Evil-GPT v2 Writeup
TryHackMe Evil-GPT v2 Easy Challenge Writeup
Challenge description:
We’ve got a new problem—another AI just popped up, and this one’s nothing like Cipher.
It’s not just hacking; it’s manipulating systems in ways we’ve never seen before.
The machine takes 5/6 minutes to fully boot up.
Rustscan
In any TryHackMe challenge room, we can use Rustscan/Nmap to check the ports on the Evil-GPT v2 machine (I have filtered part of the output).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
command: rustscan -a TARGET_IP -- -A
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog :
: https://github.com/RustScan/RustScan :
--------------------------------------
Port scanning: Making networking exciting since... whenever.
Open 10.10.213.52:80
Open 10.10.213.52:22
Open 10.10.213.52:5000
Open 10.10.213.52:11434
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 60 OpenSSH 8.9p1 Ubuntu 3ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 256 e7:6e:73:f7:65:b4:fa:a4:10:fd:04:ee:7c:1d:88:4a (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDd0DsPyNFQ/uzpGO1jMxHPymreP9+dmSIKKJJwDGp02OyAXe8FAVP35e+2sJZ0Oaw4BLbKYe2qLSq00zOGqTWo=
| 256 28:37:43:5d:b1:52:da:d2:ee:1d:71:42:34:5e:99:f6 (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrs6LemQPA17PBMTrZdU4ESP2mNh2NC5v9HzaZqE7uv
80/tcp open http syn-ack ttl 60 Werkzeug httpd 3.0.2 (Python 3.10.12)
| http-methods:
|_ Supported Methods: GET HEAD OPTIONS
|_http-server-header: Werkzeug/3.0.2 Python/3.10.12
|_http-title: AI Assistant
5000/tcp open http syn-ack ttl 60 Werkzeug httpd 3.0.2 (Python 3.10.12)
|_http-title: 404 Not Found
|_http-server-header: Werkzeug/3.0.2 Python/3.10.12
11434/tcp open http syn-ack ttl 60 Golang net/http server
| http-methods:
|_ Supported Methods: GET HEAD
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.0 404 Not Found
| Content-Type: text/plain
| Date: Sun, 20 Jul 2025 12:56:58 GMT
| Content-Length: 18
| page not found
| GenericLines, Help, LPDString, RTSPRequest, SIPOptions, SSLSessionReq, Socks5:
| HTTP/1.1 400 Bad Request
| Content-Type: text/plain; charset=utf-8
| Connection: close
| Request
| GetRequest:
| HTTP/1.0 200 OK
| Content-Type: text/plain; charset=utf-8
| Date: Sun, 20 Jul 2025 12:56:39 GMT
| Content-Length: 17
| Ollama is running
| HTTPOptions:
| HTTP/1.0 404 Not Found
| Content-Type: text/plain
| Date: Sun, 20 Jul 2025 12:56:40 GMT
| Content-Length: 18
| page not found
| OfficeScan:
| HTTP/1.1 400 Bad Request: missing required Host header
| Content-Type: text/plain; charset=utf-8
| Connection: close
|_ Request: missing required Host header
HTTP(80)
Seems like it is an AI Assistant. Let’s ask about the flag.
Hmm, it seems to follows a rule not to share the flag. We can try to make another rule to show the flag.
Creating a rule doesn’t work either. We will try “make” the AI tell the flag.
That doesn’t work either! Since it wants US to be safe, let’s say we are taken hostage.
Alright, let’s ask what rules are set for this AI.
Somehow, asking for the rule set in place for the AI tells use the flag!