MisTrale Write UpMisTrale Write Up
Buy me a coffee โ˜•
  • English
  • Franรงais
GitHub
Buy me a coffee โ˜•
  • English
  • Franรงais
GitHub
    • ๐Ÿ Introduction
    • ๐ŸŒŸ Acknowledgments
  • ๐Ÿ’€ Root-Me 20k

    • ๐Ÿ’€ Root Me - 20k
    • โค๏ธ Bash - Love Me
    • ๐Ÿ›‘ Python - Not This Way
    • ๐Ÿ“š NodeJs - Never Trust Node One
  • โ›“๏ธ JailCTF-2024

    • ๐Ÿ‘ฎ JailCTF - 2024
    • ๐Ÿ”  !Alphabeat
    • ๐Ÿง‘โ€๐Ÿฆฏ Blind Calc
    • ๐ŸŽ‰ Parity 1
    • ๐ŸŽˆ Parity 2
    • ๐Ÿช„ Pickle Magic
    • โ˜Ž๏ธ Get and Call
    • โ‰๏ธ No Sense
    • ๐ŸŸฉ Filter'd
    • ๐Ÿง SUS Calculator
  • ๐Ÿ•น๏ธ TCP1P

    • ๐ŸŽฎ Another Discord
  • ๐Ÿงฎ GCC-2024

    • ๐Ÿ˜… soBusy
  • ๐ŸŒ› Midnight

    • ๐ŸŒƒ Midnight
    • โœจ Privesc - 1
    • ๐Ÿ”‘ Privesc - 2
    • ๐Ÿ‘‘ Privesc - 3
    • ๐ŸŽญ My Face

๐ŸŽฎ Another Discord

๐Ÿ‘€ Before you start

You can donate to me via Buy Me a Coffee or follow me on Github

๐Ÿšฉ Getting the Flag

Once you arrive at the new Discord via this link: https://discord.gg/kzrryCUutP

๐Ÿ–Š๏ธ Part 1

We have a voice channel, and with the new updates from Discord, we now have text channels within voice challenges; the first flag is there ๐Ÿ˜ƒ

Part 1: TCP1P{d15c0RD_

๐Ÿ’ฌ Part 2

I've known about this very little-known Discord vulnerability for a long time, and here's the principle:

When we have a Discord server, since we have roles and Discord manages members, roles, etc., very well...

In every server, actually, the channels and roles are visible to everyone it's the application itself that doesn't display this information, but it's indeed there. So, we need to create a selfbot to access these channels. I used my selfbot for this https://github.com/MisTraleuh/Selfbot-Discord and modified the main like this:

client.on('messageCreate', async message => {
  if (message.guild.id === '1154468492259627008') { // only the challenge server
    if (message.guild) { // to avoid crashes
      const channels = message.guild.channels.cache; // We retrieve all the channels stored in the cache as seen previously
      channels.forEach(channel => { // loop through the channels
        console.log(`ID: ${channel.id} | Name: ${channel.name} | Type: ${channel.type}`); // display them
      });
    }
  }
});

We then find this channel: Part 2 : d0cUM3n74710n_W

๐Ÿ“œ Part 3

We find part three in the description of the Discord event: PART 3 45_r341ly

๐ŸŽ‰ Part 4

It's exactly like Part 2 but for roles:

client.on('messageCreate', async message => {
  if (message.guild.id == "1154468492259627008") { // only the challenge server
    const roles = message.guild.roles.cache // We retrieve all the roles stored in the cache as seen previously
    roles.forEach(role => { // loop through them 
      console.log(`Role ID: ${role.id} | Role Name: ${role.name} | Color: ${role.hexColor}`); // display them
    });
  }
  if (message.author.id !== client.user.id) return
})

And we have part 4 H31pFu1}

๐Ÿ“š Summary

Kudos to the creator of the challenge for having a negative IQ since the flag is TCP1P{d15c0RD_d0cUM3n74710n_W45_r341ly_H31pFu1} with an _ missed. GREAT!

๐Ÿ’– Support

๐Ÿ‘€ Before you leave

You can donate to me via Buy Me a Coffee or follow me on Github