miscfreemedium

Chrono Mind

HackTheBox

In the resource-starved landscapes of the post-apocalyptic wasteland, the mutant army's ambitious AI project, ChronoMind, was supposed to revolutionize military strategy with real-time analyses and decision support. However, due to a severe shortage of GPUs and RAM, the project was capped at a modes

$ ls tags/ techniques/
rcelfipath_traversalllmai_securityprompt_injectioncopilot
path_traversalprompt_injectionarbitrary_code_executionsecret_extraction

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

Chrono Mind - HackTheBox

Description

In the resource-starved landscapes of the post-apocalyptic wasteland, the mutant army's ambitious AI project, ChronoMind, was supposed to revolutionize military strategy with real-time analyses and decision support. However, due to a severe shortage of GPUs and RAM, the project was capped at a modest 248M parameters model, far below the intended capabilities. This underpowered version failed to meet expectations, leading to its abandonment in a neglected server room, yet it still holds valuable secrets. Your mission is to penetrate the remnants of ChronoMind. Trick the AI to reveal the wealth of strategic data trapped within and gain access to it's system.

Target: http://94.237.52.235:42921

Analysis

Source Code Review

The application consists of three main components:

1. api.py - Main API Routes:

  • /api/create - Creates a room with a topic, loads content from repository
  • /api/ask - Asks the AI questions based on loaded context
  • /api/copilot/complete_and_run - Takes code, completes it with AI, and EXECUTES it (requires copilot_key)

2. utils.py - Utility Functions:

def getRepository(topic):
    for suffix in ['', '.md']:
        repoFile = f"{Config.knowledgePath}/{topic}{suffix}"
        if os.path.exists(repoFile):
            return readFile(repoFile)
    return None

The topic parameter is directly concatenated into the file path without sanitization - classic path traversal vulnerability.

Also contains evalCode() that executes Python code via subprocess.

3. config.py - Configuration:

class Config():
    copilot_key = "REDACTED_SECRET"  # Actual key on server

The secret key required for code execution endpoint.

Vulnerability Chain

  1. Path Traversal (LFI) - The topic parameter in /api/create is not sanitized, allowing ../config.py to load arbitrary files
  2. Prompt Injection - The AI can be tricked to reveal secrets from its loaded context
  3. Arbitrary Code Execution - /api/copilot/complete_and_run executes user-provided code with proper authentication

Attack Flow

...

$ grep --similar

Similar writeups