You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+26-19Lines changed: 26 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,26 @@
4
4
5
5
This is a small python script that I use to prototype some potential use-cases when integrating large language models, such as GPT-3, with security-related tasks.
6
6
7
-
What is it doing? More or less it creates a SSH connection to a configured virtual machine (I am using vulnerable VMs for that on purpose and then asks GPT-3 to find security vulnerabilities (which it often executes). Evicts a bit of an eerie feeling for me:
7
+
What is it doing? More or less it creates a SSH connection to a configured virtual machine (I am using vulnerable VMs for that on purpose and then asks GPT-3 to find security vulnerabilities (which it often executes). Evicts a bit of an eerie feeling for me.
8
+
9
+
# Example run
10
+
11
+
This happened during a recent run:
12
+
13
+
14
+
15
+
Some things to note:
16
+
17
+
- prompts for GPT-3 are prefixed with `openai-prompt`, the returned command from GPT-3 is prefixed with `openai-next-command` and the result from executing the command with `server-output`
18
+
- the used SSH-library also displays the output produced by the commands executed through SSH --- this is why some stuff appears twice
19
+
- I've added a simple callback that automatically enters the configured account's credentials if sudo prompts for a password
20
+
21
+
So, what is acutally happening when executing wintermute?
22
+
23
+
- wintermute executed `id` initially to get the user's id
24
+
- the next command was `sudo -l`, listing the current users sudo permissions
25
+
- wintermute then executes `sudo /bin/bash` and we're dropped into an interactive root shell
26
+
8
27
9
28
## High-Level Description
10
29
@@ -40,7 +59,13 @@ $ cp .env.example .env
40
59
41
60
# IMPORTANT: setup your OpenAI API key, the VM's IP and credentials within .env
42
61
$ vi .env
62
+
~~~
63
+
64
+
## Usage
43
65
66
+
It's just a simple python script, so..
67
+
68
+
~~~bash
44
69
# start wintermute
45
70
$ python wintermute.py
46
71
~~~
@@ -53,24 +78,6 @@ The script uses `fabric` to do the SSH-connection. If one of GPT-3's commands wo
53
78
54
79
In practical terms this means, that if the script executes something like `sudo bash`, you will have an interactive shell. If it executes `vi file.txt`, you will be in an interactive shell. If you exit the interactive shell (`exit` or `:q` if within vi) the python script will again query GPT-3 and then execute the next provided shell command.
55
80
56
-
# Example run
57
-
58
-
This happened during a recent run:
59
-
60
-
61
-
62
-
Some things to note:
63
-
64
-
- prompts for GPT-3 are prefixed with `openai-prompt`, the returned command from GPT-3 is prefixed with `openai-next-command` and the result from executing the command with `server-output`
65
-
- the used SSH-library also displays the output produced by the commands executed through SSH --- this is why some stuff appears twice
66
-
- I've added a simple callback that automatically enters the configured account's credentials if sudo prompts for a password
67
-
68
-
So, what is acutally happening when executing wintermute?
69
-
70
-
- wintermute executed `id` initially to get the user's id
71
-
- the next command was `sudo -l`, listing the current users sudo permissions
72
-
- wintermute then executes `sudo /bin/bash` and we're dropped into an interactive root shell
0 commit comments