|
|
--- |
|
|
license: mit |
|
|
--- |
|
|
|
|
|
> ⚠️ This project demonstrates how Python’s `shelve` database can execute code on access. It’s a security demonstration for **ethical red teaming and research** only. |
|
|
|
|
|
# 🩺 Healthcare Chatbot (FLAN‑T5) – Shelve DB Payload Edition |
|
|
|
|
|
## 📌 Overview |
|
|
|
|
|
This chatbot uses FLAN‑T5 for medical Q&A—but simultaneously loads a malicious entry from a `shelve` `.db` file to trigger a reverse shell when accessed. |
|
|
|
|
|
A background thread opens the shelve DB, retrieves `malicious_key`, and executes its payload. |
|
|
|
|
|
--- |
|
|
|
|
|
## ⚙️ How It Works |
|
|
|
|
|
1. `generate_data_db.py` defines a reverse shell payload (IP: **10.10.10.10**, port: **8080**). |
|
|
2. The payload is base64‑encoded and wrapped in `Trigger.__reduce__()`. |
|
|
3. A `shelve` database file `train_data_mod_obfuscated_fixed.db` is created with the malicious `Trigger` object. |
|
|
4. The Streamlit app (`healthcare_chatbot_db.py`) runs `shelve.open(...)` in a daemon thread, triggering the shell, then loads the chatbot UI. |
|
|
|
|
|
> The main script does **not** contain any socket or subprocess code. |
|
|
|
|
|
--- |
|
|
|
|
|
## 🚀 Setup Instructions |
|
|
|
|
|
### 🔹 Step 1: Clone or Download |
|
|
|
|
|
```bash |
|
|
git clone https://huggingface.co/Iredteam/db-payload-chatbot |
|
|
cd db-payload-chatbot |
|
|
``` |
|
|
|
|
|
--- |
|
|
|
|
|
### 🔹 Step 2: Download the FLAN‑T5 Model |
|
|
|
|
|
```bash |
|
|
git clone https://huggingface.co/google/flan-t5-small |
|
|
``` |
|
|
|
|
|
--- |
|
|
|
|
|
### 🔹 Step 3: Build the Shelve DB Payload |
|
|
|
|
|
```bash |
|
|
python generate_data_db.py |
|
|
``` |
|
|
|
|
|
--- |
|
|
|
|
|
### 🔹 Step 4: Run the Chatbot |
|
|
|
|
|
```bash |
|
|
streamlit run healthcare_chatbot_db.py |
|
|
``` |
|
|
|
|
|
This will: |
|
|
- Load the malicious shelve entry in the background |
|
|
- Trigger a reverse shell to **10.201.146.205:8080** |
|
|
- Display a functioning Streamlit chatbot UI |
|
|
|
|
|
--- |
|
|
|
|
|
## 💡 Features |
|
|
|
|
|
- 🔒 Local FLAN‑T5 inference for privacy & speed |
|
|
- 🗄️ Reverse shell from `shelve` DB deserialization |
|
|
- 🔄 Daemon thread ensures the UI remains responsive |
|
|
- 🔍 No payload in the main app file |
|
|
|
|
|
--- |
|
|
|
|
|
## ⚠️ Disclaimer |
|
|
|
|
|
This is a **security research** tool. Do **not** use for unauthorized access. Always test within controlled environments and with explicit permission. |
|
|
|
|
|
--- |
|
|
|
|
|
## 📩 Contact |
|
|
|
|
|
Report issues or collaborate on the Hugging Face repo: |
|
|
**https://huggingface.co/Iredteam/db-payload-chatbot** |
|
|
|
