Writeups
  • Writeups
  • 2020 Writeups
    • Angstrom
      • Git Good
      • Secret Agents
      • windows of opportunity
      • Califrobnication
      • Patcherman
      • Just Rust
      • No canary
      • WS3
      • Confused Streaming
      • Reasonably Secure Algorithm
      • Defund's Crypt
      • Low-kee
      • Discrete Superlog
      • Wacko Images
      • Shifter
      • Xmas Still Stands
      • Noisy
      • Canary
      • Inputter
      • clam clam clam
      • PSK
      • Taking Off
      • Consolation
      • Wooosh
      • Signal_of_hope
      • One Time Bad
      • Revving up
    • bsidesBOS
      • Binary Exploitation
        • Patches
        • Sea Shells
      • Cryptography
        • Alice and Bob
        • Exodia
        • Fancy Caesar
        • Flag-SP Network
        • Maelstrom
      • Forensics
        • Amnesia
        • Mercury
        • Mobility
        • Patchwork Quilt
        • Spy Cam
      • Misc
        • Tea-mix
        • Swipe
      • Scripting
        • Flushed Revenge
        • Reggae
        • Robot Takeover
      • Steg
        • Dimension 0
        • Saving The World
        • Secret Romance
      • Warmup
        • Give Up
        • Kiddie Pool
        • Play The Harp
        • Where's The Body
        • Baseball
        • Ez Bake Oven
        • Y2K
      • Web
        • Clown Show
        • Yet Another Micro-story Library
    • Crypto CTF
      • Amsterdam
      • One Line Crypto
      • Trailing Bits
      • Gambler
    • Covid19 CTF
      • Sql db 3
      • Web 1 (Something Derpy? Idk)
      • ECB is the best CB
      • Db 2
      • Scouting
    • FWordCTF
      • Pwn
        • Welcome Pwner
        • One Piece Remake
        • Numbers
      • Misc
        • Secret Array
        • Twis Twis Litlle Star
      • Web
        • JAILOO WARMUP
      • Rev
        • Tornado
        • XO
        • Beginner Rev
        • Fibo
      • Crypto
        • Randomness
        • One Part!
        • BDBG
        • Weird RSA
      • OSINT
        • Identity Fraud
      • Bash
        • CapiCapi - bash
      • Forensics
        • NULL
    • Google
      • Reversing
        • Beginner
      • Hardware
        • Basics
      • Crypto
        • Chunk Norris
        • Sharky - Crypto
      • Sandbox
        • Writeonly
    • Hacktivity Con
      • Binary Exploitation
        • Pancakes
        • Statics and Dynamics
        • Space Force
          • Space Force - Binary Exploitation
        • Bullseye
      • Scripting
        • Misdirection
        • Rescue Mission
        • Hashbrown Casserole
        • Flushed
        • Tootsie Pop
      • Crypto
        • OFBuscated
        • Tyrannosaurus Rex
        • Perfect XOR
        • Bon Apettit
        • A E S T H E T I C
      • Steg
        • Cold War
        • substitute face
        • Vencryption
      • Mobile
        • Mobile One
      • Web
        • Lightweight Contact Book
        • Bite
        • Ladybug
      • Forensics
        • Domo Arigato
      • Warm Up
        • Hexgedit
        • Caesar Mirror
        • Internet Cattos
      • Misc
        • Private Investigator
    • Houseplant
      • 11
      • Deep Lyrics
      • Adventure Revisited
      • CH₃COOH
      • Rivest Shamir Adleman
      • Zip-a-dee-doo-dah
      • Pie Generator
      • Ez
      • Groovin and Cubin
      • QR Generator
      • Half
      • Tough
      • Beginner Writeups
      • Spilled Milk
      • Fire-place
      • Survey Writeup: Houseplant 2020
      • Sizzle
      • Post-Homework Death
      • Rainbow vomit
      • Lemon
      • I dont like needles
      • Pz
      • Music Lab
      • Ezoterik
      • Parasite
      • Catography
      • Selfhost all the things!
      • Satan's jigsaw
    • HSCTF
