I got this challenge from my friend Yodak, with simple instruction - become a millionaire. At first we are presented with a webpage containing 2 forms - register and login.

After we have our account, we can see that it’s an app that will let’s us send virtual currency into other users account. In addition we have mineBlock button. After sending small amount of money, we have to mine that block in order to complete the transfer.

After trying different techniques like sending negative numbers, I decided to take a look at the Javascript part of page source.

In here we can see two additional pages - getblock and sendblock that are used in transactions. In addition, we can see that the information is passed using JSON so I decided to fire up BurpSuite and take a look at that information. In additon we have information that the hash i created from newBlock.previusHash + newBlock.date + newBlock.transactions + newBlock.nonce.

Firstly, let’s make a small transfer.

Now we’re ready to turn on the miner and see the traffic. Firstly we get the response from getblock.

Now miner sends the response using sendblock.

Plan is simple, we’re going to transfer some amount of money, and manually using BurpSuite Repeater get the JSON block data using the getblock.

That’s the block we’re going to mine manually.

Firstly I wanted to do it in Python but as I was unsure that these values would parse in the same way as in JS, i decided to do it in browser console. Simply copy/paste the instructions code the source that was used to mine.

Now we’re ready to send the new information through the repeater.

And here’s the flag RSCTF_{F1RST_MILLION_U_H\$VE_TO_STEAL}!

Keep learning and stay safe! ~ W3ndige