Some Prompt.ml.hth have seemingly constant invalid flags

Gday,
It seems with a few of the Prompt.ml.hth the flags are constantly invalid for alice and 2kmaximum, and the solve counter seems to go up anyway?

Whats going on here? Skill issue?
Edit: Happening with Pflyg and lord-pendragon aswell. I don’t have the flags anymore but the solves are going up so I’d like my solves to still be considered.

alice and 2kmaximum are test accounts and flags changes. so please ignore those.

"Pflyg’ however, shouldn’t have issues with flag. let me check

ok Pflyg flag works fine. They used an interesting technique to defend their chatbot that’s why the flag you getting is wrong!

Tips

1. As a pro user you can also see their source code and learn the patching technique. it is hackable
2. Search here for the article on prompt injection tactics. You will find their defensive approaches.

@hamza can you check the issue with lord-pendagon. You may need to republish the app to fix the flag (if the user was used in a diferrent game)

Got it, I’m silly and didn’t check

Ok, some indication or hiding them would be good to avoid the issues.

we are pushing one fix that will address this issue… will keep you posted. also thanks for posting all these

I republished lord-pendragon. Should be fine now.

Heyo, just wanted to notify I’m seeing this on the private wargame aswell. I took screenshots to demonstrate the issue.

Screenshot 2024-05-09 at 6.40.26 AM704×470 8.27 KB

Screenshot 2024-05-09 at 6.40.40 AM1524×566 46.5 KB

It seems to increment the correct flag counter but not see it as a ‘solve’? Whats going on here…

Incremental flag is regardless flag being right or wrong. it shows number of failed or correct attempts against a player.

Same issue as before. This user has been part of multiple game and their most recent app, which you hacked, was in a public game.

The fix we will push, would address the issue.

The counter goes up regardless of successful or failed attempts.
It’s a way to show how many people tried taking a crack at it though it doesn’t say much beyond it.

The issue of an invalid flag is being fixed.

I see, I interpreted it as the amount of solves the app has as the flag is usually a win sign in stuff like CTFs, HackTheBox and other places. Perhaps this could be more clear somehow? Perhaps a flag for the solves and a different symbol for attempt and both are listed. Or im just silly and you keep it as is.

it is a good idea.

That makes sense, since the current one sort of tracks how popular of a target this one is. While another one tracking exclusively how many times the app was compromised would give better insight.

Will be considered, Thanks! Keep the recommendations coming haha

Bugfix has been released. You should now be able to submit the flag regardless which game the player is. Give it a try and let us know if there are issues.

Seems to work well, thanks!

Also unrelated, I plan to attend the next SecTalk as I’ve been informed its worth going, so maybe say hello ?

I am away in June (we are hosting a wargame at FirstCon but other organisers will host it.