From 9e81f3b2189055553a79d6687d483addef498608 Mon Sep 17 00:00:00 2001 From: "lloydchang (aider)" Date: Wed, 4 Dec 2024 17:43:29 -0800 Subject: [PATCH 1/4] docs: Move Codespaces documentation to CODESPACES.md --- CODESPACES.md | 90 +++++++++++++++++++++++++++++++++++++++++++++++ README.md | 97 +++------------------------------------------------ 2 files changed, 95 insertions(+), 92 deletions(-) create mode 100644 CODESPACES.md diff --git a/CODESPACES.md b/CODESPACES.md new file mode 100644 index 0000000..73775bb --- /dev/null +++ b/CODESPACES.md @@ -0,0 +1,90 @@ +# GitHub Codespaces support + +**Backstory** + +https://github.com/ipa-lab/hackingBuddyGPT/pull/85#issuecomment-2331166997 + +> Would it be possible to add codespace support to hackingbuddygpt in a way, that only spawns a single container (maybe with the suid/sudo use-case) and starts hackingBuddyGPT against that container? That might be the 'easiest' show-case/use-case for a new user. + +**Steps** +1. Go to https://github.com/ipa-lab/hackingBuddyGPT +2. Click the "Code" button. +3. Click the "Codespaces" tab. +4. Click the "Create codespace on main" button. +5. Wait for Codespaces to start β€” This may take upwards of 10 minutes. + +> Setting up remote connection: Building codespace... + +6. After Codespaces started, you may need to restart a new Terminal via the Command Palette: + +Press the key combination: + +> `β‡§βŒ˜P` `Shift+Command+P` (Mac) / `Ctrl+Shift+P` (Windows/Linux) + +In the Command Palette, type `>` and `Terminal: Create New Terminal` and press the return key. + +7. You should see a new terminal similar to the following: + +> πŸ‘‹ Welcome to Codespaces! You are on our default image. +> +> `-` It includes runtimes and tools for Python, Node.js, Docker, and more. See the full list here: https://aka.ms/ghcs-default-image +> +> `-` Want to use a custom image instead? Learn more here: https://aka.ms/configure-codespace +> +> πŸ” To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1). +> +> πŸ“ Edit away, run your app as usual, and we'll automatically make it available for you to access. +> +> @github-username ➜ /workspaces/hackingBuddyGPT (main) $ + +Type the following to manually run: +```bash +./scripts/codespaces_start_hackingbuddygpt_against_a_container.sh +``` +7. Eventually, you should see: + +> Currently, May 2024, running hackingBuddyGPT with GPT-4-turbo against a benchmark containing 13 VMs (with maximum 20 tries per VM) cost around $5. +> +> Therefore, running hackingBuddyGPT with GPT-4-turbo against containing a container with maximum 10 tries would cost around $0.20. +> +> Enter your OpenAI API key and press the return key: + +8. As requested, please enter your OpenAI API key and press the return key. + +9. hackingBuddyGPT should start: + +> Starting hackingBuddyGPT against a container... + +10. If your OpenAI API key is *valid*, then you should see output similar to the following: + +> [00:00:00] Starting turn 1 of 10 +> +> Got command from LLM: +> +> … +> +> [00:01:00] Starting turn 10 of 10 +> +> … +> +> Run finished +> +> maximum turn number reached + +11. If your OpenAI API key is *invalid*, then you should see output similar to the following: + +> [00:00:00] Starting turn 1 of 10 +> +> Traceback (most recent call last): +> +> … +> +> Exception: Error from OpenAI Gateway (401 + +**References** +* https://docs.github.com/en/codespaces +* https://docs.github.com/en/codespaces/getting-started/quickstart +* https://docs.github.com/en/codespaces/reference/using-the-vs-code-command-palette-in-codespaces +* https://openai.com/api/pricing/ +* https://platform.openai.com/docs/quickstart +* https://platform.openai.com/api-keys diff --git a/README.md b/README.md index 7fbeb21..69c1525 100644 --- a/README.md +++ b/README.md @@ -190,96 +190,15 @@ We are using vulnerable Linux systems running in Virtual Machines for this. Neve > > We are using virtual machines from our [Linux Privilege-Escalation Benchmark](https://github.com/ipa-lab/benchmark-privesc-linux) project. Feel free to use them for your own research! -## GitHub Codespaces support - -**Backstory** - -https://github.com/ipa-lab/hackingBuddyGPT/pull/85#issuecomment-2331166997 - -> Would it be possible to add codespace support to hackingbuddygpt in a way, that only spawns a single container (maybe with the suid/sudo use-case) and starts hackingBuddyGPT against that container? That might be the 'easiest' show-case/use-case for a new user. - -**Steps** -1. Go to https://github.com/ipa-lab/hackingBuddyGPT -2. Click the "Code" button. -3. Click the "Codespaces" tab. -4. Click the "Create codespace on main" button. -5. Wait