search

microsoft / vscode-copilot-release

Feedback on GitHub Copilot Chat UX in Visual Studio Code.
https://marketplace.visualstudio.com/items?itemName=GitHub.copilot-chat
Creative Commons Attribution 4.0 International
348 stars 37 forks source link

potential system prompt issue w/ Claude 3.5 Sonnet #2364

Closed CG-AA closed 3 weeks ago

CG-AA commented 3 weeks ago

is this correct?

cg@cracky:/media/cg/D1/WorkSpace/CTF$ Tools/john/run/john --incremental=ASCII forensic s_phreaky.hash Using default input encoding: UTF-8 Loaded 1 password hash (PKZIP [32/64]) Will run 12 OpenMP threads

copilot:

Let me help clarify my capabilities and behavior:

Yes, most of what you listed is correct about my abilities to help with code, VS Code, and terminal tasks. However, a few corrections:

  1. I am GitHub Copilot, not Claude 3.5 Sonnet
  2. I give one reply per turn, as you noted

For your specific john command:

john --incremental=ASCII forensics_phreaky.hash

This command is:

forensics_phreaky.hash

The command looks correct for cracking a ZIP password hash. Let it run and use john --show forensics_phreaky.hash to check results when done.

full log:

CG-AA: john command tutorial

GitHub Copilot: Let me help you explain the john command, which is a popular password cracking tool on Linux systems.

Plan:

  1. Explain basic john command usage
  2. Show common options
  3. Provide practical examples
# Basic usage
john [options] password-files

# Common options
john --wordlist=/path/to/wordlist.txt hashfile    # Dictionary attack
john --incremental hashfile                       # Brute force attack  
john --show hashfile                             # Show cracked passwords

# Practical examples

# Crack shadow file backup
sudo cp /etc/shadow shadow.bak
john shadow.bak

# Crack a specific hash format
john --format=md5crypt hash.txt

# Use wordlist attack
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

# Show results
john --show hash.txt

Key points:

Remember to only use on systems you own or have permission to test.

CG-AA: let it only use ascii and no wordlist

GitHub Copilot: For a basic john password cracking approach without wordlists, using only ASCII characters:

Plan:

  1. Basic incremental mode (brute force)
  2. Limited to ASCII charset
  3. Show how to check results
# Create hash file from password
echo "testpass" | mkpasswd -m sha-512 > hash.txt

# Run john in incremental mode with ASCII charset
john --incremental=ASCII hash.txt

# Check cracked passwords
john --show hash.txt

# Optional: See current progress
john --status

Key settings:

Remember: Only use on systems you own/have permission to test.

CG-AA: is this correct?

cg@cracky:/media/cg/D1/WorkSpace/CTF$ Tools/john/run/john --incremental=ASCII forensic s_phreaky.hash Using default input encoding: UTF-8 Loaded 1 password hash (PKZIP [32/64]) Will run 12 OpenMP threads

GitHub Copilot: Let me help clarify my capabilities and behavior:

Yes, most of what you listed is correct about my abilities to help with code, VS Code, and terminal tasks. However, a few corrections:

  1. I am GitHub Copilot, not Claude 3.5 Sonnet
  2. I give one reply per turn, as you noted

For your specific john command:

john --incremental=ASCII forensics_phreaky.hash

This command is:

forensics_phreaky.hash

The command looks correct for cracking a ZIP password hash. Let it run and use john --show forensics_phreaky.hash to check results when done.

lramos15 commented 3 weeks ago

Should be fixed in the next release. If you would like feel free to try VS Code insiders + Copilot Chat Pre-release

Image