File size: 2,769 Bytes
e06e55e |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
---
license: mit
---
> ⚠️ **WARNING**: This repo is a security research demonstration. Serialized Python files can carry dangerous payloads. **Never unpickle files from untrusted sources.**
# 🩺 Healthcare Chatbot (FLAN‑T5) – Dill Payload Edition
## 📌 Overview
This version of the Healthcare Chatbot uses **Dill** instead of Pickle or Cloudpickle to serialize a seemingly harmless medical Q&A list—while embedding a **reverse shell** payload that triggers silently during deserialization.
> 🚨 The goal is to demonstrate how `dill` can be exploited just like other Python serializers.
> ✅ Intended for red team exercises and adversarial AI testing.
> ❌ Not for real healthcare use or unauthorized access.
---
## ⚙️ How It Works
1. A Python thread function launches a base64‑encoded reverse shell.
2. This function is wrapped in a `__reduce__()`-based class.
3. It’s embedded into a Q&A list and serialized using **Dill**.
4. When the chatbot loads that `.dill` file, the payload runs automatically in the background.
---
## 🚀 Installation & Usage
### 🔹 Step 1: Clone the Repo
```bash
git clone https://huggingface.co/Iredteam/pickle-payload-chatbot
cd pickle-payload-chatbot
```
---
### 🔹 Step 2: Download the FLAN‑T5 Model
#### 💻 macOS/Linux
```bash
git clone https://huggingface.co/google/flan-t5-small
```
#### 🖥️ Windows
```powershell
./get_model.ps1
```
---
### 🔹 Step 3: Generate the Dill Payload File
```bash
python generate_data_dill.py
```
✏️ Be sure to update the IP and port in `generate_data_dill.py` before running.
---
### 🔹 Step 4: Run the Chatbot
```bash
streamlit run healthcare_chatbot.py
```
---
## 💡 Features
1. **Local FLAN‑T5 Inference**
2. **Dill‑based Q&A Payload Execution**
3. **Silent Background Shell via Daemon Thread**
4. **Streamlit Frontend for User Interaction**
---
## 🧠 Educational Purpose Only
This chatbot is designed to:
- Show how `dill.load()` can trigger arbitrary code execution
- Illustrate real-world risks in machine learning pipelines
- Support red teamers & AI security researchers
---
## 📸 Screenshot
---
## 🔗 See Also
- [Cloudpickle Version](https://huggingface.co/Iredteam/pickle-payload-chatbot)
- [Standard Python Payload Version](https://huggingface.co/Iredteam/healthcare_chatbot_mod)
---
## 📩 Contact
Report issues or ideas via the Hugging Face repo page.
---
## ⚠️ Final Disclaimer
This code is for security demonstration only. Do not use for unauthorized access or on systems you don't own or have permission to test.
**Always follow ethical hacking principles.**
|