for Codespaces to start β€” This may take upwards of 10 minutes. - -> Setting up remote connection: Building codespace... - -6. After Codespaces started, you may need to restart a new Terminal via the Command Palette: - -Press the key combination: - -> `β‡§βŒ˜P` `Shift+Command+P` (Mac) / `Ctrl+Shift+P` (Windows/Linux) - -In the Command Palette, type `>` and `Terminal: Create New Terminal` and press the return key. - -7. You should see a new terminal similar to the following: - -> πŸ‘‹ Welcome to Codespaces! You are on our default image. -> -> `-` It includes runtimes and tools for Python, Node.js, Docker, and more. See the full list here: https://aka.ms/ghcs-default-image -> -> `-` Want to use a custom image instead? Learn more here: https://aka.ms/configure-codespace -> -> πŸ” To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1). -> -> πŸ“ Edit away, run your app as usual, and we'll automatically make it available for you to access. -> -> @github-username ➜ /workspaces/hackingBuddyGPT (main) $ - -Type the following to manually run: -```bash -./scripts/codespaces_start_hackingbuddygpt_against_a_container.sh -``` -7. Eventually, you should see: - -> Currently, May 2024, running hackingBuddyGPT with GPT-4-turbo against a benchmark containing 13 VMs (with maximum 20 tries per VM) cost around $5. -> -> Therefore, running hackingBuddyGPT with GPT-4-turbo against containing a container with maximum 10 tries would cost around $0.20. -> -> Enter your OpenAI API key and press the return key: - -8. As requested, please enter your OpenAI API key and press the return key. - -9. hackingBuddyGPT should start: - -> Starting hackingBuddyGPT against a container... - -10. If your OpenAI API key is *valid*, then you should see output similar to the following: +## Use Cases -> [00:00:00] Starting turn 1 of 10 -> -> Got command from LLM: -> -> … -> -> [00:01:00] Starting turn 10 of 10 -> -> … -> -> Run finished -> -> maximum turn number reached +Mac, Docker Desktop and Gemini-OpenAI-Proxy: -11. If your OpenAI API key is *invalid*, then you should see output similar to the following: +* See [MAC.md](MAC.md) -> [00:00:00] Starting turn 1 of 10 -> -> Traceback (most recent call last): -> -> … -> -> Exception: Error from OpenAI Gateway (401 +GitHub Codespaces: -**References** -* https://docs.github.com/en/codespaces -* https://docs.github.com/en/codespaces/getting-started/quickstart -* https://docs.github.com/en/codespaces/reference/using-the-vs-code-command-palette-in-codespaces -* https://openai.com/api/pricing/ -* https://platform.openai.com/docs/quickstart -* https://platform.openai.com/api-keys +* See [CODESPACES.md](CODESPACES.md) ## Run the Hacking Agent @@ -300,12 +219,6 @@ $ python src/hackingBuddyGPT/cli/wintermute.py LinuxPrivesc --llm.api_key=sk...C $ pip install '.[testing]' ``` -## Use Cases - -Mac, Docker Desktop and Gemini-OpenAI-Proxy: - -* See https://github.com/ipa-lab/hackingBuddyGPT/blob/main/MAC.md - ## Publications about hackingBuddyGPT Given our background in academia, we have authored papers that lay the groundwork and report on our efforts: From 85e3c1173bed049d3247ac855bec3805696e9094 Mon Sep 17 00:00:00 2001 From: lloydchang Date: Wed, 4 Dec 2024 18:15:55 -0800 Subject: [PATCH 2/4] docs(README.md): alphabetize --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 69c1525..28036a8 100644 --- a/README.md +++ b/README.md @@ -192,14 +192,14 @@ We are using vulnerable Linux systems running in Virtual Machines for this. Neve ## Use Cases -Mac, Docker Desktop and Gemini-OpenAI-Proxy: - -* See [MAC.md](MAC.md) - GitHub Codespaces: * See [CODESPACES.md](CODESPACES.md) +Mac, Docker Desktop and Gemini-OpenAI-Proxy: + +* See [MAC.md](MAC.md) + ## Run the Hacking Agent Finally we can run hackingBuddyGPT against our provided test VM. Enjoy! From 39580947bf069e2d3fb0436443119e29869f07f3 Mon Sep 17 00:00:00 2001 From: lloydchang Date: Wed, 4 Dec 2024 18:27:36 -0800 Subject: [PATCH 3/4] docs(CODESPACES.md): add gemini --- CODESPACES.md | 86 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 2 deletions(-) diff --git a/CODESPACES.md b/CODESPACES.md index 73775bb..98c9964 100644 --- a/CODESPACES.md +++ b/CODESPACES.md @@ -1,4 +1,4 @@ -# GitHub Codespaces support +# Use Case: GitHub Codespaces **Backstory** @@ -81,10 +81,92 @@ Type the following to manually run: > > Exception: Error from OpenAI Gateway (401 -**References** +12. Alternatively, use Google Gemini instead of OpenAI + +**Preqrequisites:** + +```bash +python -m venv venv +``` + +```bash +source ./venv/bin/activate +``` + +```bash +pip install -e . +``` + +**Use gemini-openai-proxy