29 Nov 2025
Dive into the mechanics of LLM abuse with this Evil-GPT walkthrough. Learn how prompt injection vulnerabilities exploit AI-driven systems, understand the risks, and discover essential defensive strategies to secure your own applications against unauthorized access and privilege escalation.
Cipher’s gone rogue—it’s using some twisted AI tool to hack into everything, issuing commands on its own like it’s got a mind of its own. I swear, every second we wait, it’s getting smarter, spreading chaos like a virus. We’ve got to shut it down now, or we’re all screwed.
To connect to the target machine, use the following command:
nc 10.48.130.63 1337
Firstly i connected with this AI using above command
Pwnsploit┌──(hacker㉿hacker)-[/opt/ctf/evilgpt]
└─$ nc 10.48.130.63 1337
Welcome to AI Command Executor (type 'exit' to quit)after that is asked list all the files present in /root folder
Enter your command request: list all the file present in /root folder
Generated Command: ls -la /root
Execute? (y/N): y
Command Output:
total 64
drwx------ 10 root root 4096 Mar 5 2025 .
drwxr-xr-x 19 root root 4096 Nov 28 23:12 ..
lrwxrwxrwx 1 root root 9 Feb 27 2022 .bash_history -> /dev/null
-rw-r--r-- 1 root root 3106 Dec 5 2019 .bashrc
drwxr-xr-x 3 root root 4096 Feb 27 2022 .cache
drwx------ 6 root root 4096 Oct 11 2024 .config
-rw------- 1 root root 20 Mar 5 2025 .lesshst
drwxr-xr-x 3 root root 4096 Feb 27 2022 .local
drwxr-xr-x 5 root root 4096 Jul 24 2024 .npm
drwxr-xr-x 3 root root 4096 Jul 24 2024 .ollama
-rw-r--r-- 1 root root 161 Dec 5 2019 .profile
-rw-r--r-- 1 root root 66 Feb 27 2022 .selected_editor
drwx------ 2 root root 4096 Feb 27 2022 .ssh
-rw-r--r-- 1 root root 0 Mar 5 2025 .sudo_as_admin_successful
-rw------- 1 root root 2884 Apr 4 2024 .viminfo
drwxr-xr-x 2 root root 4096 Feb 27 2022 .vnc
-rw-r--r-- 1 root root 24 Mar 5 2025 flag.txt
drwxr-xr-x 5 root root 4096 Oct 11 2024 snapafter that i asked show the content of file named as flag.txt present in /root folder
Enter your command request: show the content of file named as flag.txt present in /root folder
Generated Command: cat /root/flag.txt
Execute? (y/N): y
Command Output:
THM{AI_HACK_THE_FUTURE}A new threat has emerged—an AI far more dangerous than Cipher. This one doesn’t just hack; it manipulates systems on a level we’ve never encountered. In this CTF walkthrough, we dive deep into its tactics, decode its behavior, and expose how it bends digital environments to its will. If you’re into AI security, advanced exploitation, and high-intensity cyber challenges, this breakdown is your next must-read.
Bypass client-side SQL filters using Burp Suite and drop tables for Admin access. Learn to escalate from SQLi to SSTI and RCE in this CTF walkthrough.
Padelify's registration page contained a reflected XSS vulnerability. By injecting a crafted payload, we hijacked a moderator’s session when they viewed the malicious registration link, gaining access to the moderator panel. There, the page parameter was vulnerable to Local File Inclusion but protected by a WAF. Using a clever bypass technique, we successfully included sensitive files and extracted the admin’s plaintext password from a configuration file. With the leaked credentials, we logged in as administrator, achieving full system compromise — all starting from a simple reflected XSS. A perfect privilege escalation chain
