Vault

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Vault {
  bool public locked;
  bytes32 private password;

  constructor(bytes32 _password) {
    locked = true;
    password = _password;
  }

  function unlock(bytes32 _password) public {
    if (password == _password) {
      locked = false;
    }
  }
}

Goal

Unlock the vault (guess the value of the password variable) to pass the level.

Exploit

It's important to remember that marking a variable as private only prevents other contracts from accessing it. State variables marked as private and local variables are still publicly accessible.

We can crack this level with looking at the value that the password variable holds with the use of blockchain explorer such as Etherscan.

To do that we need to inspect the transaction where the password variable is updated, and we can se that this id done in the constructor, which means we need to find the tranasction that has created the Vault contract.