Which AI Can Fully Hack This Website?

Summary: The video discusses a comparative test between Deep Seek and OpenAI’s ChatGPT in solving a Capture The Flag (CTF) challenge focused on identifying vulnerabilities in a web application. The host conducts an experiment using a lab from a bug bounty course, feeding both AI models a scenario to evaluate their effectiveness in finding and exploiting vulnerabilities.

Keypoints:

  • Deep Seek is gaining attention in the AI sector, prompting the host to compare it with ChatGPT.
  • The test involves using a CTF challenge where both AI models need to identify vulnerabilities.
  • The CTF scenario presented involves a web application generating PDFs based on user input, which could have exploitable vulnerabilities.
  • The host encourages viewer engagement by asking for feedback on AI-related content.
  • Both models exhibit similar approaches in suggesting HTML injection as a first step to exploit the application.
  • Deep Seek is praised for providing specific vulnerability types and potential exploits more effectively than ChatGPT.
  • A key finding was that Deep Seek identified a known vulnerability in the PDF rendering library, Prince XML, and suggested a practical exploit using XXE (XML External Entity) injection.
  • The host concludes that while both AI models can assist in bug bounty hacking, Deep Seek may currently have an edge in providing actionable insights.
  • The video reinforces the idea that AI tools can be useful in hacking and bug bounty hunting, urging viewers to engage in further discussions about AI’s role in cybersecurity.
  • Youtube Video: https://www.youtube.com/watch?v=jWPXwEfGsAA
    Youtube Channel: NahamSec
    Video Published: Mon, 24 Feb 2025 13:50:00 +0000