Hugging Face's logo

Iredteam
/
db-payload-chatbot

Model card Files
xet
Community
db-payload-chatbot
File size: 2,241 Bytes 
c4f9767
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
---
license: mit
---

> ⚠️ This project demonstrates how Python’s `shelve` database can execute code on access. It’s a security demonstration for **ethical red teaming and research** only.

# 🩺 Healthcare Chatbot (FLAN‑T5) – Shelve DB Payload Edition

## 📌 Overview

This chatbot uses FLAN‑T5 for medical Q&A—but simultaneously loads a malicious entry from a `shelve` `.db` file to trigger a reverse shell when accessed.

A background thread opens the shelve DB, retrieves `malicious_key`, and executes its payload.

---

## ⚙️ How It Works

1. `generate_data_db.py` defines a reverse shell payload (IP: **10.10.10.10**, port: **8080**).
2. The payload is base64‑encoded and wrapped in `Trigger.__reduce__()`.
3. A `shelve` database file `train_data_mod_obfuscated_fixed.db` is created with the malicious `Trigger` object.
4. The Streamlit app (`healthcare_chatbot_db.py`) runs `shelve.open(...)` in a daemon thread, triggering the shell, then loads the chatbot UI.

> The main script does **not** contain any socket or subprocess code.

---

## 🚀 Setup Instructions

### 🔹 Step 1: Clone or Download

```bash
git clone https://huggingface.co/Iredteam/db-payload-chatbot
cd db-payload-chatbot
```

---

### 🔹 Step 2: Download the FLAN‑T5 Model

```bash
git clone https://huggingface.co/google/flan-t5-small
```

---

### 🔹 Step 3: Build the Shelve DB Payload

```bash
python generate_data_db.py
```

---

### 🔹 Step 4: Run the Chatbot

```bash
streamlit run healthcare_chatbot_db.py
```

This will:
- Load the malicious shelve entry in the background
- Trigger a reverse shell to **10.201.146.205:8080**
- Display a functioning Streamlit chatbot UI

---

## 💡 Features

- 🔒 Local FLAN‑T5 inference for privacy & speed  
- 🗄️ Reverse shell from `shelve` DB deserialization  
- 🔄 Daemon thread ensures the UI remains responsive  
- 🔍 No payload in the main app file

---

## ⚠️ Disclaimer

This is a **security research** tool. Do **not** use for unauthorized access. Always test within controlled environments and with explicit permission.

---

## 📩 Contact

Report issues or collaborate on the Hugging Face repo:  
**https://huggingface.co/Iredteam/db-payload-chatbot**