We introduced "sandboxing" using Node.js vm module on our calculator feature.
When we visit the Discord server we can interact with the
We also get a peak of what the source code looks like:
const vm = require('vm'); const payload = '1+1'; console.log(vm.runInNewContext(payload));
The problem is that spaces is not allowed, so we will have to bypass that restriction when sending our payload.
The payload we want to send looks like this:
This will basically "break out" of the sandbox, and allow us to access resources outside of the vm environment.
But since the payload contains whitespaces, we need to convert every character in
return this.process to decimal, and use String.fromCharCode() to decode it back again.
In hindsight we could've just encoded the single whitespace character that's causing the issue, but, oh well. I was kind of tired when doing this challenge and didn't think straight ;)
The final payload ends up looking like this:
And when we send that payload to the discord bot, we get the flag.