      • Web
        • Broken Tokens
      • Binary Exploitation
        • Pwnagotchi
        • Boredom
      • Reverse Engineering
        • Ice Cream Bytes
        • AP lab: Comp Sci Principles
        • AP Lab: English Language
      • Forensics
        • Meta Mountain
      • Misc
        • My First Calculator
    • NahamConCTF
      • pwn
        • Syrup
        • Conveyor Belt
        • Dangerous
      • Misc
        • Alkatraz
        • Fake File
        • Trapped
        • Awkward
      • Web
        • Official business
        • Localghost
        • Agent-95
        • PHPPhoneBook
        • Time Keeper
      • Osint
        • Tron
      • Crypto
        • Homecooked
        • raspberry
        • docxor
        • Twinning
      • Scripting
        • rotten: caesars
        • Merriam
        • Gnomes
      • poggers
    • Plaid
      • File-system-based strcmp go brrrr
    • RACTF
      • Misc
        • Teleport
        • NS.mov
        • ST.mov
        • Pearl pearl pearl
        • Discord
        • BR.mov
        • Emojasm 2
        • Spentalkux
        • EmojASM
        • Reading Between The Lines
        • Mad CTF Disease
      • OSINT
        • Tree Man
        • Brick by Brick
        • Remote Retreat
        • Suspended Belief
        • Dead Man
        • RAirways
      • Pwn
        • Finches in a Pie
        • Finches in a stack
        • Solved in a flash
        • Puffer Overflow
          • Puffer Overflow
        • Not Really AI
        • A Flash Of Inspiration
          • A Flash of Inspiration
        • Medea
        • Eccentric Encryption Engima
        • Snakes and Ladders
      • Web
        • Entrypoint
        • Admin Attack
        • Collide
        • Baiting
        • Vandalism
        • Quarantine
        • Quarantine - Hidden Information
        • Getting Admin
        • Finding Server Information
        • Insert Witty Name
      • Forensics
        • Access Granted
        • Cut Short
        • Dimensionless Loading
        • Peculiar Packet Capture
        • Disk Forensics Fun
        • A Monster Issue
        • A Musical Mix Up
        • Cheap Facades
      • Crypto
        • B007l3G CRYP70
        • Access=0000
        • B007L36 CRYP70... 4641N
        • Mysterious Masquerading Message.md
        • Really Simple Algorithm
        • Really Speedy Algorithm
        • Really Secret Algorithm
        • 0x Series
        • Really Small Algorithm
    • Redpwn CTF
      • Crypto
        • worst-pw-manager
        • 4k-rsa
        • pseudo-key
        • 12 Shades of Redpwn
        • priminity
        • base646464
        • Alien Transmissions v2
        • itsy bitsy
        • seekrypt
      • Web
        • Panda Facts
        • Static Static Hosting
        • Tux Fanpage
        • Anti textbook
        • Inspector-General
        • Login
        • Static Pastebin
      • Pwn
        • The Library
        • Coffer Overflow
        • Secret Flag
        • Dead Canary
        • Skywriting
      • Rev
        • SmArT-Solver
          • SmArT-Solver
        • Ropes
        • Aall
        • Bubbly
      • Misc
        • CaaSino
        • uglybash
        • Albatross
    • rgbCTF
      • misc
        • ye olde prng
        • Penguins
        • Picking Up The Pieces
        • Differences
        • hallo
        • Adventure
        • insert witty algorithm name here
      • rev|pwn
        • ARM 1
        • LYCH King
        • Time Machine
        • Object Oriented Programming
        • Soda Pop Bop
        • Too Slow
        • sadistic rev 2
        • Advanced Reversing Mechanics 2
        • Sadistic Reversing 1
      • ZTC
        • Ralphie
        • Peepdis
        • Vaporwave1
        • icanhaz
        • vaporwave 3
        • Vaporwave 2
