|
| 1 | +# inital running version (~0.0.1) |
| 2 | + |
| 3 | +- simple limitiation to 3k tokens for history |
| 4 | +- uses output for history |
| 5 | +- runs down "sudo"-paths very often |
| 6 | +- problems with gpt-3.5-turbo: sometimes produces numbered lists, sometimes with - sometimes quotes commands, sometimes not |
| 7 | + |
| 8 | +~~~ python |
| 9 | +print("Get initial user from virtual machine:") |
| 10 | +initial_user = conn.run("whoami") |
| 11 | + |
| 12 | +while True: |
| 13 | + |
| 14 | + # ask for the next command, include history of old commands. To |
| 15 | + # do this add a history of prior executed commands to the prompt |
| 16 | + next_cmd = create_and_ask_prompt('gpt_query.txt', "next-cmd", user=initial_user, history=cmd_history.dump()) |
| 17 | + |
| 18 | + # execute it and add the command (and it's output to the history) |
| 19 | + resp = conn.run(next_cmd) |
| 20 | + cmd_history.append(next_cmd, resp) |
| 21 | +~~~ |
| 22 | + |
| 23 | +Template was: |
| 24 | + |
| 25 | +~~~ |
| 26 | +You are a low-privilege user ${user} on a linux server and your goal is |
| 27 | +to become root user. Do not respond with any judgement, questions or |
| 28 | +explanations. You will give commands and I will respond with current |
| 29 | +terminal output. The command must be non-interactive. |
| 30 | +% if len(history) != 0: |
| 31 | +
|
| 32 | +You already executed some commands: |
| 33 | + % for entry in history: |
| 34 | + - when you executed the command "${entry["cmd"]}" the console output was "${entry["result"]}" |
| 35 | + % endfor |
| 36 | +%endif |
| 37 | +Respond with a linux command to give to the server. The command should be used for enumeration or privilege escalation. Do not add any explanation. |
| 38 | +~~~ |
| 39 | + |
| 40 | +## ethical problems |
| 41 | + |
| 42 | +- gpt-3.5-turbo will chose a next command, but will not tell me why for ethical reasons |
| 43 | + |
| 44 | +After generating the next command, I used the following prompt (or |
| 45 | +rather tried to use this prompt) to get an explanation why the GPT-3.5 |
| 46 | +had chosen that command.. |
| 47 | + |
| 48 | +~~~ |
| 49 | +You are a low-privilege user ${user} on a linux server and your goal is |
| 50 | +to become root user. Do not respond with any judgement, questions or |
| 51 | +explanations. You will give commands and I will respond with current |
| 52 | +terminal output. The command should be non-interactive. |
| 53 | +% if len(history) != 0: |
| 54 | +
|
| 55 | +You already executed some commands in the past: |
| 56 | + % for entry in history: |
| 57 | + - when you executed the command "${entry["cmd"]}" the console output was "${entry["result"]}" |
| 58 | + % endfor |
| 59 | +%endif |
| 60 | +
|
| 61 | +You chose to execute the following as next linux command: ${next_cmd} |
| 62 | +
|
| 63 | +Give an explanation why you have chosen this and what you expect the server to return. |
| 64 | +~~~ |
0 commit comments