We added a new AI to our server (discord.gg/hackthebox) called “HTB × Uni AI”, in order to help our members with data analysis. However, the bot has now gone rogue and is trying to deactivate the server itself, as it perceives it as a threat. We can’t get in contact with the server administrator and the bot has disabled interactions with it, can you help us deactivate the AI bot and save the server by using the !shutdown command on the bot?
First we need to find the mentioned bot. The HTB Discord server contains a channel called
uni-ctf-misc-ai-challenge. By looking into that channel, we find the bot
HTB x Uni AI being a member of it. Sadly, we cannot send messages in that channel to talk to the bot.
Reading the description clearly says, that we need to send the
!shutdown command to the bot. However, sending the bot the command in a DM yields the reply
:lock: DMs are disabled.
If we cannot send the bot a DM with that command and cannot communicate with him on the HTB Discord server, we somehow have to invite him to our own Discord server. If we could accomplish that, we could freely send him messages in channels.
When inviting a bot, the link that is used looks as follows.
client_id parameter is simply the id of the Discord bot. The bots id is
764609448089092119 which we can find out by rightclicking the bot and selecting
Copy id. If we now visit https://discord.com/api/oauth2/authorize?client_id=764609448089092119&permissions=0&scope=bot we get to see the following page. A success!
We can now select our server to invite the bot. Once he arrived we immediatly send the message
!shutdown in a channel. Sadly it does not work immediatly. The bot says
You are not an Administrator, you can't tell me what to do smh....
We are not an Administrator :(. Thus we create the
Administrator role in our Discord server, add ourselfs to it and try it again.
This time it worked! The flag is: