### slash flag

eyy first flag in a month or so after the def con + maplectf organizing drain

only organizers can use the discord bot, but turns out we can just invite (using universal invite link + bot id) and name our own role as organizers to bypass it after reading the [repo](https://github.com/solopie/storage-bot) in about me 

the gist is they are doing bash operations, but in all uppercase

but it turns out create has unsanitized input for file name (`echo '${text}' > ${filename}`), and with that we can chain multiple commands

`{VAR,,}` in bash allows turning into lower case so this means we can finally run commands (since bash commands are case sensitive)

so we can just run `TEST; A='EVAL ECHO $(CAT /FLAG/FLAG.TXT)'; ${A,,} > STHDIFF` then verify with /list and we can see sthdiff is created

read it with /open and we get the flag `DUCTF{/flag_didn't_work_for_me...}`