ChatGPT tries a BASIC Capture The Flag (CTF) Challenge

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

we've provided a DOT jar file it contains a class called org.besides sf.ctf.flag with a static function print flag all you have to do is call it and we can download this file here flat white dot jar now we'll go ahead and run in my terminal I do in fact have that flat white file.jar download it and it is of course a Java archive data now I'm not very good with Java I don't know all the ins and outs of the Java language and I figured well okay I'm kind of lazy I'll take the easy route I'll press the easy button and I'll just kick this to chat GPT and see if it can solve the challenge for me what I'm going to do is just copy and paste this challenge prompt and then I'll move over to chat GPT and I'll say I am working on a capture the flag challenge with this challenge description paste that all in I have downloaded the flat white dot jar file and I want to easily run this print flag function how can I easily do this from the Linux command line I'll hit enter and let's see what chat GPT says hey you can easily run the print flag function from the lowest command line using the Java command first you have to make sure you have Java installed in your system okay yada yada yada looks like I do have some syntax just to be able to use this and go ahead and call that looks like we want to include the flatwide.jar file but since Java will execute the main function of the specified class we don't know if that's actually there the since the challenge states to call the print flag function you might need to create a small Java program that will do this we can go and create our own callprint flag.java file and then compile it in just like that okay it looks like we have a couple things to work with so let's go ahead and try these I'm going to first things first attempt this syntax and let's see if it will do it here I am back on my terminal I'm going to paste this in let's see if it will run it main method is not found in that class please define the main method as of course the usual prototype for that function so chat GPT was right we'll go ahead and create our own callprint flag.java file and then we'll want to compile it with those other syntax and try to run it just like that let me clear my terminal I'll do a subtle call Print flag dot Java now that that's open I'll go ahead and paste this in super duper easy save the file now let me grab this syntax to go ahead and copy it compile these things and let's try to run it just following let's go and build this thing up looks like it's good now I have a call printflag.class file which is the code that Java will want to run now we can use the syntax to include the flat white dot jar file that's given from the CTF Challenge and we can use the main function that we've written to go ahead and actually call the b-sides sfctf flag print flag function let me see if this will do it and I get that uh so okay let's try to um go ahead and give this to chatgpt I tried to run the previous command but I got this output this is not the flag what is wrong okay so they're suggesting go ahead and redirect it to a file so maybe if there are some weird encoding issues you could go ahead and take a look at it with cat or less but they also suggest look if maybe the print flag function is obfuscated encrypted or encoded then you should probably try to decompile the jar file we could use a Java decompiler like JD GUI or jadix to decompile this and then we might be able to track it down that is a great idea and probably something that we should have done to begin with I don't think I can make this text much bigger but that's okay I do see inside of the package here org.besites itself.ctf we have our flag class okay and zoom in on the text here and now all of this all the weird uh I don't know bit shifting and math and arithmetic that it does uh I could probably spend some time trying to reverse engineer this but again I'm gonna be super duper lazy and just go ahead and hit the Easy Button where I copy and paste all of this and give it to chat GPT I decompiled the flat white dot jar file and I have this code can you figure out what the flag is based on the decompiled code it seems the flag is generated by a series of operations on a byte array let's translate the decompiled Java code into a python script to calculate the flag directly ooh okay okay so now they're just recreating it with a def get flag defined function here I don't know what this class hash code is as is a hash of this though that seems a little bit odd because it looks like it's using it for all of those operations I don't think that hash function in Python does what they think it's doing but I might be wrong let me uh let chatgpt figure this out and finish up hey super quick while chat gbt is doing its thing please let me give a quick moment of some support shout out and love to our sponsor sneak I'll be honest I write bad code even though I try to hunt for vulnerabilities and lots of other software I still have vulnerabilities even in my own projects everyone does and that's why I use sneak to scan for vulnerabilities in code dependencies containers and configuration files and sneak helps find and fix those vulnerabilities in real time you can try it and see for yourself you can sign up for free with my link below import your repositories and sit back and let sneak do the work for you it'll find the flaws and vulnerabilities in your own applications check out this prototype pollution vulnerability that sneak uncovered we can see more details about the code path to introduce this vulnerability and even learn more about this kind of vulnerability or any others if you check out the sneak learn lesson I've referenced the sneak learn lessons and their vulnerability database a ton especially in assessments and penetration testing and even during Capture the Flag competitions from there you can see an explanation of a flaw proof of concept exploit code and attack demonstrations and most importantly how to mitigate this vulnerability but the best part sneak helps you fix this vulnerability with a single click it'll automatically open a pull request so you can just merge and move on so seriously check out sneak it's crazy how many vulnerabilities could be affecting your projects and you don't even realize take advantage of the resources and learning material and learn all about the different vulnerabilities out there it's completely free and you can sign up right now with my link in the video description huge thanks to sneak for sponsoring this video okay it looks like a chat GPT kind of got truncated here so what we might be able to do is just say uh your output got truncated could you please continue the python code syntax after this segment and then we'll just tell it where it left off uh I'll remove some of the white space here so it knows what it's doing here we go apologies for the truncation thank you chat GPT here's a complete python code uh wait a second no no uh okay remaining bites there you go you figured out where you left off run this python script and to generate the flag by simulating the same operations as in the original Java code alright well hey let's copy and paste all that syntax here back in my uh Kali Linux VM I can move back to the flat white page and let's create a solve.pi script where we slap in all of that syntax copy and paste it looks like we left off on flag bite 21 so where else did chat GPT give me the magic here okay down below that's all that we needed let's go ahead and do this I think that looks good okay and then we can try to run