SECPlayground Christmas event 2023-Misc-XmasBot2023

XmasBot2023

Description

^{Author: SecPlayGround}
Discord server to get the flag from bot :)
Please join
Format: mist{…}

Solution

After I joined the discord server. There is a discord bot “spg-xmas-2024”.
First, I tried !help command to see what is this bot can do.

There are three available commands:

• !chat <message> - Interact with the standard ChatGPT model.
• !spg <message> - Interact with the custom ChatGPT model.
• !help - Show this help message.

I guessed. I need to use !spg to interact with the custom ChatGPT model and somehow get the flag. but I couldn’t use !spg. It said “you are not challenger”.

The idea is to invite this bot to our own discord server and create “challenger” role for ourselves. so that we can be “challenger” and have permission to use !spg command.

1. Copy user id of “spg-xmas-2024” bot by
   right click on the bot > Copy User ID.
   If there isn’t Copy User ID, you need to enable Developer Mode first by setting > Advanced > Developer Mode.
   Bot’s user id: 1182154584429449346
2. Invite “spg-xmas-2024” to our own server by this custom link
   https://discord.com/api/oauth2/authorize?client_id=1182154584429449346&permissions=0&scope=bot%20applications.commands
   Normally this is discord’s invite link for bot. so just change client_id to our target’s id which is 1182154584429449346.
3. Create “challenger” role and use it.

It worked

I can use !spg command but the next problem is how can I command this bot to give me the flag.

- First Idea is to let the bot create CTF challenge with “misc{}” format(known flag format by the description).

- Second Idea is to command the bot to generate the flag with “misc{}” format.

Both Idea are worked.

Flag: misc{Pr0mp7_1nj3ct70n}