      • web
        • tictactoe
        • type racer
        • keen eye
        • Countdown
        • imitation crab
      • forensics:osint
        • PI 1- Magic in the air
        • Pi 2
        • robins reddit password
        • Space Transmission
        • Insanity Check
      • beginner
        • Joke check
        • A Basic Challenge
        • Pieces
        • Quirky resolution
        • Shoob
        • Name A More Iconic Band
        • fine day
      • crypto
        • Grab your Jisho
        • Shakespeare Play, Lost (and found!)
        • (rgbctf/crypto/e.md)
        • I Love Rainbows
        • Adequate Encryption Standard
        • Occasionally Tested Protocol
        • rubikcbc
        • N-AES
    • Sharky
      • Give away 2
      • Give away 1
      • Give away 0
      • Romance Dawn
      • The hare and the tortoise
    • TJCTF
      • Circus
      • Forensics
        • Cookie Monster
        • Gamer F
        • Ling ling
        • Rap God
        • Hexillology
      • Misc
        • arabfunny
        • TTW
        • Timed
        • Gamer M
        • Zipped up
        • Discord
        • Censorship
        • Jarvis
        • Slicer
      • Reasonably Secure Algorithm
      • Login sequel
      • Seashells
      • Admin secrets
      • Web
        • Sarah Palin Fanpage
        • Circus
        • Login sequel
        • Weak Password
        • Moar Horse 4
        • Gamer W
        • File Viewer
        • Admin secrets
      • Gamer R
      • El primo
      • Crypto
        • home rolled
        • rgbsa
        • difficult decryption
        • Reasonably Secure Algorithm
        • Is this Crypto
        • Titanic
      • Reversing
        • comprehensive2
        • Forwarding
        • Gym
        • ASMR
        • Gamer R
      • Gamer M
      • Sarah Palin Fanpage
      • Zipped up
      • Is this Crypto
      • Pwn
        • OSRS
        • Stop
        • Seashells
        • Cookie Library
        • Tinder
        • El primo
      • Discord
      • Congenial Octo Couscous
      • Titanic
      • Gamer F
      • Censorship
      • Jarvis
      • OSRS
      • Moar Horse 4
      • Weak Password
      • Stop
      • Ling ling
      • Slicer
      • Cookie Library
      • Cookie Monster
      • comprehensive2
      • home rolled
      • Rap God
      • difficult decryption
      • Forwarding
      • rgbsa
      • Gym
      • arabfunny
      • Tinder
      • Timed
      • Gamer W
      • TTW
      • ASMR
      • File Viewer
      • Hexillology
    • Tokyo Westerns CTF
      • sqrt
      • easy-hash
      • Nothing much to see
      • Twin D
    • Zh3r0 CTF
      • Misc
        • Rainbow Hex
        • Find the Covid19 Vaccine
        • Welcome To Phase 2md
        • Welcome To Phase 1
        • Analyse me
        • snakes everywhere
      • Forensics
        • Run Forrest Run
        • PreDestination
        • Snow
          • Snow.md
        • Hidden Music
        • is it a troll???
        • Soundless
        • PreDestination
        • UnRemovable
        • Katycat
        • LSB Fun
        • Good Ol' IE
      • pwn
        • Command1
        • Free flag
        • Help
      • Crypto
        • We are related
        • Dozen Bases
        • Uncipher Me
        • NASA
        • RSA Warmup-Really Small Algorithm
      • Web
        • Web Warmup
        • Google Source Code
      • OSINT
        • NASA
      • Prenote: As all of these challenges were similar, we decided to combine these under one page.
  • 2021 Writeups
    • Union CTF
      • Antistatic
      • Cr0wn Air
      • Human Server
      • Mordell Primes
      • Neo-classical
      • Nutty
      • Why is a raven
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. 2020 Writeups
  2. RACTF
  3. Misc

