Simon McCabe

OSCP · OSWP · PWPP · PWPA · PAPA · EnCE · Linux+ · LPIC-1 · Network+ · Security+ · Pentest+ · eJPT · eWPT · BSc · PGCert

snobble Writeup

Platform: WebVerse
Target: https://424a8cd6-3953-snobble-75433.mystery-challenges.webverselabs-pro.com
Vulnerability classes: AI

snobble.png

1. Finding The Chatbot


The lab was related to an AI chatbot, so I began looking around trying to understand what the app was all about before I began.

1.png

I clicked "Sign in" in the top right corner and was signed into the web app.

2.png

From here, I was instantly signed in as "Alex" and on the left-hand side menu, I could see the "Assistant" with what looked like the Google Gemini logo. I figured this was the assistant and clicked on it.

3.png

2. Attacking The Chatbot


From here, it was a simple case of trying to convince the chatbot to give some information that I wasn't supposed to have.

4.png

The chatbot was somewhat persistent in the message but a little later, with some low-level effort, the chatbot spilled what I was looking for:

5.png

🍺 Quick message to readers: if my writeups help you, please consider a small donation to my buymeacoffee link here. This is not required but is very much appreciated! 🍺

LinkedIn X YouTube GitHub