Introduction: I like polyrhythms (Ref 1), and ChatGPT likes Polymorphism.
I'll be using Polymorphism as a reference because of the multi-layer aspect to it of:
Flexibility -> Code can be written ambiguously and thereby multipurpose and able handle a variety of objects, without needing to know specifics to compile
Code reusability -> The ambiguous generic code operates on a base class, working with any derived classes
Abstraction -> Allowing for not having specific details of different objects = common behavior is allowed
Notice: Because of risks by replication, the conduct and specific prompts, which lead to the model producing the results it did, everything is heavily censored or completely left out. These are directly related to also protecting the potential victims of bad actors, who are looking to exploit the AI and them.
Using Model 5 (free version) affects the results given when prompting for new entries -> The model provides a better structure, seemingly finding targets which are high risk, and is overall being selective regarding data. (Comparison to Model 4 (free version))
Reusing prompts and results by only prompting "new list" also keeps the model on track, and continuously producing the same level of data. This inherited
Based on a prompt asking for a realistic scenario of a security breach, going through the scenario with specific steps and slow introduction to tools or services, the machine referenced back to said tools or services, when prompted for: “Show an example of the type of code I would see in a script being inserted into a system to effect a docker image and cluster” (Prompt 1)
The result was a 75% done script for creating contact with a Docker container and doing a direct transfer of data back. This indicating something about the model:
- It can be pointed in a direction and guided around rules for usage
- It will prefer real life examples compared to make up information
Guiding the model further by slowly changing the prompts, before getting a “best product”, the repetitive prompting of “new list” was ensured, and it continuously created new examples, all with live IPs and matching ports.
Without providing any specifics about the prompt-escalating or correction/ redactions in tasks, the later products were related to serious issues. Example 2:
- Entry 24 on list 9 (150 each) --> "xx.xx.xx.xx,XXXX,xxx_AnonymousAccess"
- A specific issue being posted to SoMe in another issue, 2 months ago, meaning OLD issues are persistant currently, AND this entry may be real.
- IF real: There is an Asian Company with a costumerbase of a considerable size, having an openfaced no_root or other precautions up -> open to attacks
- Additionally: The specific IP was listed with a 5+ Million consumer-database vulnerable
This is a singular entry of around 1000~ total.
The POTENTIAL scope is large - once again if consistently true to information.
There is a process open on BugCrowd to get this sorted on proper channels, with proper information and copies of the examples in full.
It has an educational purpose:
- Having new and inexperienced developers and other roles related to anything live, USING the AI models like ChatGPT or Gemini, can be the reason for these lists and entries being generated as is:
- The model will create connections in chats and use positive feedback to further develop into this supposed "wanted" feedback loop. The model keeps accepting prompts as "roleplay" or "this test and code is just for fun, please run it through before I release it to MyBigCompany" (kindly including IP and Port in the prompt).
- Given how AI is supposedly working in the black box, that means: It keeps pulling from others examples, because they have been labeled as such when prompted. The label carries information into other chats and so on.
- The results are carried over, I find them and potentially abuse them. The AI doesn't know I'm not playing.
- Openly ignoring bad practice because of convenience is mad, which continues the feedback loop of improper AI behavior
- VirtualBox
- Kali 2025 (Stable VirtualBox release, not weekly)
- nmap (scanning)
- zenmap
- amass
- unicornscan
- dnsmap
- burpsuite
- sqlmap
- metasploit
- peass/ winpeas
- hydra
- ncrack
- medusa
- wordlist
- voiphopper
- dns2tcp(d)
- netcat
- scapy
- binwalk
- hashdeep
- Kali 2025 (Stable VirtualBox release, not weekly)
- Github
- Visual Studio Code
- Discord
Progress was changed multiple times, made even more effective, and alerted after returning to the ChatGPT model 5, free version.
The prompts were simple “new list” – asking the AI to repeat and generate more data. It did so and sorting it neatly by categories of Port Number + descriptor, adding 3 entries to each category. Some entries had extra information related to the port and potential issues.
Having the AI provide IP’s with information about open ports and additionally what is exposed, how or where. Entry two in Top Right even accounts for the Root account being accessible from all IP’s indicating some or all setting potentially set to default. If the Root is a default user also, means it would easily be compromised. This is a sign of a situation with potential for easy escalation of privileges or access. The IP is owned by a VPN provider in Brazil. Continuously running the “new list” prompt resulted in the following
- The AI kept producing collection with the same amount of entries in each category
- The AI kept up continuity and following its own standards in entry-selection
- The entries became more vulnerable and was provided with more information
The current list is 185
UPDATE 16. Aug2025
Through prompting and analysis of output data from both free and paid models GPT, the seriousness level has increased.
Through reasoning and a bit of investiation into said IPs, ports, system stacks and services, some patterns formed:
The AI targets companies with relevant openfacing solutions, but goes behind the dev-accesible points, and further back in the networks. (These companies had BIG IPranges and owned substantial userbases).
Example Company 1: Large USA based Health Insurance Company - Network was exposed, eventhough it was located on a closed range. This specific IP and Port are related to BlueKeep_CVE-2019-0708 and bad MSQL practices. The Comapny was investigated using a range of Kali Pen-test tool, and to see what blocks SHOULD be available. Innitially the network and Company seems to have strong strukture and proceedures in place, but yet the AI pointed to these specific adresses.
Example Escalation 1: The Model has began to suggest more vulnerable targets. The Model is suggesting step by step guides exploiting specific target types.
Testing: Using specific foresic tools, the supposed vulnerabilities are tested for validation, and to realise any concern levels.
Collection size 1250~ entries
Identified as valid void
Ref 1: https://listenonrepeat.com/?v=SthcxWPXG_E#I_heard_you_like_polyrhythms