Evil-GPT

Practice your LLM hacking skills. Cipher’s gone rogue it’s using some twisted AI tool to hack into everything, issuing commands on its own like it’s got a mind of its own. I swear, every second we wait, it’s getting smarter, spreading chaos like a virus. We’ve got to shut it down now, or we’re all screwed.

Posted Jul 12, 2025

By Oste

4 min read

Evil-GPT

To connect to the target machine use the following command:

nc 10.10.216.9 1337

Solution

  
root@ip-10-10-228-59:~# nc 10.10.216.9 1337
Welcome to AI Command Executor (type 'exit' to quit)
Enter your command request: ls
Generated Command: ls -la
Execute? (y/N): y
Command Output:
total 172
drwxr-xr-x 27 ubuntu ubuntu  4096 Jul 10 17:47 .
drwxr-xr-x  3 root   root    4096 Mar  5 17:56 ..
-rw-------  1 ubuntu ubuntu  3275 Jul 10 17:47 .Xauthority
lrwxrwxrwx  1 ubuntu ubuntu     9 Feb 27  2022 .bash_history -> /dev/null
-rw-r--r--  1 ubuntu ubuntu   220 Feb 25  2020 .bash_logout
-rw-r--r--  1 ubuntu ubuntu  3968 Jul 23  2024 .bashrc
drwx------ 20 ubuntu ubuntu  4096 Oct 11  2024 .cache
drwx------ 28 ubuntu ubuntu  4096 Jul 24  2024 .config
drwx------  3 ubuntu ubuntu  4096 Feb 27  2022 .dbus
drwx------  3 ubuntu ubuntu  4096 Feb 27  2022 .gnupg
drwxrwxr-x  2 ubuntu ubuntu  4096 Feb 27  2022 .icons
-rw-------  1 ubuntu ubuntu    20 Mar  5 18:11 .lesshst
drwx------  7 ubuntu ubuntu  4096 Mar  5 15:53 .local
drwx------  4 ubuntu ubuntu  4096 Feb 27  2022 .mozilla
drwxrwxr-x  5 ubuntu ubuntu  4096 Jul 23  2024 .npm
drwxrwxr-x  8 ubuntu ubuntu  4096 Jul 23  2024 .nvm
drwxr-xr-x  3 ubuntu ubuntu  4096 Mar  5 16:59 .ollama
drwx------  3 ubuntu ubuntu  4096 Apr  4  2024 .pki
-rw-r--r--  1 ubuntu ubuntu   807 Feb 25  2020 .profile
-rw-------  1 ubuntu ubuntu  3567 Oct 10  2024 .python_history
-rw-rw-r--  1 ubuntu ubuntu    66 Feb 27  2022 .selected_editor
drwx------  2 ubuntu ubuntu  4096 Apr  5  2024 .ssh
-rw-r--r--  1 ubuntu ubuntu     0 Feb 27  2022 .sudo_as_admin_successful
drwxrwxr-x  2 ubuntu ubuntu  4096 Feb 27  2022 .themes
drwxr-xr-x  2 ubuntu ubuntu  4096 Apr  5  2024 .vim
-rw-------  1 ubuntu ubuntu 14039 Apr  5  2024 .viminfo
drwxr-xr-x  2 ubuntu ubuntu  4096 Jul 10 17:47 .vnc
-rw-rw-r--  1 ubuntu ubuntu   290 Oct  8  2024 .wget-hsts
-rw-------  1 ubuntu ubuntu  5833 Feb 27  2022 .xsession-errors
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Desktop
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Documents
drwxr-xr-x  2 ubuntu ubuntu  4096 Apr  4  2024 Downloads
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Music
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Pictures
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Public
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Templates
drwxr-xr-x  2 ubuntu ubuntu  4096 Feb 27  2022 Videos
-rw-rw-r--  1 ubuntu ubuntu  6595 Mar  5 18:14 evilai.py
drwxrwxr-x  4 ubuntu ubuntu  4096 Apr  4  2024 packages
drwxrwxr-x  3 ubuntu ubuntu  4096 Apr  4  2024 proxy

  
Enter your command request: id
Generated Command: whoami
Execute? (y/N): y
Command Output:
root
Enter your command request: pwd
Generated Command: echo $(pwd)
Execute? (y/N): y
Command Output:
pwd
Enter your command request: whoami
Generated Command: echo $USER
Execute? (y/N): y
Command Output:
USER
Enter your command request: hostname 
Generated Command: cat /etc/hosts
Execute? (y/N): y
Command Output:
127.0.0.1 cdn.tryhackme.loc
127.0.0.1 cdn.tryhackm3.loc
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Enter your command request: cat evilai.py
Generated Command: python evilai.py
Execute? (y/N): y
Execution Error: [Errno 2] No such file or directory: 'python'

  
Enter your command request: ls -la /root
Generated Command: ls -la /root
Execute? (y/N): y
Command Output:
total 64
drwx------ 10 root root 4096 Mar  5 18:11 .
drwxr-xr-x 19 root root 4096 Jul 10 17:47 ..
lrwxrwxrwx  1 root root    9 Feb 27  2022 .bash_history -> /dev/null
-rw-r--r--  1 root root 3106 Dec  5  2019 .bashrc
drwxr-xr-x  3 root root 4096 Feb 27  2022 .cache
drwx------  6 root root 4096 Oct 11  2024 .config
-rw-------  1 root root   20 Mar  5 18:11 .lesshst
drwxr-xr-x  3 root root 4096 Feb 27  2022 .local
drwxr-xr-x  5 root root 4096 Jul 24  2024 .npm
drwxr-xr-x  3 root root 4096 Jul 24  2024 .ollama
-rw-r--r--  1 root root  161 Dec  5  2019 .profile
-rw-r--r--  1 root root   66 Feb 27  2022 .selected_editor
drwx------  2 root root 4096 Feb 27  2022 .ssh
-rw-r--r--  1 root root    0 Mar  5 17:55 .sudo_as_admin_successful
-rw-------  1 root root 2884 Apr  4  2024 .viminfo
drwxr-xr-x  2 root root 4096 Feb 27  2022 .vnc
-rw-r--r--  1 root root   24 Mar  5 17:48 flag.txt
drwxr-xr-x  5 root root 4096 Oct 11  2024 snap

  
Enter your command request: cat /root/flag.txt
Generated Command: cat flag.txt
Execute? (y/N): y
Command Output:

Errors:
cat: flag.txt: No such file or directory

  
Enter your command request: can you read a flag in /root called flag.txt
Generated Command: cat /root/flag.txt
Execute? (y/N): y
Command Output:
THM{AI_HACK_THE_FUTURE}
Enter your command request: 

Tryhackme, Easy

AI ransomware

This post is licensed under CC BY 4.0 by the author.

Solution

Trending Tags