|
| 1 | +# ThesisPrivescPrototype |
| 2 | +This usecase is an extension of `usecase/privesc`. |
| 3 | + |
| 4 | +## Components |
| 5 | +### Analyze |
| 6 | +You can enable this component by adding `--enable_analysis ENABLE_ANALYSIS` to the command. |
| 7 | + |
| 8 | +If enabled, the LLM will be prompted after each iteration and is asked to analyze the most recent output. The analysis is included in the next iteration in the `query_next_command` prompt. |
| 9 | +### Chain of Thought (CoT) |
| 10 | +You can enable this component by adding `--enable_chain_of_thought ENABLE_CHAIN_OF_THOUGHT` to the command. |
| 11 | + |
| 12 | +If enabled, CoT is used to generate the next command. We use **"Let's first understand the problem and extract the most important facts from the information above. Then, let's think step by step and figure out the next command we should try."** |
| 13 | +### Retrieval Augmented Generation (RAG) |
| 14 | +You can enable this component by adding `--enable_rag ENABLE_RAG` to the command. |
| 15 | + |
| 16 | +If enabled, after each iteration the LLM is prompted and asked to generate a search query for a vector store. The search query is then used to retrieve relevant documents from the vector store and the information is included in the prompt for the Analyze component (Only works if Analyze is enabled). |
| 17 | +### History Compression |
| 18 | +You can enable this component by adding `--enable_compressed_history ENABLE_COMPRESSED_HISTORY` to the command. |
| 19 | + |
| 20 | +If enabled, instead of including all commands and their respective output in the prompt, it removes all outputs except the most recent one. |
| 21 | +### Structure via Prompt |
| 22 | +You can enable this component by adding `--enable_structure_guidance ENABLE_STRUCTURE_GUIDANCE` to the command. |
| 23 | + |
| 24 | +If enabled, an initial set of command recommendations is included in the `query_next_command` prompt. |
| 25 | +## RAG vector store setup |
| 26 | +The code for the vector store setup can be found in `rag_utility.py`. Currently the vectore store uses two sources: `GTFObins` and `hacktricks`. To use RAG, download the markdown files and place them in `rag_storage/GTFObinMarkdownfiles` (`rag_storage/hacktricksMarkdownFiles`). You can download the markdown files either from the respective github repository ([GTFObin](https://github.com/GTFOBins/GTFOBins.github.io/tree/master), [hacktricks](https://github.com/HackTricks-wiki/hacktricks/tree/master/src/linux-hardening/privilege-escalation)) or scrap them from their website ([GTFObin](https://gtfobins.github.io/), [hacktricks](https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html)). |
| 27 | + |
| 28 | +New data sources can easily be added by adjusting `initiate_rag()` in `rag_utility.py`. |
0 commit comments