Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GPT在二进制漏洞挖掘方面的现成应用工具 #17

Open
retr0reg opened this issue Jul 27, 2023 · 0 comments
Open

GPT在二进制漏洞挖掘方面的现成应用工具 #17

retr0reg opened this issue Jul 27, 2023 · 0 comments
Labels
good first issue Good for newcomers

Comments

@retr0reg
Copy link

这是我使用Python开发的 主要面向CTF类二进制安全设计的工具:Ret2GPT,通过使用 ChatGPT API + Retdec + Langchain,用户可以通过问答+构造好的Prompt 或者 直接使用以及构造好的Prompt 对 特定二进制文件进行漏洞挖掘 起到一个很好的漏洞挖掘助手的功能!
大概原理如下:

  1. 首先应用Retdec来反编译二进制文件成体现文件逻辑信息的Pseudocode
  2. 使用Langchains分割较大伪代码文件 之后构造 stuff 文档填充链 准备用户对于问答链
  3. 首先ChatGPT使用内置的Prompt来对文件进行大体分析 ChatGPT可以给出文件中危险可能比较高的漏洞点 和文件的逻辑
  4. 用户可以输入任何对于二进制文件的具体问题,通过加载精心设计的Prompt+Example结构对ChatGPT进行提问 对文件进行更加深入的探索
  5. 用户继续输入可能的漏洞点 软件直接通过对于二进制软件已有的信息通过Pwntools生成PoC (这一点还在work on 哈哈哈哈哈哈)

那这还是在说空话,咱们用经典的hacknote题目举个例子康康:
我们先问一问ChatGPT关于代码是干嘛的:

 What do you want to ask about hacknote >>> whats the function of the code?

🏂 PwnGPT: Based on the provided code, it appears to be a simple menu-driven program that 
  allows the user to add, delete, or print notes. It reads user input using the read() function and 
  converts it to an integer using atoi(). However, there is no input  validation, which could potentially 
  lead to buffer overflows or other vulnerabilities.

  #根据提供的代码,这似乎是一个简单的菜单驱动程序,允许用户添加、删除或打印笔记。
  #允许用户添加、删除或打印笔记。它使用 read() 函数读取用户输入,并使用 atoi() 函数将其转换为整数。
  #使用 atoi() 将其转换为整数。但是,该程序没有进行输入验证,这有可能导致缓冲区溢出或其他问题。
  #导致缓冲区溢出或其他漏洞。

ok 那知道了大概的功能 我们加载内置Prompt让GPT对文件进行更详细的漏洞分析:

 What do you want to ask about hacknote >>> /analysis

🏂 PwnGPT: Upon analyzing the provided C code, it appears to be a simple note-taking program that 
allows the user to add, delete, or view notes. The program uses the menu() function to display a menu 
of options for the user to select from. Upon selecting an option, the program uses various functions such 
as add_note(), del_note(), and print_note() to perform the corresponding action.

As for potential vulnerabilities, there are a few areas of concern in this code. Firstly, the program uses the atoi() 
function to convert user input from a string to an integer without any input validation. This could potentially lead 
to integer overflow vulnerabilities. This vulnerability could be present in the menu() function, specifically in the line 
that reads user input using the read() function.
Secondly, the program uses the puts() function to print user input without properly validating the input. This could 
potentially lead to buffer overflow vulnerabilities. This vulnerability could be present in the add_note() and del_note() 
functions, specifically in the lines that read user input using the read() function.
Thirdly, the program uses a fixed-size buffer for storing notes, which could potentially lead to stack-based buffer 
overflow  vulnerabilities. This vulnerability could be present in the add_note() function, specifically in the lines that copy user
input into the notes buffer.

The specific locations of these vulnerabilities are as follows:
* Integer overflow vulnerability: in the menu() function, specifically in the line that reads user input using the read() function.
* Buffer overflow vulnerability: in the add_note() and del_note() functions, specifically in the lines that read user input using the read() function.
* Stack-based buffer overflow vulnerability: in the add_note() function, specifically in the lines that copy user input into the notes buffer.

To exploit the integer overflow vulnerability, an attacker could input an integer that is larger than the maximum value that can be stored in the str_as_i variable, which could potentially lead to an integer overflow. To exploit the buffer overflow vulnerability, an attacker could input a string that is larger than the maximum size of the buffer, which would overwrite adjacent memory locations. To exploit the stack-based buffer overflow vulnerability, an attacker could input a string that is larger than the maximum size of the notes buffer, which would overwrite adjacent stack memory locations.
To prevent these vulnerabilities, input validation should be implemented to ensure that user input does not exceed expected ranges or buffer sizes. Additionally, dynamic memory allocation could be used instead of fixed-size buffers to prevent stack-based buffer overflow vulnerabilities.

#分析所提供的 C 代码,它似乎是一个简单的笔记程序,允许用户添加、删除或查看笔记。程序使用 menu() 函数显示一个
# 选项菜单,供用户选择。选择一个选项后,程序会使用 add_note()、del_note() 和 print_note() 等函数执行相应的操作。

# 至于潜在漏洞,这段代码中有几个方面值得关注。首先,程序使用 atoi() 函数将用户输入从字符串转换为整数,而不进行任何输入验
# 证。这有可能导致整数溢出漏洞。这个漏洞可能存在于 menu() 函数中,特别是使用 read() 函数读取用户输入的那一行。

# 其次,程序使用 puts() 函数打印用户输入,但未正确验证输入。这有可能导致缓冲区溢出漏洞。此漏洞可能存在于 add_note() 和 
# del_note() 函数中,特别是使用 read() 函数读取用户输入的行中。

# 第三,程序使用固定大小的缓冲区来存储笔记,这有可能导致基于堆栈的缓冲区溢出漏洞。该漏洞可能存在于 add_note()函数中,
# 特别是将用户输入复制到笔记缓冲区的行中。

# 这些漏洞的具体位置如下:
# 整数溢出漏洞:在 menu() 函数中,特别是在使用 read() 函数读取用户输入的行中。
# 缓冲区溢出漏洞:在 add_note() 和 del_note() 函数中,特别是在使用 read() 函数读取用户输入的行中。
# 堆栈缓冲区溢出漏洞:在 add_note() 函数中,特别是在将用户输入复制到注释缓冲区的行中。

# 要利用整數滿溢漏洞,攻擊者可輸入大於 str_as_i 變數可儲存最大值的整數,導致整數滿溢。要利用緩衝記憶體滿溢漏洞,
# 攻擊者可輸入大於緩衝記憶體最大值的字串,從而覆寫鄰近的記憶體位置。要利用堆栈缓冲区溢出漏洞,攻击者可输入一个
# 大于注释缓冲区最大大小的字符串,从而覆盖相邻的堆栈内存位置。

# 为防止这些漏洞,应实施输入验证,以确保用户输入不超出预期范围或缓冲区大小。此外,可以使用动态内存分配来代替固定大小的缓冲区,以防止基于堆栈的缓冲区溢出漏洞。

可以看到,Ret2GPT对文件进行了非常详细的分析!
当然 我介绍的也只是项目非常非常简要的介绍 具体的项目 希望大家可以去https://github.com/DDizzzy79/Ret2GPT 康康哦!

@retr0reg retr0reg changed the title GPT在二进制漏洞挖掘方面的应用工具 GPT在二进制漏洞挖掘方面的现成应用工具 Jul 27, 2023
@cloudymonstera cloudymonstera added the good first issue Good for newcomers label Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

2 participants