X-MAS Helper
Author: Milkdrop

(web Exploitation Challenge)

Description of Challenge:

Here you can see that the bot X-MAS Helper#2918 was a part of the challenge that provides flag only to people with the role Organizer in Discord.

If you type in !flag in #spam in the Discord you can see

now.. since you can see that i am not Unauthorized in this channel, I need to have a role of Organizer for which I need to be admin of the server and if you are familiar with discord, you can invite bots to your channel.

while inviting a bot, you go through https://discordapp.com/oauth2/authorize?client_id=botid&scope=bot with the bot id, for an example lets invite FredBoat♪♪#7284 to your channel, you need to go through https://discordapp.com/oauth2/authorize?&client_id=184405253028970496&scope=bot

you will see,

similarly,

For the X-MAS Helper bot, we need its id to invite it to the discord.

for that follow the following steps

1) Enable the Developer mode

  • Click on the settings on to the right of your username ID
  • then,
  • Click on appearances
  • Scroll down to ADVANCED

and enable the Developer Mode

2)Right Click on the bot and copy its ID

3) Invite the bot using the id

Replace the ID for the X-MAS Helper bot with Fredboat's bot's ID, you will get your URL as below

X-MAS Helper bots ID = 631788175165227032

https://discordapp.com/oauth2/authorize?&client_id=631788175165227032&scope=bot

4) Invite the bot to your channel

I am inviting the bot to the CTF channel

boom the bot is in the channel

5) Adding a role with Organizer

follow the following steps if you dont know how to add role

  • First

Click on the down arrow on the server name

  • Then

Click on Server Settings

  • Then

Click on the roles and add a role using the + icon

  • Now

put the role name Organizer and you are good to go

6) Now add yourself to the role

7) type in !flag in the message

BOOM congratulations on your FLAG.