Survival Of The Fittest
Survival Of The Fittest is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Scenario
Survival Of The Fittest attack path
Survival Of The Fittest is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Objective
Challenge walkthrough focused on Blockchain evidence, validation, and reusable operator lessons.
Walkthrough flow
Artifact review
Hypothesis
Validated solve path
Proof captured
Source coverage
High source coverage
Status: complete. This article is generated from 6 sanitized Markdown sources and keeps raw flags, credentials, keys, cookies, and reusable secrets out of the rendered blog.
High confidence: the page is reconstructed from a primary walkthrough plus multiple supporting notes or evidence sources. Treat the chain as source-backed, while still checking the listed source files for sensitive values.
- Blockchain/Survival-of-the-Fittest/writeup.md
- htb-challenge/Blockchain/Survival-of-the-Fittest/notes.md
- htb-challenge/Blockchain/Survival-of-the-Fittest/memory-summary.md
- htb-challenge/Blockchain/Survival-of-the-Fittest/hypothesis-board.md
- HTB/_knowledge/exports/ctf-lightrag-latest-203412/documents/challenge__Blockchain__Survival-of-the-Fittest__memory-summary.md.67a6f16dac.md
- HTB/_knowledge/exports/ctf-lightrag-latest-203412/documents/challenge__Blockchain__Survival-of-the-Fittest__notes.md.8360b0d011.md
Technical Walkthrough
Writeup
Challenge
- Name: Survival-of-the-Fittest
- Category: Blockchain
- Difficulty: Very Easy
- Mode: remote
Summary
The launcher exposed a funded private key, player address, setup address, target address, and RPC endpoint. The Creature contract is simpler than the previous boss challenge: it loses life directly on any attack and the solve path is simply to call strongAttack(20) to reduce lifePoints from 20 to 0, then call loot() to drain the target balance and satisfy Setup.isSolved().
Artifact Inventory
analysis/connection_info.http— initial launcher credentials and addresses.analysis/connection_info-live.json— refreshed live credentials and addresses used for the final solve.analysis/extracted/blockchain_survival_of_the_fittest/Creature.sol— challenge contract source.analysis/extracted/blockchain_survival_of_the_fittest/Setup.sol— setup/win-condition source.analysis/solve-result.json— post-exploit chain state showingisSolved=true.analysis/flag-response.txt— raw flag response before harness capture.solve/solve.py— reproducible exploit.
Reference analysis/artifact-inventory.json and summarize the relevant files or remote surface.
Analysis
Setup.isSolved() returns true when the target contract balance reaches zero. Creature starts with lifePoints = 20, and strongAttack(uint256) directly subtracts the supplied damage through _dealDamage. There is no tx.origin trick or ownership gate here. Therefore a single strongAttack(20) call is sufficient to kill the creature, and loot() can then transfer the contract balance to the player.
Solve
The solver refreshes /connection_info at runtime to avoid stale launcher addresses, then uses web3 to call strongAttack(20) from the provided funded account, followed by loot(). After verifying Setup.isSolved(), it fetches /flag.
Flag
Raw flag is stored in loot/flag.txt and intentionally not reproduced here.
Lessons
Very Easy blockchain challenges can share the same launcher UI while differing dramatically in exploit complexity. Always read the current contract source instead of assuming the previous challenge pattern still applies. Here the entire puzzle collapsed to the win condition plus two direct transactions.
Source-Backed Dossier
The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets.
Notes
Scope
- Challenge: Survival-of-the-Fittest
- Category: Blockchain
- Difficulty: Very Easy
- Mode: remote
- Remote instance: <TARGET>:32288
- Start time: 2026-06-07T09:11:10Z
- Operator: harness
- State file:
challenge-state.json
Harness Status
- Current phase: see
challenge-state.json - Next allowed actions: see
next-action.json - Raw flags and sensitive material stay in
loot/only. Do not paste them here.
