let me show you

image

image

So when is connected looks like this : image

Ok lets continue with the deploy, you have two ways to do it :

  • deploy your smart contract ( new one )
  • use the structure of the smart contract to instantiate another ( we gonna use this one )

but what exactly means ? , this means you gonna use the deployed smart contract and put in your structure of your solidity code, let me draw it for you :

image

Ok now lets add the address, note : be sure is the same structure ( same file .sol ) :

image

image

After this you gonna see this below : image

We can expand and see this, ( you can press the blue buttons to interact with the smart contract ) :

Note : The Button has colors :

  • the blue buttons are public view ( This mean dont have cost per interaction )
  • the orange buttons are writing functions`( This mean has cost per interaction )
  • the red buttons are payable functions ( This means you need to send crypto to interact with him ), in this challenge dont have red buttons but is a good idea to know it

So do the same with the Unknown.sol, be sure you are selected the same smart contract that you wanna instantiate, and the right address :

image

Ok so now just lets interact with him and get the flag :

image

When you change the value for 10 and press the orange button this gonna popup the metamask for the intreaction with the smart contract, so here you need to confirm the transaction and the values gonna change : image

After the transaction complete, you can re-check the values and … magic, you do the challenge

image

now we need to reconnect to the server using netcat and get the flag :

image