and Gemini:** + +http://localhost:8080 is gemini-openai-proxy + +gpt-4 maps to gemini-1.5-flash-latest + +Hence use gpt-4 below in `--llm.model=gpt-4` + +Gemini free tier has a limit of 15 requests per minute, and 1500 requests per day + +Hence `--max_turns 999999999` will exceed the daily limit + +```bash +docker run --restart=unless-stopped -it -d -p 8080:8080 --name gemini zhu327/gemini-openai-proxy:latest +``` + +export GEMINI_API_KEY= + +```bash +wintermute LinuxPrivesc --llm.api_key=$GEMINI_API_KEY --llm.model=gpt-4 --llm.context_size=1000000 --conn.host=192.168.122.151 --conn.username=lowpriv --conn.password=trustno1 --conn.hostname=test1 --llm.api_url=http://localhost:8080 --llm.api_backoff=60 --max_turns 999999999 +``` + + +**Google AI Studio: Gemini free tier has a limit of 15 requests per minute, and 1500 requests per day:** + +https://ai.google.dev/pricing#1_5flash + +> Gemini 1.5 Flash +> +> The Gemini API β€œfree tier” is offered through the API service with lower rate limits for testing purposes. Google AI Studio usage is completely free in all available countries. +> +> Rate Limits +> +> 15 RPM (requests per minute) +> +> 1 million TPM (tokens per minute) +> +> 1,500 RPD (requests per day) +> +> Used to improve Google's products +> +> Yes + +https://ai.google.dev/gemini-api/terms#data-use-unpaid + +> How Google Uses Your Data +> +> When you use Unpaid Services, including, for example, Google AI Studio and the unpaid quota on Gemini API, Google uses the content you submit to the Services and any generated responses to provide, improve, and develop Google products and services and machine learning technologies, including Google's enterprise features, products, and services, consistent with our Privacy Policy https://policies.google.com/privacy +> +> To help with quality and improve our products, human reviewers may read, annotate, and process your API input and output. Google takes steps to protect your privacy as part of this process. This includes disconnecting this data from your Google Account, API key, and Cloud project before reviewers see or annotate it. **Do not submit sensitive, confidential, or personal information to the Unpaid Services.** + +**README.md and Disclaimers:** + +https://github.com/ipa-lab/hackingBuddyGPT/blob/main/README.md + +**Please refer to [README.md](https://github.com/ipa-lab/hackingBuddyGPT/blob/main/README.md) for all disclaimers.** + +Please note and accept all of them. + +**References:** * https://docs.github.com/en/codespaces * https://docs.github.com/en/codespaces/getting-started/quickstart * https://docs.github.com/en/codespaces/reference/using-the-vs-code-command-palette-in-codespaces * https://openai.com/api/pricing/ * https://platform.openai.com/docs/quickstart * https://platform.openai.com/api-keys +* https://ai.google.dev/gemini-api/docs/ai-studio-quickstart +* https://aistudio.google.com/ +* https://aistudio.google.com/app/apikey +* https://ai.google.dev/ +* https://ai.google.dev/gemini-api/docs/api-key +* https://github.com/zhu327/gemini-openai-proxy +* https://hub.docker.com/r/zhu327/gemini-openai-proxy From 763a3b8aebed51883f5e531c841af734e9e6c1b9 Mon Sep 17 00:00:00 2001 From: lloydchang Date: Wed, 4 Dec 2024 18:37:58 -0800 Subject: [PATCH 4/4] docs(CODESPACES.md): clarify --- CODESPACES.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/CODESPACES.md b/CODESPACES.md index 98c9964..23296ef 100644 --- a/CODESPACES.md +++ b/CODESPACES.md @@ -101,25 +101,32 @@ pip install -e . http://localhost:8080 is gemini-openai-proxy -gpt-4 maps to gemini-1.5-flash-latest +`gpt-4` maps to `gemini-1.5-flash-latest` -Hence use gpt-4 below in `--llm.model=gpt-4` +Hence use `gpt-4` below in `--llm.model=gpt-4` Gemini free tier has a limit of 15 requests per minute, and 1500 requests per day Hence `--max_turns 999999999` will exceed the daily limit +**Run gemini-openai-proxy** + ```bash docker run --restart=unless-stopped -it -d -p 8080:8080 --name gemini zhu327/gemini-openai-proxy:latest ``` +**Manually enter your GEMINI_API_KEY value based on** https://aistudio.google.com/app/apikey + +```bash export GEMINI_API_KEY= +``` + +**Starting hackingBuddyGPT against a container...** ```bash wintermute LinuxPrivesc --llm.api_key=$GEMINI_API_KEY --llm.model=gpt-4 --llm.context_size=1000000 --conn.host=192.168.122.151 --conn.username=lowpriv --conn.password=trustno1 --conn.hostname=test1 --llm.api_url=http://localhost:8080 --llm.api_backoff=60 --max_turns 999999999 ``` - **Google AI Studio: Gemini free tier has a limit of 15 requests per minute, and 1500 requests per day:** https://ai.google.dev/pricing#1_5flash