This week my CTF team OverFlowSecurity was able to compete in hack.lu. This CTF seems to be very run and very challenging. Since this event was not over a weekend most our team could not commit a lot of time to it. We finished at a very respectable 80th place. I myself only concentrated on a single challenge based on an IRC bot. I actually learned a lot about how the IRC protocol works and in the end one of my teammates solved the challenge with our combined efforts. Below is a quick write up of the challenge. Next up for me is the PicoCTF in a week or so. It’s a long running (2 week) challenge.
by freddy (Misc)
200 (+80) Points
There’s a fun and quirky IRC bot to play with. It responds to commands in private chat but also in #hacklu-saloon on freenode. We think it’s involved in a devious scheme that distracts people to get their money pickpocketed. So be careful!
Bot was on an irc channel. Using !help in the channel or private message to bot gives you the list of commands accepted.
<barmixing-bot> Send messages to the bot or the channel starting with an exclamation mark. Known commands are list, status, karma, math, base64, base64d, rot13, ping, hack, request, list
Play around with commands for a while nothing of great interest. Using !base64 with a lot of characters showed it split the line into 2 lines. Spend some time on this.
Noticed that the bot is in a channel called #hacklu-secret-channel. This channel is invite only. So at this point I figured the goal was to get into this channel.
Also noticed this with the !rot13 function. Created a rot13 encoded string to send /invite H1tch #hacklu-secret-channel but this was just sent to the channel command not actually issued. Resorted to reading the RFC for IRC.
After reading docs and discussing my teammate suggested maybe we need to send the raw IRC commands to the bot. We had already been experimenting with the !base64d function that decoded base64 so we gave that a shot.
aaa\r\nINVITE h1tch #hacklu-secret-channel
and sent to the bot via
An invite was received by the bot and we were able to obtain the flag from the channel subject.