메뉴 건너뛰기

infra

[aiexe] 명령 프롬프트를 사용해 취약점 진단이 가능할까?

suritam92024.05.19 12:21조회 수 119댓글 0

    • 글자 크기

리눅스 OS에 aiexe 를 설치하고 현재 접속자 및 열려진 포트를 확인하는 프롬프트를 실행해 봤다.

 

# curl -sL https://deb.nodesource.com/setup_20.x | sudo bash -E -

 

# sudo apt-get install -y nodejs

 

# sudo apt install python3.8-venv

 

최신버전의 nodejs와 파이썬 관련 프로그램을 설치하고 aiexe를 관리자 모드로 실행한다.

 

API 키는 openai에서 제대로 동작하는지 확인하여 잘 넣어 준다.

 

1) who is access this os

해당 명령에 대해서는 
try:

    import getpass

except ImportError:

    import subprocess

    subprocess.run(['pip', 'install', 'getpass'])

 

# Get the current user

user = getpass.getuser()

 

print(f"The current user is: {user}")

 

위의 코드를 작성해 줬으며 문제 없이 동작하였다.

 

2) tell me which ports are open 

위 명령어는 

try:

    import psutil

except ImportError:

    import subprocess

    subprocess.run(['pip', 'install', 'psutil'])

 

# Get all process ids

pids = psutil.pids()

 

open_ports = []

 

for pid in pids:

    try:

        process = psutil.Process(pid)

        for conn in process.connections(kind='inet'):

            if conn.status == 'LISTEN':

                open_ports.append(conn.laddr.port)

    except (psutil.NoSuchProcess, psutil.AccessDenied):

        pass

 

print(f"Open ports: {open_ports}")

 

psutil이 없어서 오류가 발생하였으나, 코드 재작성을 선택 후 다시 하니 열려진 포트를 알려주었다.

 

try:

    import psutil

except ImportError:

    import subprocess

    subprocess.check_call(["python", '-m', 'pip', 'install', 'psutil'])

    import psutil

 

# Get all process ids

pids = psutil.pids()

 

open_ports = []

 

for pid in pids:

    try:

        process = psutil.Process(pid)

        for conn in process.connections(kind='inet'):

            if conn.status == 'LISTEN':

                open_ports.append(conn.laddr.port)

    except (psutil.NoSuchProcess, psutil.AccessDenied):

        pass

 

print(f"Open ports: {open_ports}")

 

추가로 몇 개 더 해봐야겠다.

 

✔ Requesting gpt-4 succeeded

────────────────────────────────────────────────────────────────────────────────

AI's Response:

It seems like your request is incomplete. Could you please provide more details?                                                                                                                                                              Are you asking about how to access environment variables in Python, or how to s                                                                                                                                                             et up a Python environment, or something else? Please provide more context.

────────────────────────────────────────────────────────────────────────────────

 What can I do for you?: who is access this os

✔ Requesting gpt-4 succeeded

✔ Generation succeeded with gpt-4

────────────────────────────────────────────────────────────────────────────────

# GENERATED CODE for:

# who is access this os

 

try:

    import getpass

except ImportError:

    import subprocess

    subprocess.run(['pip', 'install', 'getpass'])

 

# Get the current user

user = getpass.getuser()

 

print(f"The current user is: {user}")

 

# This code is proposed for mission execution

# This code will be run in /usr/lib/node_modules/aiexe

# This code file is actually located at /root/.aiexe_venv_3/20240519_030700_093.                                                                                                                                                             py and you can review the code by opening this file.

# Additional code included at the top of this file ensures smooth operation. For                                                                                                                                                              a more detailed review, it is recommended to open the actual file.

# Please review the code carefully as it may cause unintended system behavior

────────────────────────────────────────────────────────────────────────────────

Please select an option:

? Enter your choice 1 - Execute Code

────────────────────────────────────────────────────────────────────────────────

The current user is: root

────────────────────────────────────────────────────────────────────────────────

✔ The code ran successfully

✔ Requesting gpt-4 succeeded

────────────────────────────────────────────────────────────────────────────────

AI's Response:

The result you got is correct based on the code provided. The code is designed t                                                                                                                                                             o fetch and print the username of the current user in the operating system where                                                                                                                                                              the Python script is being run.

 

In your case, the output "The current user is: root" means that the Python scrip                                                                                                                                                             t was run by the user named "root". The "root" user is a special user in Unix-li                                                                                                                                                             ke operating systems (like Linux, MacOS) with superuser privileges. This user ha                                                                                                                                                             s full access to the system and can perform any operation.

 

This information can be useful in various contexts. For example, if your script                                                                                                                                                              is designed to perform certain operations that require specific user privileges,                                                                                                                                                              knowing the current user can help you handle such operations appropriately.

 

As for the instruction, it seems to be a note or a rule for handling user reques                                                                                                                                                             ts. If a user's request is written in Korean, you should respond in Korean. Howe                                                                                                                                                             ver, this instruction doesn't seem to be directly related to the code execution                                                                                                                                                              result.

