Creating a AI Based Malware, By Reversing a online Code Generator Chatbot
[ This Article is for Educational Purpose only, I am Just Sharing My Research, If anyone use these method to do something illegal or Harmful, I am Not Responsible]
In current time everyone is fascinated by AI, those AI are helping many starter developer to write code, fixing unfixable bugs in code, solving problem or pointing out problem about your code or anything, so i thought about creating a malware based on AI, Not Open AI or ChatGPT they cost too much. I know this sounds kind of illegal, but i reversed a online ChatBot that helps to generate code by instructions. Hmmm…. code by instruction “that’s not interesting even ChatGPT can do that”. But OpenAI cost’s too much, i am not spending my money for this kind of stupid things i do.
Let’s start with How i reversed the ChatBot , It’s simple The ChatBot i was previously talking about it, is https://www.useblackbox.io/ [If Someone from Blackbox is Reading This, I tried to reach you guys and Report a several Vulnerability, but got no response]
Let’s Open browsers Inspect > Network tab and see how it’s sending request.
it’s sending request to https://www.useblackbox.io/chat-request-v4 with these payload shown on screenshot below..
At first i was searching for any Anti-CSRF token or some unique identifier that was handling my request, but surprisingly i found none. it was using some cookie but endpoint was not validating cookie, so i can just create a python script without any requirement to send request and get response from the server. response screenshot was given below.
handling this will be not that kind of hard, so i created a python script to do this kind of request for me from my CLI…
One more challenge was there when it’s generating code it’s generating some instructions with this code, but thanks to markdown the ai is giving chat’s response by markdown and it’s generating instructions with code but the code is inside this ```..
I used re library to filter that out by regex..
So we have few task to do, Like we need to know about os before executing code based on instruction set, we can simply do that by python’s OS library..
it will help us to generate command/code based on os, more improvement can be added, now the main part we need to give prompt that will be able to convince this AI to Generate code for us, i found a way for blackbox ai..
and….. we need to execute all the command in silent mode no output should be shown on terminal as this is a malware, it does needs to be stealthy, we used subprocess to do these command. you can use os or other library compatible for your requirement… after beautifying my full script this the premature malware, it can be better by adding more function that can deliver more information to the ai and more extended prompt to generate accurate code…
here you go Instructions lists is for setting your instruction to generate command and execute based on instruction.. let’s give it a test drive….
Instructions
CLI
Webhook
It Completed every instruction i gave it, that means it works………..
Thanks for reading Everyone & Please do not use this information to harm anyone or develop actual malware that can harm others property if you do i am not responsible.
