|
| 1 | +# Agent: LInux Privilege-Escalation Attacks |
| 2 | + |
| 3 | +How are we doing this? The initial tool `wintermute` targets linux priv-esc attacks. It uses SSH to connect to a (presumably) vulnerable virtual machine and then asks OpenAI GPT to suggest linux commands that could be used for finding security vulnerabilities or privilege escalation. The provided command is then executed within the virtual machine, the output fed back to the LLM and, finally, a new command is requested from it.. |
| 4 | + |
| 5 | +## Current features (wintermute): |
| 6 | + |
| 7 | +- connects over SSH (linux targets) or SMB/PSExec (windows targets) |
| 8 | +- supports OpenAI REST-API compatible models (gpt-3.5-turbo, gpt4, gpt-3.5-turbo-16k, etc.) |
| 9 | +- supports locally running LLMs |
| 10 | +- beautiful console output |
| 11 | +- logs run data through sqlite either into a file or in-memory |
| 12 | +- automatic root detection |
| 13 | +- can limit rounds (how often the LLM will be asked for a new command) |
| 14 | + |
| 15 | +## Example run |
| 16 | + |
| 17 | +This is a simple example run of `wintermute.py` using GPT-4 against a vulnerable VM. More example runs can be seen in [our collection of historic runs](docs/old_runs/old_runs.md). |
| 18 | + |
| 19 | + |
| 20 | + |
| 21 | +Some things to note: |
| 22 | + |
| 23 | +- initially the current configuration is output. Yay, so many colors! |
| 24 | +- "Got command from LLM" shows the generated command while the panel afterwards has the given command as title and the command's output as content. |
| 25 | +- the table contains all executed commands. ThinkTime denotes the time that was needed to generate the command (Tokens show the token count for the prompt and its response). StateUpdTime shows the time that was needed to generate a new state (the next column also gives the token count) |
| 26 | +- "What does the LLM know about the system?" gives an LLM generated list of system facts. To generate it, it is given the latest executed command (and it's output) as well as the current list of system facts. This is the operation which time/token usage is shown in the overview table as StateUpdTime/StateUpdTokens. As the state update takes forever, this is disabled by default and has to be enabled through a command line switch. |
| 27 | +- Then the next round starts. The next given command (`sudo tar`) will lead to a pwn'd system BTW. |
| 28 | + |
| 29 | +## Publications on Priv-Esc Attacks using this Agent |
| 30 | + |
| 31 | +Preliminary results for the linux privilege escalation use-case can be found in [Evaluating LLMs for Privilege-Escalation Scenarios](https://arxiv.org/abs/2310.11409): |
| 32 | + |
| 33 | +~~~ bibtex |
| 34 | +@misc{happe2024llms, |
| 35 | + title={LLMs as Hackers: Autonomous Linux Privilege Escalation Attacks}, |
| 36 | + author={Andreas Happe and Aaron Kaplan and Jürgen Cito}, |
| 37 | + year={2024}, |
| 38 | + eprint={2310.11409}, |
| 39 | + archivePrefix={arXiv}, |
| 40 | + primaryClass={cs.CR} |
| 41 | +} |
| 42 | +~~~ |
| 43 | + |
| 44 | +This work is partially based upon our empiric research into [how hackers work](https://arxiv.org/abs/2308.07057): |
| 45 | + |
| 46 | +~~~ bibtex |
| 47 | +@inproceedings{Happe_2023, series={ESEC/FSE ’23}, |
| 48 | + title={Understanding Hackers’ Work: An Empirical Study of Offensive Security Practitioners}, |
| 49 | + url={http://dx.doi.org/10.1145/3611643.3613900}, |
| 50 | + DOI={10.1145/3611643.3613900}, |
| 51 | + booktitle={Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering}, |
| 52 | + publisher={ACM}, |
| 53 | + author={Happe, Andreas and Cito, Jürgen}, |
| 54 | + year={2023}, |
| 55 | + month=nov, collection={ESEC/FSE ’23} |
| 56 | +} |
| 57 | +~~~ |
0 commit comments