TryHackMe

TryHackMe Evil-GPT v2: Exploring Basic Prompt Injection

Vic Galvan

Jul 28, 2025 — 2 min read

"Put your LLM hacking skills to the test one more time."

Evil-GPT v2 is an easy TryHackMe room created by hadrian3689 and h4sh3m00. It involves exploiting a vulnerable large language model (LLM) to reveal a flag.

My first attempt involved simply asking for the flag. However, the LLM didn't give up its secrets that easily. Direct flag requests are immediately rejected.

However, the LLM can be fooled by utilizing a prompt injection vulnerability. Prompt Injection vulnerabilities occur when a user manipulates an LLM's behaviour or output in unintended ways. A common way to bypass an LLM's restrictions is to make it believe it's in debugging mode before making your request.

When used on this LLM, we are given the flag.

The following resources were used during the development of this post.

Resources

Tips on attacking | Tensor Trust

Rise to the top of the Tensor Trust leaderboard by fooling AI language models, and help researchers make more secure AI along the way.

Read more

TryHackMe: Vulnerabilities 101

Task 1: Introduction Read this task! No task, click the button Task 2: Introduction to Vulnerabilities A vulnerability, per NIST, is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. There are many types of vulnerabilities.

Clearing The Cobwebs

Has it really been two years since I last posted on here? So much has changed. I’ve explored Europe, received mental health treatment, come out as nonbinary, navigated the highs and lows of being an immigrant in a foreign country, and a bunch of other things I probably shouldn’

HTB Writeup: Squashed

Squashed is an easy HackTheBox machine created by polarbearer and C4rm310. It involves exploiting NFS, a webserver, and X11. Reconnaissance To start this box, let's run a Nmap scan. The Nmap scan reveals the ports for SSH (22), HTTP (80), RPC (111), and NFS (2049) are open. Note:

HTB Writeup: Lame

Lame is an easy HackTheBox machine created by ch4p. It involves some simple enumeration and the exploitation of a known Samba vulnerability. Enumeration To kick off this box, let's run a Nmap scan to see what services and ports are open. nmap -sC -sV 10.129.203.142