Back to homepage

Ethernaut hacking challenges: intro walkthrough

Published

Ethernaut is a solidity and web3 hacking game in which you have to take control, steal funds or any other hack of different smart contracts and web apps. It has multiple levels and in each one you'll learn about different vulnerabilities.

In these series I'll review and explain each level. Let's start with the intro!

You can find walkthroughs for all Ethernaut levels here

Ethernaut intro

This level basically explains how to set up your wallet and use the browser console to interact with the contract.

To start, you need to click on the "Get a new instance" button to get assigned a new vulnerable contract. This will trigger a Metamask prompt that you need to sign. Once the transaction is completed, you can use the browser console to interact with the contract variable.

For example contract.info() will give you all the details of the contract and contract.methods() will return all the available methods:

Interacting with a contract in Ethernaut

After spending some time interacting with the contract info methods, you get asked to authenticate using a password, but what is it?

What is Ethernaut's intro password?

I'l give you some clues:

  1. You can get explore the contract ABI in the console. Specifically the contract's methods.

  2. All state variables in a smart contract expose a getter method that returns it's value

  3. Run await contract.password()

Once you know the password, you can submit it with contract.authenticate("thePassword")

Interacting with a contract in Ethernaut

Takeways

I this first level you get to know how to interact with the contracts and how to submit your results. I'd say that the main takeaway of this level is that every state variable has a getter method that can be exploited, so you have to make sure not to store private data in them.

TAGS

If you enjoyed this article consider sharing it on social media or buying me a coffee ✌️

Buy Me A Coffee