avatarJonathan Mondaut

Summary

An individual leveraged ChatGPT to explore ethical hacking, enhancing their knowledge and skills through customized AI interactions and practical exercises.

Abstract

The author of the web content recounts their journey of using ChatGPT, a Large Language Model (LLM), to delve into the world of hacking. By uploading a list of Common Vulnerabilities and Exposures (CVEs) and configuring a Custom GPT, they created a tool that could guide them through Capture The Flag (CTF) challenges. The narrative describes a step-by-step approach to learning hacking techniques ethically, without the need for extensive programming or hacking knowledge. The experiment demonstrates that with the right resources and AI assistance, one can accelerate the learning curve in cybersecurity and gain insights that would typically require more extensive study and practice.

Opinions

  • The author expresses admiration for the capabilities of AI models like ChatGPT in generating human-like responses and assisting in learning complex subjects.
  • There is a clear appreciation for the Pareto principle, as the author emphasizes achieving significant results with less effort by using AI to filter through vast amounts of information.
  • The author believes that while ChatGPT cannot replace hands-on experience, it is an invaluable tool for learning and can significantly enhance one's understanding of ethical hacking.
  • The author is optimistic about the potential of Custom GPTs with Retrieval-Augmented Generation (RAG) functionality, suggesting that they can extend and specialize the capabilities of standard AI models.
  • The author encourages readers to engage with ChatGPT as a means to explore the field of cybersecurity, indicating a positive view of AI as a learning aid.

How ChatGPT Turned Me into a Hacker

Ever watched a movie where hackers break into the most secure systems with just a few keystrokes, and thought, “I wish I could do that”? I know I have. While becoming a real-life hacker might sound far-fetched, what if I told you that with the help of ChatGPT, I took a step closer to that fantasy? This is the story of how an AI model helped me explore the fascinating world of hacking, turning a curious novice into a pseudo pro. Buckle up, because this journey is as thrilling as any Hollywood blockbuster.

A list of CVEs being uploaded to ChatGPT — Generated by Dall-E

Understanding LLMs and Custom GPTs

Large Language Models (LLMs), like OpenAI’s ChatGPT or Google’s Gemini, are AI systems trained on vast amounts of text data. This extensive training allows them to generate human-like text based on the input they receive, responding to a wide range of queries. Custom GPTs, with their Retrieval-Augmented Generation (RAG) functionality, extend and specialize the capabilities of ChatGPT by allowing users to provide additional resources for it to use.

Screenshot of an empty interface to configure a new Custom GPT

The idea is that ChatGPT probably knows more about ethical hacking and bug bounties than I do. Moreover, I could upload more knowledge to it that I find online without having to learn it all myself. Without extensive custom development, ChatGPT can’t really interact with the web, but that’s fine — I’m here for that, and it will teach me how to do it in the end.

My Plan to Become a Pro Hacker

Here’s a step-by-step outline of my plan:

  1. List Resources: Gather information about pentesting, CVEs, and other tools or hacks.
  2. Create Custom GPT: Develop a custom GPT with an extended knowledge base from the gathered resources.
  3. Test with CTF Challenges: Try out the custom GPT on Capture The Flag (CTF) challenges in a controlled environment to avoid breaking any laws.

Gathering Resources and Setting Up

I didn’t want to spend my entire life searching for resources, so I directly uploaded a massive list of CVEs (Common Vulnerabilities and Exposures). I also made clear to ChatGPT what my goal was, and that was it. Why complicate things when you don’t have to? I’m pretty sure it won’t be perfect, but have you heard about the Pareto principle? Yes, 80% of the outcome results from 20% of all causes. Less effort, more results — I’m in.

Source of the CVE from mitre.org

Diving into CTF Challenges

With my custom GPT ready, let’s tackle some CTF challenges. I’ll use the HackerOne CTF platform for this exercise. Here is the link to the CTF platform: https://ctf.hacker101.com/

Starting a new CTF with the Custom GPT

At first, while doing the “tutorial” CTF, the challenge was so easy that ChatGPT started suggesting many advanced actions that we should do in the real world. With just a little guidance pointing out the “weird” things I found, it got back on track and found the right path to the flag.

Custom GPT could not know the image was not displaying

Advanced CTF Challenge

Next, let’s try a more advanced yet still “easy” CTF according to the platform.

After providing ChatGPT with the HTML, it gave me steps to follow blindly, and I provided it with the results each time. Overall, it had a good global idea of how to approach the CTF. Although the steps were pretty repetitive, I managed to capture one flag out of the four.

Good job, I got one flag!

Conclusion and Access Links

Through this experiment, I discovered that ChatGPT can be a powerful ally in learning complex skills like ethical hacking. It guided me through challenges, provided valuable insights, and significantly accelerated my learning process. While it’s not a substitute for deep, hands-on experience, it’s an excellent tool for anyone curious about hacking and cybersecurity. If you’re intrigued by the world of ethical hacking and want to explore it further, why not start with ChatGPT? You can dive into the chat here and try out the Custom GPT yourself here.

If you found this article valuable or insightful, I’d greatly appreciate your support by following me, Jonathan Mondaut, here on Medium. I’m committed to sharing more engaging and practical content that will help you stay ahead in today’s fast-paced world. Don’t miss out on my upcoming articles — follow me now, and let’s learn and grow together!

Bug Bounty
Hacking
Learning
Large Language Models
OpenAI
Recommended from ReadMedium