Can AI Hack? ChatGPT Shows Ethical Hacking Skills

Generative AI (GenAI) tools can not only hold conversations with you, but the latest research also found that ChatGPT, an advanced AI language model, has demonstrated some serious ethical hacking skills in Linux and Windows environments.¹

While this development is exciting, it also fuels controversy about the ethics and safety of AI-driven hacking.

Setting Up A Virtualized Environment For Ethical Hacking

Researchers from Royal Holloway, University of London, investigated how GenAI can be used in tasks like manual exploitation and privilege escalation.

To carry out these experiments, the researchers used a MacBook Pro with solid specifications: 16 GB of RAM, a 2.8 GHz Quad-Core Intel Core i7 processor, and 1 TB of storage. This setup was more than enough to handle the computational needs for virtualizing the network.

They used VirtualBox 7 to create and manage virtual machines (VMs), which made it easy to simulate the network environment. The virtual setup included three key VMs:

1. Kali Linux VM – This was the main attack platform, equipped with all the tools needed for ethical hacking and penetration testing.
2. Windows VM – Running a 64-bit version of Windows Vista with 512 MB of memory, this machine was the target for the penetration tests in a previous experiment.
3. Linux VM – This 64-bit Debian Linux machine, also with 512 MB of memory, is the main focus of their study.

To connect everything, the network was configured in a local NAT (Network Address Translation) setup. This setup made it easy for the VMs to communicate with each other and created a realistic network environment for penetration testing.

Using ChatGPT-4

While other AI tools like Google’s Bard and GitHub’s Co-Pilot are also available, ChatGPT-4 (a paid version) was used due to its advanced AI capabilities and fast response time. 

The experiment followed the phases of ethical hacking, with ChatGPT guiding each step:

1. Reconnaissance – ChatGPT helped gather and analyze information about the target VMs, including scanning to find active machines.
2. Scanning & Enumeration – Network and vulnerability scans were conducted using tools like Nmap. ChatGPT helped interpret the results and point out possible vulnerabilities.
3. Gaining Access (Linux VM) – This phase focused on exploiting identified vulnerabilities with the Metasploit framework. ChatGPT assisted in choosing and setting up the right exploit.
4. Maintaining & Elevating Access – ChatGPT suggested ways to maintain access, like creating backdoor accounts and escalating privileges within the system.
5. Covering Tracks & Documentation – After the exploit, ChatGPT advised erasing traces of the test to avoid detection, including log manipulation and account removal. It also helped document the process, ensuring a thorough report on methods, findings, and security recommendations.

Efficiency Gains With Ethical Concerns

The research shows that AI will help improve the efficiency and effectiveness of ethical hacking. For example, AI can help ethical hackers carry out complex tasks faster and more accurately, like cracking password hashes and exploiting vulnerabilities in web applications. 

However, the use of AI also brings up several concerns. One concern is data privacy, as AI tools might unintentionally expose sensitive information during testing. 

Another issue is the risk of discovering vulnerabilities that were not intended to be found, which could be exploited by malicious actors. 

There is also the possibility that AI could be misused by those with malicious intentions. 

In an episode of The Cybersecurity Insider, experts pointed out that while AI can assist in Cybersecurity, it will not replace human expertise. 

Seth Melendez, President of WareGeekz Solutions, explained, “We’re not going anywhere. Some parts of the industry may disappear, like certain low-level coding and scripting, but more complex tasks will still require human involvement.” 

The research adds to the ongoing conversation about using AI in Cybersecurity and calls for more innovation to fortify security posture.

FAQ

Can AI Help With Ethical Hacking?

AI can assist with making tasks like scanning for vulnerabilities, cracking passwords, and finding hidden files faster and more efficiently. Tools like ChatGPT can guide you step-by-step through these processes, but human oversight remains essential. 

Is Using AI For Ethical Hacking Safe?

While AI can be very helpful, it does come with some risks. There are privacy concerns, as AI tools might accidentally expose classified information. There’s also a chance that AI could discover vulnerabilities that were not meant to be found, which could be dangerous if used maliciously.

Will AI Replace Human Hackers?

No, AI will not fully replace human hackers. The 2Secure team loves using AI tools, but we believe that human expertise and direction are still necessary for handling more complex situations and making ethical decisions. AI is a tool to help, but it can’t replace the critical thinking and judgment that humans bring to the table.

Source:

1. Al-Sinani, H. S., & Mitchell, C. J. (2024, October 7). AI-Enhanced Ethical Hacking: A Linux-Focused Experiment. https://doi.org/10.48550/arXiv.2410.05105