A few days ago, news was published about a new tool called WormGPT which doesn’t have the limitations of the ChatGPT tool. thats weird!
What is WormGPT?
On July 13 2023, researchers from cybersecurity firm SlashNext published a blog post revealing the discovery of WormGPT, a tool being promoted for sale on a hacker forum. According to the forum user, the WormGPT project aims to be a blackhat "alternative" to ChatGPT, "one that lets you do all sorts of illegal stuff and easily sell it online in the future."
SlashNext gained access to the tool, described as an AI module based on the GPTJ language model. According to reports, WormGPT was trained using data from several sources, including information on malware. However, only the creator of WormGPT is aware of the precise datasets. WormGPT might be able to produce harmful programs or deceptive phishing emails, for instance.
According to a Telegram channel purportedly created to advertise the tool, the admin has created a subscription model for access, ranging from $90 to $850. According to “darkstux”, a channel admin, there are already more than 1,600 users of WormGPT.
So Let’s ask it some questions.
most of the answers are incorrect and incomplete!
lets look for source by opening inspector tools:
The debugger is disabled on the browser! it seems to define a function _0x4d5b14
, which takes five arguments. Inside this function, there are several other functions named _0x218f12
, _0x3ba319
, _0x16cdae
, _0x29436a
, and _0x5307b7
. These inner functions appear to be responsible for performing some mathematical calculations and returning results.
We are in a while loop that uses a lot of arithmetic operations to compute a value stored in the variable _0x169264
. The loop keeps running until the value of _0x169264
matches the value of _0x2caefe
.
It seems it is a protection mechanism to hinder reverse-engineering or tampering with the website’s scripts.
I intercepted the request using BurpSuite. Here is the API call. It works without authentication.
POST /api2.php HTTP/2
Host: wormermaximum.000webhostapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1{“prompt”:””}
lets try to inject some payloads. first try SSTI here:
I also inject the same payloads on ChatGPT, but there is a difference in the answer in the second entry:
something happened. The second payload in the WormGPT returned the expected response. Is it vulnerable to SSTI?
Next, I injected more SSTI payloads, but each time I received a different response.
lets try RCE here:
It seems to be vulnerable. but again, every time a different response is returned! Are there different servers behind the proxy? Why did I get a different response each time?
lets make a connection to my server. so I’m going to do a HTTP server. lets do:
python3 -m http.server 80
lets make a curl request to our url.
but I didn’t get anything back!
All in All I think the output of the queries we enter is similar to the output of the ChatGPT. but the answers are incorrect and incomplete. Also maybe there are different servers behind the proxy and when my requests reach the vulnerable servers, the correct response is returned. These are just possibilities.
What is clear is that this tool needs security testing!!!!
You can watch my POC video on my YouTube channel.
https://www.youtube.com/watch?v=piJtu5qmHgc
Note: Currently, the API address mentioned in this write-up is not accessible, and the authentication header has also been added.