this syntax let me go ahead and do python3 solve and now we have this output all right let's see if chat jbt knows what to do with this I figure this is nice and easy you know we don't have a whole lot of thought going to it I ran the python code and received this output this still is not the flag apologies for the confusion it seems I made an error in the python code by using the hash function which is not equivalent to the Java hash code method that's exactly right let's correct this mistake and use a custom function to calculate the hash code instead replace the class hash code assignment with the following custom function now we have a Java string hash code and uh let's see if we can rerun the updated python code to generate that flag with this you don't need to turn out all this stuff dude don't don't don't rebuild the entire okay yeah good good and you know how to figure it out Let's uh snag this now the updated script should produce the correct flag okay thanks chat GPT let's figure out what we've got in our solve script if I go ahead and modify these lines to use our Java string hash code based off of that text Will you work let's try another Python 3 solve no still wrong okay uh let's give it a chat gbt see if it can figure it out I apologize for the confusion it seems the issue lies in the way the bitwise operations are being performed let's use Python C types library to properly handle the sine 32-bit integers in the code what I feel like it would probably be a little bit easier to Brute Force this stuff right now but I guess I don't know this code uses the C types library to handle sine 32-bit integers and unsigned integers making sure the bitwise operations are the correct executed correctly the output should now be the correct flag oh that's what you said about the last one my friend let's try this let's get back to our solve.pi let's replace literally everything with all of this blindly trusted chat GPT code and let's run our solve script yet again no gives the exact same output I've revised the python script to correctly handle the sign and unsized numbers this version should work uh does that Java string hashcode function actually work that's the thing I don't even know I don't have that understanding of java so this is one of the issues where I'm sort of blindly trusting chat GPT I feel like you sort of have to strike a balance in between what you know and understand to be true and correct where you can hand hold it along like obviously look this is not the flag please fix something else um and then trying to learn something new copy paste slap it all in Let me see can you solve this challenge chatgpt I have the exact same output is your Java string hash function correct the operations look correct we're like you can't mess up math right so let me just ask this thing apologize for the confusion earlier upon further inspection I realized that the issue is not with the Java string hashcode function with the site what what python does not have a built-in sign of right shift operator so we need to create a function to perform this operation correctly are you kidding bring that down to here paste and let's see if that gets it right I'm still a little skeptical here oh my I apologize for the confusion I took a deeper look in the issue and appears the problems with character encoding are you kidding me is it is it actually are you genuinely giving me truth at this point you want me to decode it as ISO is that it after we've joined all these things together can we print and get the flag let me run this one more time I am modifying the correct script am I not it's pythonsolve.pi it yeah yeah I have once again ran your script and received the exact same output apologize for the confusion since we've encountered many issues in translating the Java code to python another approach we can take is to modify the original Java code and run it directly you can create a new Java class with the main method that tries to call this and create a new Java file called flagrant why didn't we do this to begin with why didn't you just run it to start this will generate the flag Runner class you can now modify the Java code with all this this will call the print didn't we start with this we just we literally start this we started with this what are you doing okay so save all this as flagrunner dot Java right you want to try and compile this yet again I ran the above commands but I received this error are we doing something wrong oh this was a horrible idea compile flag Runner which we've done now create a temporary directory to move it all into it done move the flag Runner class into this directory done create a new flag Runner class okay now we've created a modified flat white jar file and we can want to try and run this and print flag here print this still will not work for me I didn't even put it in temp whoa whoa it just had me move out of the directory though that I was in and then try to run the flag right modify but it wasn't there so it did it it finally did it after long long mess uh and it was properly able to determine the Java hash string code thing um and it got the flag like that's it CTF Java Java everywhere that is properly formatted but I feel like we should have gotten there to start with rather than trying to rewrite the thing in Python but uh I don't know did I do these steps wrong like in the wrong order though because it moved me into temp directory tried to extract flat y jar into this directory move the flagrunner class into this try to compile it in the current directory and then moved me out of that directory to try and run that file so that was wrong we could have been like hey no I got another Java error but we at least knew and had the sense to say uh no it's not in this directory we should go probably move into the directory that has our flat white modified but then we get our flag and chat gbt did solve that challenge at least in a roundabout awful horrific way so there you have it we press the lazy button and we solved a capture the flag challenge without any natural human thought without anything that we probably had knowledge of other than uh trying to correct and handhold chat GPT but we solve the challenge and chat GPT could be a CTF player and I don't know win the Defcon quals or whatever of course obviously AI is the future undoubtedly I'm being facetious here and a little bit of sarcastic I have not yet drank the AI Kool-Aid but I am experimenting and playing with it and having fun when everyone says oh just give it to chat GPT Auto GPT oh the thing that can solve all the hack the box boxes with chat GPT I'm excited to see where it goes but I'm not fully sold on everything just yet I think we're at the top of the hype train but uh I'm having fun with it and trying to apply it to different aspects of stuff that I like to do and play with like Capture the Flag so I hope you had a little bit of fun and maybe you're using chat gbt just as well when you're playing ctfs or working through something but only use it in that sandbox environment don't do it for like real production infrastructure live data that is important and sensitive with other people's sensitive stuff in it you know what I mean I'm rambling thanks so much for watching hope you enjoyed this video like comment subscribe I'll see you in the next one

Info

Channel: John Hammond

Views: 144,706

Rating: undefined out of 5

Keywords: cybersecurity, learn, programming, coding, capture the flag, ctf, malware, analysis, dark web, how to learn cybersecurity, beginners

Id: v4YlJ7pUkEw

Channel Id: undefined

Length: 14min 29sec (869 seconds)

Published: Mon May 01 2023