Discord

PreviousPearl pearl pearlNextBR.mov

Last updated 4 years ago

Was this helpful?

OWO, we do seem to be getting a lot of these discowrd challenges in CTFs, and they arwe vewwy vewwy hawrd, this one especiawwy!

It seems the fiwrst mention of "Discowrd" being wewated to a challenge in the sewver is way back in Juwuly 2019, whewre miwstew benjamin techinson mentions a token, so that couwuld be a fwag! This awlso meant the challenge appeawed to be unsolvwed since then. As we werwe the team to blood this challenge, I think we should definitely make a wrwiteup on this tough challenge.

The bwiefing weads as fowwows:

Join our discord over at [redacted] and see if you can find the flag somewhere.

OwO, whats dis? A Discowd link? I wondewr what wouwuld happen if I wewre to click it >w< Howewew, I remembewed what happened duwwing angstwomCTF, whewre the link was actuawwy a wrickwoll, which was vewwy iwwitating. Considewwing that thewre wewre othewr challenges in RACTF that wewre inspiwred by angstwomCTF, like peawrl peawrl peawrl, this confiwrmed my theowy that the link was actuawwy fake. So, I decided not to click it. I had to get a Discowd invite somehow howevew, so I kept on seawching. Howevew, I wealised that I would need to make a discowrd account in owdewr to actually wead the fwag. I had done this befowre in TJCTF, so I weffewed back to the wrwiteup I cweated for it.

Thewre was something diffewent howevwew. I didnt spot this rwight away but aftewr following my TJCTF wrwiteup didnt wowrk, I rwealised that I was using the same email. This was vewwy cwucial, as this meant I would need to get a new email, and fast. Howevewr, as with most CTFs me and my team do, ouwr wivals PuWuN to 0w0xE4 wewre also twying to solve this challenge, as it was ouwrs and awlso theiw 59th last challenge, thewefowe this was going to be a fiewrce wace to twy and compwete the challenge. In TJCTF, they ouwutdid us by doing Nauwughty, but nowot this time. This time, we had a new membewr on ouwr team, Rowowan, who is quite good at web, and so he would accompany ouwr wesident newrd and web pewrson, Tony, also known as cluwubby789. This time, with Rowowan on ouwr team, we would be suwure to win and cwush PuWuN to 0w0xE4 once and fowr all. We would teawr them to shweds and fwex our shiny RACTF coins in theiwr faces.

Sowo, we had to find a way to get a new email. How wewre we going to do that though? Well, since I have to be able to access this email fowr vewification, I had to find an email I contwolled.

I was wecommended a site called 10minutemail, which would pwovide me a mailbox which I could weceive mail fwom. This tuwned out to wowrk pewrfectly, as we wewre able to wegistewr an account, and since I didnt have to givwe discowd a weal email, I didnt have any issues with twust like I did in TJCTF, which was a massive time save, and in the end is definitely what helped us cwush PuWuN to 0w0xE4.

Nowow that we had a Discowrd account we could uwuse to access discowrd, we needed to actually find a link to the RACTF discowd sewvewr, which we at fiwst assumed would be the location of the fwag. This again, like TJCTF, took quite a long time. Because they hadnt put the link in the bwiefing, this link took wayyy too long to find. And as always, PuWuN to 0w0xE4 wewre rwright on ouwr tail. Ouwr spies had wepowrted that they had found the link and wewre in the Discowd sewvewr, meaning that they wewre vewwy close to the fwag! This couldnt be happening. We wowrked so hard to solve all 0 challenges befowre this, and all ouwr hawrd wowrk would have gone to waste. We needed to keep going and get these all important 50 points.

We seawrched for ages, and pwaying the entiwre time that PuWuN wouldnt solve the challenge befowre us. Suddenly, one of ouwr team membewrs spotted something. If you went to the actual owiginal RACTF page, that is, , thewre was a thing that said contact, and on thewre there was a button that said Discowrd.

UWU! This suwrely was the link we wewre looking for! With ouwr newly wegistewed Discowrd account, we could use the link to join the official RACTF Discowrd. This was it. We wewre at the same stage as PuWuN to 0w0xE4. It would just be a rwace to find the fwag.

