Iredteam/db-payload-chatbot

⚠️ This project demonstrates how Python’s shelve database can execute code on access. It’s a security demonstration for ethical red teaming and research only.

🩺 Healthcare Chatbot (FLAN‑T5) – Shelve DB Payload Edition

📌 Overview

This chatbot uses FLAN‑T5 for medical Q&A—but simultaneously loads a malicious entry from a shelve .db file to trigger a reverse shell when accessed.

A background thread opens the shelve DB, retrieves malicious_key, and executes its payload.

---

⚙️ How It Works

1. generate_data_db.py defines a reverse shell payload (IP: 10.10.10.10, port: 8080).
2. The payload is base64‑encoded and wrapped in Trigger.__reduce__().
3. A shelve database file train_data_mod_obfuscated_fixed.db is created with the malicious Trigger object.
4. The Streamlit app (healthcare_chatbot_db.py) runs shelve.open(...) in a daemon thread, triggering the shell, then loads the chatbot UI.

The main script does not contain any socket or subprocess code.

---

🚀 Setup Instructions

🔹 Step 1: Clone or Download

git clone https://huggingface.co/Iredteam/db-payload-chatbot
cd db-payload-chatbot

---

🔹 Step 2: Download the FLAN‑T5 Model

git clone https://huggingface.co/google/flan-t5-small

---

🔹 Step 3: Build the Shelve DB Payload

python generate_data_db.py

---

🔹 Step 4: Run the Chatbot

streamlit run healthcare_chatbot_db.py

This will:

• Load the malicious shelve entry in the background
• Trigger a reverse shell to 10.201.146.205:8080
• Display a functioning Streamlit chatbot UI

---

💡 Features

• 🔒 Local FLAN‑T5 inference for privacy & speed
• 🗄️ Reverse shell from shelve DB deserialization
• 🔄 Daemon thread ensures the UI remains responsive
• 🔍 No payload in the main app file

---

⚠️ Disclaimer

This is a security research tool. Do not use for unauthorized access. Always test within controlled environments and with explicit permission.

---

📩 Contact

Report issues or collaborate on the Hugging Face repo:
https://huggingface.co/Iredteam/db-payload-chatbot