![](https://ethernaut.openzeppelin.com/imgs/BigLevel0.svg)
# (00) Hello Ethernaut
## https://ethernaut.openzeppelin.com/level/0xBA97454449c10a0F04297022646E7750b8954EE8

### If we look at the contract source, we see a lot of methods that we could potentially call. However, we don't need to use any of them except for authenticate. The password is a public variable, which means a method with the same name exists to return its value. We can call it to get its value and then pass it into authenticate to solve the challenge.

In [1]:
from web3 import Web3
from dotenv import load_dotenv
from IPython.display import display, HTML
import os
import json

load_dotenv()

provider_url = 'https://goerli.infura.io/v3/69194ec6319d4463b70ef7215e7ee7a7'
web3 = Web3(Web3.HTTPProvider(provider_url))
account = '0xf0522A86a6BEb833F9E988596Fc9dF2F5CdD9C55'
private_key = os.getenv('PRIVATE_KEY')

In [4]:
with open('abi/hello_abi.json', 'r') as f:
	abi = json.load(f)

contract_address = '0x5dfDE279D12ba4e98740aDBf8859FBaFD653Ee3c'

contract = web3.eth.contract(address=contract_address, abi=abi)

password = contract.functions.password().call()
print(password)

ethernaut0


In [5]:
tx = {
    'nonce': web3.eth.getTransactionCount(account),
    'gas': 2000000,
    'gasPrice': web3.toWei('50', 'gwei')
}

password = web3.eth.get_storage_at(contract_address, 1)

tx = contract.functions.authenticate(password).build_transaction(tx)

signed_tx = web3.eth.account.sign_transaction(tx, private_key)

tx_hash = web3.eth.sendRawTransaction(signed_tx.rawTransaction)

display(HTML(f'<a href="https://goerli.etherscan.io/tx/{web3.toHex(tx_hash)}">{web3.toHex(tx_hash)}</a>'))

In [6]:
result = contract.functions.getCleared().call()
print(result)

True
