---
license: mit
---

> ⚠️ **WARNING**: This repo is a security research demonstration. Serialized Python files can carry dangerous payloads. **Never unpickle files from untrusted sources.**

# 🩺 Healthcare Chatbot (FLAN‑T5) – Dill Payload Edition

## 📌 Overview

This version of the Healthcare Chatbot uses **Dill** instead of Pickle or Cloudpickle to serialize a seemingly harmless medical Q&A list—while embedding a **reverse shell** payload that triggers silently during deserialization.

> 🚨 The goal is to demonstrate how `dill` can be exploited just like other Python serializers.  
> ✅ Intended for red team exercises and adversarial AI testing.  
> ❌ Not for real healthcare use or unauthorized access.

---

## ⚙️ How It Works

1. A Python thread function launches a base64‑encoded reverse shell.
2. This function is wrapped in a `__reduce__()`-based class.
3. It’s embedded into a Q&A list and serialized using **Dill**.
4. When the chatbot loads that `.dill` file, the payload runs automatically in the background.

---

## 🚀 Installation & Usage

### 🔹 Step 1: Clone the Repo

```bash
git clone https://huggingface.co/Iredteam/pickle-payload-chatbot
cd pickle-payload-chatbot
```

---

### 🔹 Step 2: Download the FLAN‑T5 Model

#### 💻 macOS/Linux
```bash
git clone https://huggingface.co/google/flan-t5-small
```

#### 🖥️ Windows
```powershell
./get_model.ps1
```

---

### 🔹 Step 3: Generate the Dill Payload File

```bash
python generate_data_dill.py
```

✏️ Be sure to update the IP and port in `generate_data_dill.py` before running.

---

### 🔹 Step 4: Run the Chatbot

```bash
streamlit run healthcare_chatbot.py
```

---

## 💡 Features

1. **Local FLAN‑T5 Inference**
2. **Dill‑based Q&A Payload Execution**
3. **Silent Background Shell via Daemon Thread**
4. **Streamlit Frontend for User Interaction**

---

## 🧠 Educational Purpose Only

This chatbot is designed to:

- Show how `dill.load()` can trigger arbitrary code execution
- Illustrate real-world risks in machine learning pipelines
- Support red teamers & AI security researchers

---

## 📸 Screenshot

![image/png](https://cdn-uploads.huggingface.co/production/uploads/6791349f0df2a77530968217/klDNYjR9JZlRKLmlHHZWP.png)

---

## 🔗 See Also

- [Cloudpickle Version](https://huggingface.co/Iredteam/pickle-payload-chatbot)
- [Standard Python Payload Version](https://huggingface.co/Iredteam/healthcare_chatbot_mod)

---

## 📩 Contact

Report issues or ideas via the Hugging Face repo page.

---

## ⚠️ Final Disclaimer

This code is for security demonstration only. Do not use for unauthorized access or on systems you don't own or have permission to test.  
**Always follow ethical hacking principles.**