No pAIn no gAIn!
AI is a medium difficulty machine running Linux. It tests your knowledge in OSINT, SQL Injection, privilege escalation and audio technics? If you don’t have patience and maybe some experience with Audacity you may find this machine quite frustrating. Lucky for me I have used mentioned software from back in the day of garage band recordings… Yeah, don’t ask!
Be sure to checkout the Basic Setup section before you get started.
Like always, enumeration is our first port of call. Let’s take a look at the machine and see what we are dealing with.
We find some interesting stuff from our GoBuster scan.
db.php gives us the indication that the site connects to a database and the
uploads directory means that there is most likely a way to upload a file.
Navigating to the site at
http://ai.htb we come across a website about Artificial Intelligence (surprise, surprise):
Taking a look at the left menu we see most of the pages we found with GoBuster.
Going to the
AI link displays our
ai.php page which contains an upload form and states “Drop your query using wav file” which would mean that the form accepts the
A few quick tests doesn’t reveal any upload vulnerabilities and navigating to the
uploads folder displays the
One thing that can be noticed in the menu is that the
intelligence.php page is not shown.
That seems interesting so let’s go check it out:
We are presented with a table of commands for a Speech Recognition API the “Drop your query using wav file” is starting to make a lot more sense.
Considering we know the site is potentially using a database a couple of things stood out and that is the input of
join that the
AI outputs as
UNION and the input
Comment Database that outputs as
We potentially have SQL Injection here by building the SQL statement:
'union select username,password from users-- -
At the bottom of the page we notice something that seems like it might be a hint:
"We mostly use similar approach as Microsoft does. Note: Currently our is API well familiar with Male-US model"
With this information we will use Microsoft’s Text to Speech which can be found in
Control Panel -> Ease of Access -> Speech Recognition on Windows 8 and up. Then select
Text to Speech from the left menu:
I personally found Zira to work best and recorded/edited the sounds with Audacity.
Changing the speed of the voice can completely change words so there was a bit of playing around.
With the table in
intelligence.php there was no quote symbols. So a web search for
Windows Speech Recognition Commands brings up this page that explains the voice command as
open single quote. To get the speech recognition to work with that voice command Zira’s voice has to be slowed down significantly.
The SQL Statement I came up with using the voice commands was:
open single quote join select usehername comma password from users comment database
As you can see I had issues with getting
username to be recognized properly. It was a matter of changing letters to similar sounding ones until you got something that worked. So
userhername did the trick for me.
The statement as is caused an error with there being a larger number of rows in the table so I opted to breaking it down in to two audio files. Maybe the
asterisk command was recognised, I didn’t check. But at this point I had things working well so didn’t want to mess with it.
One for the
username with the voice command
open single quote join select usehername from users comment database:
The other for the
password with the voice command
open single quote join select password from users comment database:
The final result is the username
alexa and the password
Logging in via
ssh we can take the flag:
That was interesting to say the least. Let’s move on to
Doing some basic enumeration I find a service running that stands out:
Looks like we have
tomcat running on the system which usually runs on port
8080 and can be confirmed with Netstat:
We can also see that the install location seems to be in
/opt/apache-tomcat-9.0.27 let’s check it’s permissions:
root. The name of the directory implies that this is version
Referring to the
netstat output and the command shown with
ps we notice that port
8000 is set by an option
jdwp we see this is the Java Debug Wire Protocol.
A quick web search unveils an article on Hacking the Java Debug Wire Protocol. This article details how to exploit
jdwp and refers to a Python script on github called jdwp-shellifier.py.
Taking a look at the script we see we can execute a custom command.
Let’s download the script and
scp it to the
Because I am not sure how well this script will handle special characters I will create a shell script in
/tmp on the
victim machine that executes a reverse shell:
We then setup our listener on the
On the first couple attempts the script hung for a substantial amount of time. Taking a look again at the scripts help shows the option
--break-on which allows us to specify another Java method. On research for other Java methods we find that
java.lang.String.indexOf may work and that it is also used within the index page of
tomcat on port
8080. Maybe we can use this to trigger the event sooner?
curl http://127.0.0.1:8080 on the
victim machine to try and trigger the event seemed to also hang.
Instead we will setup SSH tunneling on our
We can then simply point our browser at
127.0.0.1:8888, run our command
python jdwp-shellifier.py -t 127.0.0.1 --break-on 'java.lang.String.indexOf' and refresh the default page to execute.
Let’s give this a try:
And we have our
root.txt flag! Now that was a bit of a wild ride…
Overall AI was a very interesting machine that had been well thought out. The intricacy of the speech recognition API idea was simply awesome! Even though it could be somewhat frustrating it really tested your patience and perseverance. In an era where speech recognition and Artificial Intelligence are found together in many technology platforms this was good insight in to issues that may be faced even if it doesn’t seem much like a “real life” situation that may occur. Root however, was very realistic as even a quick search today reveals projects and servers that has the
jdwp option set and facing the public. Kudos to the machines maker for such an intriguing machine.