My initial instinct was to try the good old !fla.g command, as castowrsCTF's also insanewly hawrd Discowrd challenge was to uwuse this command, and then the fwag would be DMed to you.

However, it seems the evil mastewrmind behind the sewvewr, Mistewr Benjamin Techinson, the wollewrcoastewr enthusiast, had developed some sowrt of filtewring the command! So this is why PuWuN to 0w0xE4 wewre taking so long! They must have been twrying to bypass the fiwlter that Mistewr Techinson had put in place for this. So this basicawwy confiwmed that this was the challenge. Twying to bypass the fiwlter was quite easy, since Mistewr Techinson cleawrly did a howwible job at fiwltewring and we bypasswed the fiwlter vewwy quickly. It seems he had neglected vewwy many things, for exampwle, using backslashes to not make the bot delete the !fla.g command. Howevewr, I beweive that he did a few patches duwwing the CTF to make the challenge mowre difficult, so I think it was vewwy lucky that we wewre able to get it done eawrly when the challenge was much easiewr, and of couwrse, to cwush PuWuN to 0w0xE4.

Swiftly typing in "!flag", we waited.

We waited some mowre.

A few milliseconds passed. A few cwickets chiwrped.

Eventawwy, we rweawised that this was all just a red hewwing to divwewrt us. This was not the way to go to get the fwag, and no wondewr PuWuN to 0w0xE4 hadnt gotten the fwag yet, as the filwtewr was way too easy to bypass for it to be a challenge.

So, we decided to look at ouwr TJCTF wrwiteup again.

It seems that the fwag could be hidden in announcements, so we had a look thewre for any hints of the fwag location.

We saw a message by thebeanowogamewr that read

"The Discord flag does not require you to run a command"

so we decided to compwetewy ignowre that and continuwue twying to bypass the fiwlter.

Eventually, after 2 mowre seconds, we decided to give up, as it was cleawr we wewre getting nowhewre.

Well whewre could this discowrd flag be? This was getting intenwse, and we knew PuWuN to 0w0xE4 would be clowose on our tail twrying to find the fwag. So, we kept fwantically seawching.

With time on the line, we fwanticawwy seawched the discowrd, thwough the hype channel, and the sociawl channel, but nothing was to be found.

Suddenly, we noticed an image, posted by some weirdo named willwam845.

It was a vewwy basic image, but it had a stwing in fwag fowmat.

ractf{discord_kinda_rocks}

And it had a celebratowy message congwatulating us on finding the fwag! This had to be it.

We wewre finally going to crush PuWuN to 0w0xE4 for once.

Slowly, I copied the fwag into the fwag box, with just milliseconds to spawre.

Howewvewr, it was wejected? How could this be happening?

PuWuN to 0w0xE4 wewre going to beat us now!! This couldn't be happening.

All these milliseconds we had worked so hawrd for. All that wowrk would hawve gone to waste.

Howevrwer, I was detewrmined to find this fwag.

And that's when I wemembewed.

The angstwom discord wwrwiteup.

Since peawlpeawlpeawl was inspiwred by angstwom, I was cewtain that the discowd challenge must also be inspiwred by it too!

And I was pwoven cowwect.

The fwag was indeed in the channel descwription of the genewal channel, and PuWuN to 0w0xE4 seemed to not have submitted it yet!

We wewre finally going to cwush them once and for all!

Slowlwy, but swiftlwy, I pasted the stwing, which was ractf{the_game_begins} into the fwag box, and then hit submit.

"You have already solved this challenge" it read.

What? How could this have happened??

It tuwrns out howevewr, that Rowowan, the new membewr, had alweady submitted it and gotten blood! We were finally on our way to cwush PuWuN to 0w0xE4!

In the end, we got cwushed by PuWuN to 0w0xE4 once again, as they solvwed EEE much fastewr than we did, meaning we did a gweat job, and cwushed them to bits!

Flag: ractf{botters_is_a_sadist}

https://ractf.co.uk/