Artifact Inventory
| File | Size | SHA256 | Type | Notes |
|---|---|---|---|---|
files/a12c739e-fc0f-464e-a308-47fd55acefe5.zip | 1296 | <hash redacted> | Zip archive data, at least v1.0 to extract, compression method=store | zip entries: 3 shown in artifact inventory JSON |
Evidence Ledger
| Time | Action | Output/File | Finding | Confidence | Next |
|---|---|---|---|---|---|
| 2026-06-07T09:11:10Z | harness init | challenge-state.json | Workspace initialized with deterministic state file | High | Inventory artifacts |
| 2026-06-07T09:11:10Z | artifact inventory | analysis/artifact-inventory.json | 1 artifact(s) inventoried | High | Build or update hypotheses |
| 2026-06-07T09:11:10Z | session bootstrap | notes.md | Challenge metadata, scenario, and prior context seeded into workspace | High | Record initial hypothesis and research |
| 2026-06-07T09:11:10Z | hypothesis recorded | hypothesis-board.md | initial triage from supplied challenge metadata | Medium | inventory files / inspect app surface / map routes depending on category |
| 2026-06-07T09:11:10Z | research task | analysis/research/task-20260607T091110172736Z-24c7f811.md | Research task created for advisory investigation | Medium | Record research output |
| 2026-06-07T09:14:34Z | local memory record | analysis/local-memory-records.md | Prior local notes reviewed as fallback/advisory context | Medium | Validate against current evidence |
| 2026-06-07T09:15:24Z | checkpoint recorded | analysis/checkpoint-triage-20260607T091524255588Z-624cd8f1.md | Checkpoint for TRIAGE | High | Use checkpoint to drive next decision |
| 2026-06-07T09:16:01Z | research skip | analysis/research/research-skip.md | Research intentionally skipped with recorded reason | Medium | Gate before exploit |
| 2026-06-07T09:16:01Z | checkpoint recorded | analysis/checkpoint-analysis-20260607T091601544353Z-970d7b80.md | Checkpoint for ANALYSIS | High | Use checkpoint to drive next decision |
| 2026-06-07T09:16:16Z | evaluator | analysis/evaluator-20260607T091616189217Z-05c318b2.md | Proceed | High | Write solve/solve.py, execute the exploit, fetch /flag, capture it, and complete the workspace. |
| 2026-06-07T09:17:44Z | flag capture | loot/flag.txt | HTB-format flag captured; raw value kept in loot only | High | Write solution and run completion gate |
| 2026-06-07T09:17:45Z | Called strongAttack(20) then loot() through exposed RPC and private key | analysis/solve-result.json, analysis/flag-response.txt | Refreshed connection info exposed a live funded EOA, target address, and setup address. Directly calling strongAttack(20) reduced the creature to 0 life and loot() drained the target balance, making Setup.isSolved() true and returning the HTB flag. | High | Capture the flag through the harness and complete the workspace. |
| 2026-06-07T09:18:03Z | completion gate | challenge-state.json | Completion gate passed; state marked COMPLETE | High | Optional sanitized memory summary approval |
Key Findings
-
RAG / Advisory Memory
RAG output is advisory only. Record evaluated retrievals with:
scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."Secrets/Flags
Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.
Scenario
Alex had always dreamed of becoming a warrior, but she was not particularly skilled. When the opportunity arose to join a group of seasoned warriors on a quest to a mysterious island filled with real-life monsters, she hesitated. But the thought of facing down fearsome beasts and emerging victorious was too tempting to resist, and she reluctantly agreed to join the group. As they made their way through the dense, overgrown forests of the island, Alex kept her senses sharp, always alert for the slightest sign of danger. But as she crept through the underbrush, sword drawn and ready, she was startled by a sudden movement ahead of her. She froze, heart pounding in her chest as she realized that she was face to face with her first monster.
Operator Question
Analyze the provided Blockchain challenge artifact and live target host, identify the smart contract or blockchain interaction required, exploit or solve it reproducibly, and capture the HTB flag.
Memory Summary
Metadata
- Platform: HackTheBox Challenges
- Category: Blockchain
- Challenge: Survival-of-the-Fittest
- Difficulty: Very Easy
- Source workspace:
<local workspace>
Validated Solve Chain
Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.
1.
Reusable Lessons
-
Dead Ends
-
Tool Quirks
-
Evidence Paths
-
Ingestion Decision
- Proposed for LightRAG: yes/no
- Requires user approval before ingestion: yes
Hypothesis Board
Keep no more than 3 active hypotheses on Easy/Medium and 5 on Hard unless the user explicitly asks for breadth.
| Rank | Path | Evidence | Missing Proof | Cheapest Validation | Confidence | Status |
|---|---|---|---|---|---|---|
| 1 | initial triage from supplied challenge metadata | challenge name, category, difficulty, scenario, and remote target were provided by operator | inventory files / inspect app surface / map routes depending on category | Medium | Active |
Closed Branches
| Branch | Evidence Tested | Failure Output | Reason Closed | Revisit Condition |
|---|
Memory Summary
approval_required: true
Sanitized Memory Summary
Metadata
- Platform: HackTheBox Challenges
- Category: Blockchain
- Challenge: Survival-of-the-Fittest
- Difficulty: Very Easy
- Source workspace:
<local workspace>
Validated Solve Chain
Concepts only. Do not include raw flags, reusable credentials, tokens, cookies, private keys, or live secrets.
1.
Reusable Lessons
-
Dead Ends
-
Tool Quirks
-
Evidence Paths
-
Ingestion Decision
- Proposed for LightRAG: yes/no
- Requires user approval before ingestion: yes
Notes
Notes
Scope
- Challenge: Survival-of-the-Fittest
- Category: Blockchain
- Difficulty: Very Easy
- Mode: remote
- Remote instance: <TARGET>:32288
- Start time: 2026-06-07T09:11:10Z
- Operator: harness
- State file:
challenge-state.json
Harness Status
- Current phase: see
challenge-state.json - Next allowed actions: see
next-action.json - Raw flags and sensitive material stay in
loot/only. Do not paste them here.
Artifact Inventory
| File | Size | SHA256 | Type | Notes |
|---|---|---|---|---|
files/a12c739e-fc0f-464e-a308-47fd55acefe5.zip | 1296 | <hash redacted> | Zip archive data, at least v1.0 to extract, compression method=store | zip entries: 3 shown in artifact inventory JSON |
Evidence Ledger
| Time | Action | Output/File | Finding | Confidence | Next |
|---|---|---|---|---|---|
| 2026-06-07T09:11:10Z | harness init | challenge-state.json | Workspace initialized with deterministic state file | High | Inventory artifacts |
| 2026-06-07T09:11:10Z | artifact inventory | analysis/artifact-inventory.json | 1 artifact(s) inventoried | High | Build or update hypotheses |
| 2026-06-07T09:11:10Z | session bootstrap | notes.md | Challenge metadata, scenario, and prior context seeded into workspace | High | Record initial hypothesis and research |
| 2026-06-07T09:11:10Z | hypothesis recorded | hypothesis-board.md | initial triage from supplied challenge metadata | Medium | inventory files / inspect app surface / map routes depending on category |
| 2026-06-07T09:11:10Z | research task | analysis/research/task-20260607T091110172736Z-24c7f811.md | Research task created for advisory investigation | Medium | Record research output |
| 2026-06-07T09:14:34Z | local memory record | analysis/local-memory-records.md | Prior local notes reviewed as fallback/advisory context | Medium | Validate against current evidence |
| 2026-06-07T09:15:24Z | checkpoint recorded | analysis/checkpoint-triage-20260607T091524255588Z-624cd8f1.md | Checkpoint for TRIAGE | High | Use checkpoint to drive next decision |
| 2026-06-07T09:16:01Z | research skip | analysis/research/research-skip.md | Research intentionally skipped with recorded reason | Medium | Gate before exploit |
| 2026-06-07T09:16:01Z | checkpoint recorded | analysis/checkpoint-analysis-20260607T091601544353Z-970d7b80.md | Checkpoint for ANALYSIS | High | Use checkpoint to drive next decision |
| 2026-06-07T09: <REDACTED>, execute the exploit, fetch /flag, capture it, and complete the workspace. | |||||
| 2026-06-07T09: <REDACTED> | |||||
2026-06-07T09: <REDACTED>, analysis/flag-response.txt | Refreshed connection info exposed a live funded EOA, target address, and setup address. Directly calling strongAttack(20) reduced the creature to 0 life and loot() drained the target balance, making Setup.isSolved() true and returning the HTB flag. | High | Capture the flag through the harness and complete the workspace. | ||
| 2026-06-07T09:18:03Z | completion gate | challenge-state.json | Completion gate passed; state marked COMPLETE | High | Optional sanitized memory summary approval |
Key Findings
-
RAG / Advisory Memory
RAG output is advisory only. Record evaluated retrievals with:
scripts/challenge_harness.py rag-record <workspace> --query "..." --tag MATCHED|PARTIAL|MISSING|<secret redacted>|GENERIC --validation "..."Secrets/Flags
Raw flags and sensitive material stay in loot/ only. Use scripts/challenge_harness.py capture-flag to validate and record flag capture without printing the value.
Scenario
Alex had always dreamed of becoming a warrior, but she was not particularly skilled. When the opportunity arose to join a group of seasoned warriors on a quest to a mysterious island filled with real-life monsters, she hesitated. But the thought of facing down fearsome beasts and emerging victorious was too tempting to resist, and she reluctantly agreed to join the group. As they made their way through the dense, overgrown forests of the island, Alex kept her senses sharp, always alert for the slightest sign of danger. But as she crept through the underbrush, sword drawn and ready, she was startled by a sudden movement ahead of her. She froze, heart pounding in her chest as she realized that she was face to face with her first monster.
Operator Question
Analyze the provided Blockchain challenge artifact and live target host, identify the smart contract or blockchain interaction required, exploit or solve it reproducibly, and capture the HTB flag.
Technical analogy
How to remember this solve
Think of the smart contract like a transparent bank ledger with strict but imperfect rules. The trick is to make the rules execute in an order the author did not protect against.
For Survival Of The Fittest, keep the mental model simple: identify the trusted assumption, prove it with the smallest safe test, then automate or repeat only the part that directly leads to the flag.