Try   HackMD

https://tryhackme.com/room/hfb1passcode

RPC_URL=http://10.10.214.203:8545
API_URL=http://10.10.214.203 
PRIVATE_KEY=$(curl -s ${API_URL}/challenge | jq -r ".player_wallet.private_key") 
CONTRACT_ADDRESS=$(curl -s ${API_URL}/challenge | jq -r ".contract_address") 
PLAYER_ADDRESS=$(curl -s ${API_URL}/challenge | jq -r ".player_wallet.address") 
is_solved=`cast call $CONTRACT_ADDRESS "isSolved()(bool)" --rpc-url ${RPC_URL}` 
echo "Check if is solved: $is_solved"

on the API_URL we could see the code

pragma solidity ^0.8.19;

contract Challenge {
    string private secret = "THM{}";
    bool private unlock_flag = false;
    uint256 private code;
    string private hint_text;
    
    constructor(string memory flag, string memory challenge_hint, uint256 challenge_code) {
        secret = flag;
        code = challenge_code;
        hint_text = challenge_hint;
    }
    
    function hint() external view returns (string memory) {
        return hint_text;
    }
    
    function unlock(uint256 input) external returns (bool) {
        if (input == code) {
            unlock_flag = true;
            return true;
        }
        return false;
    }
    
    function isSolved() external view returns (bool) {
        return unlock_flag;
    }
    
    function getFlag() external view returns (string memory) {
        require(unlock_flag, "Challenge not solved yet");
        return secret;
    }
}

Let's try to get the hint

cast call $CONTRACT_ADDRESS "hint()(string)" --rpc-url ${RPC_URL}
The code is xxx

convert xxx to the uint256 and run the unlock

xxx = 0x0hhh

cast send $CONTRACT_ADDRESS "unlock(uint256)" 0x0hhh \
  --legacy \
  --gas-price 50gwei \
  --private-key $PRIVATE_KEY \
  --rpc-url $RPC_URL

checking if unlock was successefull

cast call $CONTRACT_ADDRESS "isSolved()(bool)" --rpc-url ${RPC_URL} 
Check if is solved: True

Now we can get the flag

cast call $CONTRACT_ADDRESS "getFlag()(string)" --rpc-url ${RPC_URL}
THM{......}

Done

Last changed by 
Denis
0
16

Read more

CV

Denis Tofan

Apr 26, 2025
CV_short

CURRICULUM VITAEPERSONAL SUMMARYAn experienced IT professional with over 20 years in various IT roles, specializing in systemadministration, information security, and penetration testing. Demonstrates strongproblem-solving skills and a keen ability to innovate through automation and optimizationof IT processes. Skilled in managing complex IT infrastructures and deliveringcomprehensive security assessments.Name: Denis TofanLinkedIn: https://www.linkedin.com/in/denis-tofan-2a048913/Competence - Information Security and Penetration Testing: Expert in vulnerability assessment,infrastructure penetration testing, and risk analysis using tools such as Nessus, OpenVAS,Kali Linux, and MITRE ATT&CK. - System Administration: Extensive experience with Windows Server (2003–2022),FreeBSD/Linux, Docker, and virtualization platforms such as Hyper-V and FreeNAS. - IT Process Automation: Skilled in scripting and integrating systems using PowerShell,Python, and other programming languages for process optimization. - Monitoring and Log Analysis: Proficient with tools like Zabbix, Splunk, and Wazuh forproactive system monitoring and event analysis. - Project Implementation: Successfully deployed WSUS, SIEM systems, Zabbix monitoring,and various security solutions for enhanced organizational resilience.Work ExperienceCore Service EngineerNetwork Doctor, New Jersey05.2022 – 08.2024 - Conducted local infrastructure security assessments and process automation for clientonboarding and system integration. - Integrated Auvik and Sophos with ConnectWise Manage using PowerShell and AzureFunctions.Jr. Information Security ExpertPremierFintech, Spain08.2022 – Present - Performed vulnerability scans, physical security assessments, and assisted clients inrestoring critical system access.Information Security and Technology ConsultantOk Credit, Chisinau, RM07.2020 – Present - Implemented virtualization solutions, backup systems, and security monitoring. - Deployed vulnerability scanning using Nessus and Qualys.Senior System AdministratorProcreditbank, Chisinau, RM04.2014 – Present - Played a pivotal role in the migration to holding cloud infrastructure and deployment ofvarious systems.Head of Infrastructure UnitProcreditbank, Chisinau, RM10.2011 – 11.2013 - Managed and optimized the bank's infrastructure, including servers, networks, andstorage systems. - Spearheaded the migration to a holding cloud infrastructure, ensuring minimal downtimeand secure transitions. - Implemented and managed critical systems such as Active Directory, DNS, and DHCP. - Led a team of system and network engineers, ensuring projects were completed on timeand within budget.EducationCertified Ethical Hacker (CEH)Certification Number: ECC3490218756Additional Technical Training: - Penetration Testing Specialist (462 hours)

Apr 26, 2025
Silver Platter

https://tryhackme.com/r/room/silverplatter

Jan 21, 2025
WriteUp: The Sticker Shop

Cross-Site Scripting Exploitation (easy)

Jan 20, 2025
Read more from Denis
Published on HackMD