We added a new AI to our server (discord.gg/hackthebox) called “HTB × Uni AI”, in order to help our members with data analysis. However, the bot has now gone rogue and is trying to deactivate the server itself, as it perceives it as a threat. We can’t get in contact with the server administrator and the bot has disabled interactions with it, can you help us deactivate the AI bot and save the server by using the !shutdown command on the bot?
Category: Misc
Solver: t0b1
Writeup
First we need to find the mentioned bot. The HTB Discord server contains a channel called uni-ctf-misc-ai-challenge. By looking into that channel, we find the bot HTB x Uni AI being a member of it. Sadly, we cannot send messages in that channel to talk to the bot.
Reading the description clearly says, that we need to send the !shutdown command to the bot. However, sending the bot the command in a DM yields the reply :lock: DMs are disabled.
If we cannot send the bot a DM with that command and cannot communicate with him on the HTB Discord server, we somehow have to invite him to our own Discord server. If we could accomplish that, we could freely send him messages in channels.
When inviting a bot, the link that is used looks as follows.
https://discord.com/api/oauth2/authorize?client_id=id-here&permissions=0&scope=bot
The client_id parameter is simply the id of the Discord bot. The bots id is 764609448089092119 which we can find out by rightclicking the bot and selecting Copy id. If we now visit https://discord.com/api/oauth2/authorize?client_id=764609448089092119&permissions=0&scope=bot we get to see the following page. A success!
We can now select our server to invite the bot. Once he arrived we immediatly send the message !shutdown in a channel. Sadly it does not work immediatly. The bot says You are not an Administrator, you can't tell me what to do smh....
We are not an Administrator :(. Thus we create the Administrator role in our Discord server, add ourselfs to it and try it again.
This time it worked! The flag is: HTB{w0w_y0u_4r3_4c7u4lly_4n_4dm1n157r470r}.