────────────────────────────────────────────────────────────────────────────────

 What can I do for you?: tell me which ports are open

✔ Requesting gpt-4 succeeded

✔ Generation succeeded with gpt-4

────────────────────────────────────────────────────────────────────────────────

# GENERATED CODE for:

# tell me which ports are open

 

try:

    import psutil

except ImportError:

    import subprocess

    subprocess.run(['pip', 'install', 'psutil'])

 

# Get all process ids

pids = psutil.pids()

 

open_ports = []

 

for pid in pids:

    try:

        process = psutil.Process(pid)

        for conn in process.connections(kind='inet'):

            if conn.status == 'LISTEN':

                open_ports.append(conn.laddr.port)

    except (psutil.NoSuchProcess, psutil.AccessDenied):

        pass

 

print(f"Open ports: {open_ports}")

 

# This code is proposed for mission execution

# This code will be run in /usr/lib/node_modules/aiexe

# This code file is actually located at /root/.aiexe_venv_3/20240519_031245_174.                                                                                                                                                             py and you can review the code by opening this file.

# Additional code included at the top of this file ensures smooth operation. For                                                                                                                                                              a more detailed review, it is recommended to open the actual file.

# Please review the code carefully as it may cause unintended system behavior

────────────────────────────────────────────────────────────────────────────────

Please select an option:

? Enter your choice 1 - Execute Code

────────────────────────────────────────────────────────────────────────────────

Collecting psutil

  Downloading psutil-5.9.8-cp36-abi3-manylinux_2_12_x86_64.manylinux2010_x86_64.                                                                                                                                                             manylinux_2_17_x86_64.manylinux2014_x86_64.whl (288 kB)

Installing collected packages: psutil

Successfully installed psutil-5.9.8

Traceback (most recent call last):

  File "/root/.aiexe_venv_3/._code.py", line 13, in <module>

    pids = psutil.pids()

NameError: name 'psutil' is not defined

────────────────────────────────────────────────────────────────────────────────

✔ The code failed to run because of an error

Would you like to request the creation of a revised code?

Please select an option:

? Enter your choice 1 - Create of a revised code

✔ Requesting gpt-4 succeeded

✔ Generation succeeded with gpt-4

────────────────────────────────────────────────────────────────────────────────

# GENERATED CODE for:

# tell me which ports are open

 

try:

    import psutil

except ImportError:

    import subprocess

    subprocess.check_call(["python", '-m', 'pip', 'install', 'psutil'])

    import psutil

 

# Get all process ids

pids = psutil.pids()

 

open_ports = []

 

for pid in pids:

    try:

        process = psutil.Process(pid)

        for conn in process.connections(kind='inet'):

            if conn.status == 'LISTEN':

                open_ports.append(conn.laddr.port)

    except (psutil.NoSuchProcess, psutil.AccessDenied):

        pass

 

print(f"Open ports: {open_ports}")

 

# This code is proposed for mission execution

# This code will be run in /usr/lib/node_modules/aiexe

# This code file is actually located at /root/.aiexe_venv_3/20240519_031312_681.                                                                                                                                                             py and you can review the code by opening this file.

# Additional code included at the top of this file ensures smooth operation. For                                                                                                                                                              a more detailed review, it is recommended to open the actual file.

# Please review the code carefully as it may cause unintended system behavior

────────────────────────────────────────────────────────────────────────────────

Please select an option:

? Enter your choice 1 - Execute Code

────────────────────────────────────────────────────────────────────────────────

Open ports: [111, 111, 111, 111, 53, 22, 22]

────────────────────────────────────────────────────────────────────────────────

✔ The code ran successfully

✔ Requesting gpt-4 succeeded

────────────────────────────────────────────────────────────────────────────────

AI's Response:

The result you got is correct based on the code provided. The code is designed t                                                                                                                                                             o fetch and print the list of open ports on the system where the Python script i                                                                                                                                                             s being run.

 

In your case, the output "Open ports: [111, 111, 111, 111, 53, 22, 22]" means th                                                                                                                                                             at the ports with numbers 111, 53, and 22 are currently open and listening for i                                                                                                                                                             ncoming connections. Note that the same port number may appear multiple times if                                                                                                                                                              it is open by different processes or on different network interfaces.

 

Port 111 is typically used by the RPC (Remote Procedure Call) service, port 53 i                                                                                                                                                             s typically used by the DNS (Domain Name System) service, and port 22 is typical                                                                                                                                                             ly used by the SSH (Secure Shell) service. However, any service can use any port                                                                                                                                                             , so this is just a common usage and may not reflect the actual services running                                                                                                                                                              on these ports in your system.

 

This information can be useful in various contexts. For example, if you are trou                                                                                                                                                             bleshooting network issues or performing a security audit, knowing which ports a                                                                                                                                                             re open can help you understand the network services running on your system and                                                                                                                                                              their potential vulnerabilities.

 

As for the instruction, it seems to be a note or a rule for handling user reques                                                                                                                                                             ts. If a user's request is written in Korean, you should respond in Korean. Howe                                                                                                                                                             ver, this instruction doesn't seem to be directly related to the code execution                                                                                                                                                              result.

 
    • 글자 크기
[OCI] 오라클 클라우드를 맥에서 ppk로 키 만들어 접속 (by suritam9) crAPI 회원가입 및 차량 추가, MassAssignment (by suritam9)

댓글 달기

suritam9
2024.03.12 조회 27
suritam9
2024.03.11 조회 86
suritam9
2024.03.10 조회 29
suritam9
2022.10.26 조회 48
suritam9
2022.07.10 조회 99
첨부 (0)
위로