Hacking With ChatGPT (it's a game changer)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you've been around the programming or cyber security field for any length of time then you know that the secret is to use Google anytime you don't know something or you need a piece of code or you don't understand the syntax of something you would go out to Google and you would just type in your question into the Google search bar and then you would have to read through a bunch of documentation I am here to tell you that I think Google has lost its place in the world of programming and cyber security because chat GPT is now the place that I am regularly going to and if you are not then I'd really do think you are missing out on speeding up your progress you will save so much time as a penetration tester or bug Bounty Hunter if you would just use chat GPT so I'm here to show you a few ways that will really speed up your productivity so let's go ahead and check these out so I think you're going to find it really interesting that you can automate your recon even if you don't know how to program you can automate your recon and you can do this really really quickly by just typing in to chat GTP can you write me a python script that will ask me for an IP address for an input then take that IP address and and run nmap scanning all ports and then we want it to run derb on that IP address and then maybe we want it to run something like a mass so we can say and then run a mass and so we'll go ahead and see what it gives us as an output and so I don't think we'll change this too much I think I'll just add a dash V in here so we can actually see the output so we can copy this we can take it over to our cloudy machine and we'll CD over to the desktop we can G edit and we'll call this um Recon dot pi and we can paste this in right here I do want my nmap to have a dash V so that way you guys can actually see it running so we'll save this right here and we can run this by typing in Python 3 and then we called it recon.pi and it's going to ask us for our IP address I actually have a box running on hack the box so that we can test out our script to make sure it works and we can run that and you can see for 80 is open port 22 is open 3306 I think we can hit command C and it'll automatically skip to our next task which is going to be running durb and then if we hit command C again it's going to run amass which is not going to work because we are on a hack a box machine so it'll probably fail out which is okay and there you have it we have a written a python script with a chat GPT so what you can do with this is you can add in your entire workflow that you use whenever you start scanning a Target or you do any kind of CTF you can just go ahead and you can put in here maybe you want to run HTTP probe or maybe you want to run sublister and you can just tell it you can list out what you want it to do and you can see you don't even need to know how to write any code in order to get this to work so that is something that is really nice that you can do with the chat GPT so the next thing you are going to run into really really often is you're going to find some kind of output especially if you do any kind of ctfs that is is going to have maybe a bunch of different lines of a document and you'll have like an email address a username maybe an ID and maybe a position within the company or something like that and you'll have like four different lines but really all you want is the ID and their username or the actual person's name so what we can do with chat GTP instead of writing our own bash script it's going to filter out everything that we don't need such as like their position or an email address or really anything we can tell it we want just the username and adjust the ID so let's go ahead and I'll show you what this looks like you may be thinking I'm never going to use this and you would be wrong to think that there you're going to be using for loops and cutting stuff all the time from scripts as a penetration tester so what we can do is the first thing we'll do is we'll just telechat GPT to give us some dummy output so we'll just say can you give me lorem ipsum with four words and then then return to a new line and I want 20 lines let's see what it gives us and hopefully that will work for us and it actually understood what I asked for and it did so here we go we can copy this right here we'll just hit command a no we won't we'll come and click that or copy button we'll come back over here and we can G edit and we'll just call this ipsum.txt we can paste this in so now we have our four words so what we want is like Pretend This is the user that we want and this would be the ID so this is just some tummy text so we can grab the second and the fourth words and you're going to be using scripts like this all the time and it's really nice because you don't have to sit there and write your own for Loops anymore this will just do it for you right here so we can just say I need a bash script that will get the second and fourth word on each line so let's go ahead and see what it gives us let's go ahead and run this I can already see we're gonna have to modify this just a little bit to get this to work how I want it to but we can go gedit bash dot SA H and we can just paste this in here because we're not going to be using any kind of file name we can just delete this and we can just delete all of that because we're going to cut out our own file and pipe it into this little script right here so if we save all this this should work for us we should be able to cut out our file right here our ipsum.txt and then we're going to call bash in order to run our bash script and if we run it we get the second and fourth word in that entire script and in our little pretend scenario this would be like a username and an ID because then we can sort out who we want to attack and what specific order and who is important to us in our penetration testing engagement so instead of having to write your own bash scripts this is something that is going to be really really helpful for you and maybe bash is just a little bit over your head and what you can do is you can just come down here and you can say can you give me this script in Python because typically python is going to be a lot easier to read and so you have have the same script and you can just use this right here so we have this with open I don't like this as much because the width open means we're going to have to use that specific file name and I would rather just cut out my own file and then run it into the bash script I personally think that's a lot easier to do so I would rather use bash but this is something that is going to be really helpful for you in the future and another way that this is really really going to save you a ton of time is I am constantly asking chat GPT for different kinds of syntax so let's say we need a reverse shell for aspx which is really common you're going to see that a lot we can just come down here and we can say what is the Syntax for msf Venom aspx shell and we'll run that and see if it will work for us and it does right here all we would have to do is change our local host and our attacker and it's going to tell us we have our shell and it's going to save it as shell.aspx so right there is one way you can use this or you can use SQL map I don't use that often enough and I'm often forgetting the Syntax for SQL map so I can just come down to the message and I can ask it I need SQL map Syntax for dumping users from the user's table and the database name is data so we'll go ahead and run that and it will give us the different ways we can run this command so this is using a URL and maybe we don't want to use the URL maybe we have saved the post request or the get request that is vulnerable to SQL injection and what we can actually do is come down here and we can actually just copy this that we just typed and say that we want that that syntax from a text file that we saved so let's say from a txt file I saved so let's see if it can do that and it did not give us this right um this should be a dash R in SQL map so you could play around with this and see if you can get it to give you the proper syntax I use this a lot whenever I'm looking up Syntax for a tool that I don't know how to run like let's say I needed a Syntax for Hydra with SSH root forcing we can run this and see what it gives us and it does it gives us the syntax saying we have a username and a password list this is the right way to do this so this is really helpful to get syntax and this is going to save you a ton of time lastly one thing I really like to do with chat GPT is use it to get information about new cves or vulnerabilities that have recently come out so if we come out to the Google machine and we just say we want a vulnerability what's an old vulnerability we can say Eternal blue cve and we can get the cve number and we can just say what is explain the cve to me and it should be able to to do it so we can say what is this cve and it should explain it to us and it's going to tell us right here Eternal blue this is the CBE for this if there's a new cve that has come out and it has been disclosed and there is a remedy for you then chat GPT will most likely be able to explain it to you and you can even ask it how would an attacker use this and pull it off to see if your target is vulnerable to that specific cve so these are some of my favorite ways to use chat GPT that saved me a ton of time if you have any ways that you have found that chat GPT saves you a bunch of time whether it's in programming or in cyber security please let us know down in the comments thanks for watching

Info

Channel: Ryan John

Views: 26,167

Rating: undefined out of 5

Keywords:

Id: RthDWuLQT0k

Channel Id: undefined

Length: 10min 5sec (605 seconds)

Published: Fri May 05 2023