Insanity 1 - OSINT/Misc

Points: 100 | Difficulty: Easy | Author: x03e | Flag: 0xfun{1ns4n1ty_d15c0rd_1_thr0ugh_r0l3s} | Solved by: Smothy @ 0xN1umb

what we got

Challenge description:

By digging deeper, we can uncover things through platforms that typically aren't included by default.

plus a Discord guild ID and a bot token. classic "go look at something on Discord" vibes.

the solve

so the challenge is basically telling us: there's something hidden in the Discord server that you wouldn't normally see. "not included by default" = hidden roles that don't show up in the member list.

Discord roles with hoist: false and color: 0 are invisible in the sidebar - you'd never see them just scrolling around the server. but the API sees everything lmao

hit the Discord API with the bot token they gave us:

curl -s -H "Authorization: BOT_TOKEN_HERE" \
  "https://discord.com/api/v10/guilds/1434176687188475926/roles" | python3 -m json.tool

two roles come back:

1. @everyone - the default one, nothing special
2. 0xfun{1ns4n1ty_d15c0rd_1_thr0ugh_r0l3s} - there it is lol

the flag was literally a hidden role name. hoist: false, color: 0, position: 1 - completely invisible in the Discord UI unless you're checking via API or have admin perms to see it in server settings.

ngl this was a freebie if you know how Discord's API works. the hint "RUwDQBsSxt" was probably just a red herring or invite code.

flag

0xfun{1ns4n1ty_d15c0rd_1_thr0ugh_r0l3s}

smothy out ✌️