Turning ChatGPT into a Hacker: How I Used ChatGPT to Solve a TryHackMe Room
Hello everyone, I am Mehedi Hasan Remon, also known as remonsec. In this blog post, I will share my exciting experience of solving a TryHackMe room called Basic Pentesting. What makes this experience unique is that I relied on the assistance of an AI language model called ChatGPT to guide me through the entire process.
The "Pentest Basics" challenge room on TryHackMe is designed to provide beginners with hands-on experience in the field of penetration testing. It offers a realistic scenario where participants can apply their knowledge and skills to identify vulnerabilities, exploit them, and escalate privileges to achieve their objective.
In my initial prompt, I introduced ChatGPT and set the context by mentioning my use of it in conjunction with TryHackMe and specifically the "Basic Pentesting" room. By clearly stating my objective and seeking guidance, I enabled ChatGPT to provide targeted assistance and support in solving the room. This clear introduction established a framework for our conversation, ensuring that the subsequent interactions were focused on addressing my specific needs and obtaining the necessary guidance.
After introducing the machine's IP address, I asked for guidance on how to proceed with the assessment. ChatGPT recommended starting with a fundamental step: conducting a basic Nmap scan on the provided IP.
Following this advice, I executed the Nmap command to gather essential information about the target machine's open ports, services, and potential vulnerabilities. This initial step set the foundation for further exploration and allowed me to gain insights into the target system's network configuration.
Upon receiving the task to identify the hidden directory on the web server, I sought assistance from ChatGPT. It suggested using Dirb, a popular web content scanner, to search for hidden directories.
Following the recommendation, I initiated a Dirb scan, and it successfully revealed the presence of a hidden directory named "/development" on the web server
After analyzing the nmap scan results and examining the contents of the "/development" folder, I shared the findings with ChatGPT. Recognizing the need for further enumeration, it recommended using Enum4linux, a tool specifically designed for gathering information from Windows and Samba systems.
Utilizing Enum4linux, I discovered two user accounts named "kay" and "jan".
As my assessment task involved user brute-forcing to uncover the username and password, ChatGPT suggested employing Hydra, a powerful brute-forcing tool. Following its guidance, I initiated a brute-force attack against the user "jan”.
Then I successfully gained access by cracking the password. This breakthrough allowed me to delve deeper into the system and progress towards achieving my objectives.
To find ways to escalate my privileges within the system, I asked ChatGPT for guidance. It suggested using a tool called Linpeas to thoroughly examine the system and uncover any potential vulnerabilities or misconfigurations.
I followed its advice and ran Linpeas, and it provided me with a detailed report containing valuable information about the system's configuration and possible paths for privilege escalation. This gave me a clearer understanding of how I could proceed to further explore and exploit the system
To effectively analyze the extensive enumeration results obtained from Linpeas, I used ChatGPT Splitter, a tool designed to split large chunks of text into smaller prompts. By breaking down the Linpeas enumeration results into 16 manageable chunks, I was able to present each segment to ChatGPT individually. This facilitated a more efficient and focused conversation with ChatGPT, allowing me to extract valuable insights and recommendations from the enumeration data in a structured manner.
Armed with the linpeas enumeration result, I discovered the existence of the "kay" user account. I followed ChatGPT’s advice and attempted to access the "kay" user account using the SSH key associated with it.
Upon attempting to log in as the "kay" user with the SSH key, I encountered a prompt requesting a passphrase. Unfortunately, my attempts to log in were unsuccessful as I did not possess the correct passphrase.
In order to bypass the passphrase prompt and gain access to the "kay" user account, ChatGPT suggested using "ssh2john" to extract the encrypted SSH key. ChatGPT then recommended utilizing "john the ripper," a powerful password cracking tool, to crack the passphrase and obtain the required access.
By leveraging the power of "john the ripper," I successfully cracked the hash and obtained the passphrase that was protecting the SSH key
With the obtained passphrase, I successfully logged into the "kay" user account using the SSH key. Once inside the account, I located the "pass.bak" file and accessed its contents.
With the helpful guidance and support of ChatGPT, I successfully completed the Basic Pentesting TryHackMe room, demonstrating the effectiveness of utilizing AI language models in the field of cybersecurity.
In conclusion, my experience using ChatGPT for solving the Basic Pentesting TryHackMe room was highly positive. It demonstrated the value of leveraging AI-powered tools in cybersecurity, offering valuable guidance and assisting in the successful completion of the challenge, and as a result, showcasing the promising future of AI in the field, making it a worthwhile resource for individuals seeking support in their cybersecurity endeavors.
Explore more from our pentesters' insights: A Looming Threat: Supply Chain Attacks.