What Ethereum Smart Contract Hacking Looks Like
In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected.
This was a challenge called `Montagy` from the Real World CTF 2019 competition.
Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.
More Ethereum hacking:
- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: https://www.youtube.com/watch?v=ozqOlUVKL1s
- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: https://www.youtube.com/watch?v=RfL3FcnVbJg
- Ethereum Smart Contract Backdoored Using Malicious Constructor:
https://www.youtube.com/watch?v=WP-EnGhIYEc
00:00:00 - Backstory
00:03:58 - Smart Contract Challenge Overview
00:20:17 - Blockchain Transaction Investigation
00:22:13 - Rough Plan & Research Setup
00:34:27 - Looking more into the Contracts
00:41:18 - Debugging with remix
01:08:43 - What we learned so far
01:09:31 - Researching custom hash
01:34:26 - Breaking hash algorithm with z3
02:02:37 - Realizing winning condition is different...
02:03:20 - Developing exploit pwn.js
02:15:10 - Exploit doesn't work... debugging.
02:31:30 - Exploit finally works
02:33:55 - Sending Exploit to the Team in China
02:35:05 - The Flag
02:36:10 - Opinion and Conclusion
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео What Ethereum Smart Contract Hacking Looks Like канала LiveOverflow
This was a challenge called `Montagy` from the Real World CTF 2019 competition.
Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.
More Ethereum hacking:
- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: https://www.youtube.com/watch?v=ozqOlUVKL1s
- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: https://www.youtube.com/watch?v=RfL3FcnVbJg
- Ethereum Smart Contract Backdoored Using Malicious Constructor:
https://www.youtube.com/watch?v=WP-EnGhIYEc
00:00:00 - Backstory
00:03:58 - Smart Contract Challenge Overview
00:20:17 - Blockchain Transaction Investigation
00:22:13 - Rough Plan & Research Setup
00:34:27 - Looking more into the Contracts
00:41:18 - Debugging with remix
01:08:43 - What we learned so far
01:09:31 - Researching custom hash
01:34:26 - Breaking hash algorithm with z3
02:02:37 - Realizing winning condition is different...
02:03:20 - Developing exploit pwn.js
02:15:10 - Exploit doesn't work... debugging.
02:31:30 - Exploit finally works
02:33:55 - Sending Exploit to the Team in China
02:35:05 - The Flag
02:36:10 - Opinion and Conclusion
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео What Ethereum Smart Contract Hacking Looks Like канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Reinventing Web Security](https://i.ytimg.com/vi/LxUAnZY_08o/default.jpg)
![Binary Exploitation vs. Web Security](https://i.ytimg.com/vi/FbeaklEkMgM/default.jpg)
![Hacking Google Cloud?](https://i.ytimg.com/vi/uOvizKc1WZY/default.jpg)
![Trying to Find a Bug in WordPress](https://i.ytimg.com/vi/lLjgskJgaRU/default.jpg)
![Authentication Bypass Using Root Array](https://i.ytimg.com/vi/2vAr9K5chII/default.jpg)
![My YouTube Financials - The Future of LiveOverflow](https://i.ytimg.com/vi/nDiXoeeAMWM/default.jpg)
![Defending LLM - Prompt Injection](https://i.ytimg.com/vi/VbNPZ1n6_vY/default.jpg)
![Accidental LLM Backdoor - Prompt Tricks](https://i.ytimg.com/vi/h74oXb4Kk8k/default.jpg)
![Attacking LLM - Prompt Injection](https://i.ytimg.com/vi/Sv5OLj2nVAQ/default.jpg)
![Our Future As Hackers Is At Stake!](https://i.ytimg.com/vi/GbMHAaB0uI0/default.jpg)
![Cyber Security Challenge Germany (2023)](https://i.ytimg.com/vi/jUZjQlcAV94/default.jpg)
![Cybercrime is Not Hacking!](https://i.ytimg.com/vi/nyg2W5KUNVQ/default.jpg)
![Attacking Language Server JSON RPC](https://i.ytimg.com/vi/DFAdG9o0sTw/default.jpg)
![Advanced Teleport Hack (stolen from cheaters)](https://i.ytimg.com/vi/3HSnDsfkJT8/default.jpg)
![VPNs, Proxies and Secure Tunnels Explained (Deepdive)](https://i.ytimg.com/vi/32KKwgF67Ho/default.jpg)
![I’m moving, no videos sorry](https://i.ytimg.com/vi/9CS3q0uG1LI/default.jpg)
![Computer Networking (Deepdive)](https://i.ytimg.com/vi/6G14NrjekLQ/default.jpg)
![Revisiting 2b2t Tamed Animal Coordinate Exploit](https://i.ytimg.com/vi/TAUrzkOYLUk/default.jpg)
![Pain in your Hand (RSI)?](https://i.ytimg.com/vi/SJbuSXO4xs0/default.jpg)
![What is a Protocol? (Deepdive)](https://i.ytimg.com/vi/d-zn-wv4Di8/default.jpg)
![The Future Of Hacking #shorts](https://i.ytimg.com/vi/2bDwk1_BAZY/default.jpg)