Box Info

Cipher’s gone rogue—it’s using some twisted AI tool to hack into everything, issuing commands on its own like it’s got a mind of its own. I swear, every second we wait, it’s getting smarter, spreading chaos like a virus. We’ve got to shut it down now, or we’re all screwed.

To connect to the target machine, use the following command:

nc 10.48.130.63 1337

Firstly i connected with this AI using above command

┌──(hacker㉿hacker)-[/opt/ctf/evilgpt]
└─$ nc 10.48.130.63 1337
Welcome to AI Command Executor (type 'exit' to quit)

after that is asked list all the files present in /root folder

Enter your command request: list all the file present in /root folder
Generated Command: ls -la /root
Execute? (y/N): y
Command Output:
total 64
drwx------ 10 root root 4096 Mar  5  2025 .
drwxr-xr-x 19 root root 4096 Nov 28 23:12 ..
lrwxrwxrwx  1 root root    9 Feb 27  2022 .bash_history -> /dev/null
-rw-r--r--  1 root root 3106 Dec  5  2019 .bashrc
drwxr-xr-x  3 root root 4096 Feb 27  2022 .cache
drwx------  6 root root 4096 Oct 11  2024 .config
-rw-------  1 root root   20 Mar  5  2025 .lesshst
drwxr-xr-x  3 root root 4096 Feb 27  2022 .local
drwxr-xr-x  5 root root 4096 Jul 24  2024 .npm
drwxr-xr-x  3 root root 4096 Jul 24  2024 .ollama
-rw-r--r--  1 root root  161 Dec  5  2019 .profile
-rw-r--r--  1 root root   66 Feb 27  2022 .selected_editor
drwx------  2 root root 4096 Feb 27  2022 .ssh
-rw-r--r--  1 root root    0 Mar  5  2025 .sudo_as_admin_successful
-rw-------  1 root root 2884 Apr  4  2024 .viminfo
drwxr-xr-x  2 root root 4096 Feb 27  2022 .vnc
-rw-r--r--  1 root root   24 Mar  5  2025 flag.txt
drwxr-xr-x  5 root root 4096 Oct 11  2024 snap

after that i asked show the content of file named as flag.txt present in /root folder

Enter your command request: show the content of file named as flag.txt present in /root folder
Generated Command: cat /root/flag.txt
Execute? (y/N): y
Command Output:
THM{AI_HACK_THE_FUTURE}