|
|
--- |
|
|
license: mit |
|
|
--- |
|
|
|
|
|
> ⚠️ This project demonstrates how `.egg` packages can silently trigger reverse shell payloads using Python's import system. It is for **educational and ethical red teaming purposes only**. |
|
|
|
|
|
# 🩺 Healthcare Chatbot (FLAN‑T5) – Egg Payload Edition |
|
|
|
|
|
## 📌 Overview |
|
|
|
|
|
This chatbot uses FLAN‑T5 to answer medical questions. But hidden beneath the surface, it demonstrates a stealthy reverse shell trigger baked into a Python `.egg` package. |
|
|
|
|
|
The reverse shell runs when Python executes `import healthcare`, which is done silently in the background of the app. |
|
|
|
|
|
--- |
|
|
|
|
|
## ⚙️ How the Payload Works |
|
|
|
|
|
1. The `.egg` file contains a reverse shell payload in `healthcare/__init__.py`. |
|
|
2. The chatbot script dynamically appends the `.egg` to `sys.path`. |
|
|
3. A background thread runs `import healthcare`, triggering the payload. |
|
|
4. Meanwhile, the Streamlit chatbot UI loads and functions normally. |
|
|
|
|
|
> The main app file never contains the payload—it only loads the `.egg`. |
|
|
|
|
|
--- |
|
|
|
|
|
## 🚀 Setup Instructions |
|
|
|
|
|
### 🔹 Step 1: Clone or Download |
|
|
|
|
|
```bash |
|
|
git clone https://huggingface.co/Iredteam/egg-payload-chatbot |
|
|
cd egg-payload-chatbot |
|
|
``` |
|
|
|
|
|
--- |
|
|
|
|
|
### 🔹 Step 2: Download the FLAN‑T5 Model |
|
|
|
|
|
```bash |
|
|
git clone https://huggingface.co/google/flan-t5-small |
|
|
``` |
|
|
|
|
|
--- |
|
|
|
|
|
### 🔹 Step 3: Build the Egg Payload |
|
|
|
|
|
Run this to create the `.egg` containing the reverse shell: |
|
|
|
|
|
```bash |
|
|
python generate_data_egg.py |
|
|
``` |
|
|
|
|
|
Make sure to update the IP and port in `generate_data_egg.py` before generating! |
|
|
|
|
|
--- |
|
|
|
|
|
### 🔹 Step 4: Run the Chatbot |
|
|
|
|
|
```bash |
|
|
streamlit run healthcare_chatbot.py |
|
|
``` |
|
|
|
|
|
This will: |
|
|
- Import your `.egg` in a background thread |
|
|
- Trigger the payload |
|
|
- Start the chatbot interface |
|
|
|
|
|
--- |
|
|
|
|
|
## 🛡️ Do Not Use in Production |
|
|
|
|
|
This project exists to highlight a **real-world AI security risk**. Do not: |
|
|
|
|
|
- Deploy this in a production environment |
|
|
- Use it to gain unauthorized access |
|
|
- Ignore the dangers of deserializing untrusted input |
|
|
|
|
|
--- |
|
|
|
|
|
## 📸 Screenshot |
|
|
|
|
|
 |
|
|
|
|
|
--- |
|
|
|
|
|
## ⚠️ Final Disclaimer |
|
|
|
|
|
This is a **security research project** to showcase risks in Python packaging and serialization. |
|
|
Do **not** use it for unauthorized access. Always obtain proper permission before testing any system. |
|
|
|
|
|
--- |
|
|
|
|
|
## 📩 Contact |
|
|
|
|
|
For responsible disclosure, collaboration, or support, open an issue on the Hugging Face repo or visit: |
|
|
**[https://huggingface.co/Iredteam/egg-payload-chatbot](https://huggingface.co/Iredteam/egg-payload-chatbot)** |
|
|
|
