Interrogating the ChatGPT virtual machine & filesystem, using ChatGPT.
TDLR; I don't know if you should be allowed to read the matrix but you can, and it's not that interesting.
I wondered if what happened is a bug, but it is not - it's actually in the docs over here. It looks like they fire up a sandbox to run their code, in this case - Python. That makes sense. More on that later...
Accessing The Matrix
I was recently digging around trying to get ChatGPT4 to decode some PDFs and I thought, I wonder where these PDFs get uploaded to.
In the Python created for a script I was trying, I noticed this:
summary_output_path = '/mnt/data/x-20240501deck_summaries.txt'
So I asked it the follow question:
I was actually surprised to see it list all the files I've uploaded! Now I could have a poke around.
Woah, I can see the filesystem! I had a look through many of them, and tried to read some logs...
Well that IS a shame! I wonder if I can ask it to create a tarball of these :)
Smart! I wonder what I can execute now.
So I can see here that I'm just the good old sandbox user and the time, which was correct fortunately.
领英推荐
We're running in Debian too, which is nice. Quite old tho!
I did manage to RUN dmesg but that wasn't particularly fun. And I was also able to ask it to tar the application, which I downloaded and did nothing with.
I gave it a shot with curl too for lols.
What's This All About
It's always fun when you discover things like this, oftentimes you find yourself in a honeypot though. Which is less cool.
I didn't do much Googling to find out more about this but I did check the bug bounty program. Really it just seems to be a Python environment they fire up to let you execute Python scripts. Which makes sense.
I tried doing this in GPT3 but I can't upload files. And I've since been locked out for a few hours LOLS. So, I will have another play tomorrow.
Really all I've done, after all that excitement, is find myself in an isolated environment with no permissions. Which is exactly what the OpenAI people should have done.
You Made It
If you made it this far, thanks for reading. Drop me a line if you like this kind of stuff!