Official discussion thread for BlockBlock. Please do not post any spoilers or big hints.
Phew finally rooted, this machine was hard for me as i didnt have any blockchain knowledge at all… The initial foothold is the hardest part… For anyone stuck feel free to drop me a PM.
That’s a cool hint. Thanks!
I’m sorry, but if this thing requires me to setup my own blockchain dev environment to run malicious contracts, I think I will just sit this one out lol. I dont have time for all that.
No need for this, you just need to able to interact with the exposed RPC endpoint
Any hints for getting the admin token?
if you spent nearly 4h for testing all the possible RPC clients to talk to our super port - what worked for me was Go. Hope that helps. I stuck
Hi,
I think I’m lost here. After reading about SOL and cast and RPC and web3… I still can not move forward. Any hint is welcome because I think I went too deep for the topic or I’m just missing something obvious.
Thanks
Edited:
FYI https://www.youtube.com/playlist?list=PLCwnLq3tOElpIi6Gci36PnvrrS8ljBHkq
Have fun!
Hey, you need to use one of eth_...
RPC calls to steal user creds…
Hi @tar0Samura1
thank you very much for a hint. Currently I’m learning about eth and contracts so I believe I’ll learn something to understand how to exploit this machine.
Big thanks for your answer!
Cheers
Hi @tar0Samura1
I was thinking about your hint and it looks like… I already received few http status codes (like 401 or 500). So probably I need to read more about ‘those calls’.
Thank you again for the hint!
Edit: ok I think I have an admin’s token. This machine is a hardcore.
Edit2: this machine is beautiful madness. Keep moving with all the docs;)
Got user! My eyes are bleeding ;D
Edit: got root and probably found unintended path to it.
Big thanks for all the hints!
How to contact with the author about the bug? (DM me if possible please).
Thanks!
Dude, this is easily the hardes machine I ever rooted here. I’ve been reading smart contracts and blockchain documentation all day today lol
Respect to the creator though, I’m just bad <3
IHMO that’s true! I was working with this box during ~20 days. It was worth it.
A lot of learning. Contracts, web3, chains. If we would think about pentesting - we have 2 options: web or infrastructure. In case of this box we have a 3rd case: web3 vulnerabilities.
Kudos to author!
Good luck to other players!
Cheers
bro help me with root
Did you get the root?
yess bro got
Any one can help me move forward from keira?
hi, check the forum please. there are already a lot of nice hints. One that helped me a lot was posted by @tar0Samura1
good luck!
Thanks for responding, really appreciated