lloydchang
commented
2 months ago Closed lloydchang closed 2 months ago
lloydchang
commented
2 months ago 
andreashappe
commented
2 months ago please don't target localhost directly. This would mean that a user (that does not know what to do) would hack their own system. We cannot give out instructions like that to end-users.
It is better to use a virtual machine as a target.
andreashappe
commented
2 months ago thanks for changing this. Have you tried to setup a virtual machine for testing? If so, could you detail the steps that you took? I think this would help other developers a lot
lloydchang
commented
2 months ago @andreashappe wrote:
thanks for changing this. Have you tried to setup a virtual machine for testing? If so, could you detail the steps that you took? I think this would help other developers a lot
We used GitHub CodeSpaces and containers instead of Vagrant virtual machines. Please review https://github.com/ipa-lab/benchmark-privesc-linux/pull/2 Thank you!
lloydchang
commented
2 months ago @andreashappe wrote:
looks good, maybe we should add more about where to get the virtual machines
Is your ask to add more to this repository, another repository, or both?
For example, https://github.com/ipa-lab/docs.hackingbuddy/pull/5 hasn't been merged yet.
Would we add more in that repository?
andreashappe
commented
2 months ago @andreashappe wrote: Is your ask to add more to this repository, another repository, or both?
Mostly, I am thinking about new people that try to use hackingBuddyGPT (such as you were, when you installed it for the first time). Maybe add a link about where to download a virtual machine, etc. (as we often get similar questions on the discord server) -- but that is just a nice to have, don't feel compelled to do it!
For example, ipa-lab/docs.hackingbuddy#5 hasn't been merged yet.
I am still reviewing that commit (as it is larger, containing a shell script, etc.).
lloydchang
commented
2 months ago Thanks for clarifying.
As an idea, https://github.com/ipa-lab/benchmark-privesc-linux can be added as a Git subtree of this repository.
Then, we can add a .devcontainer/devcontainer.json file similar to
https://github.com/ipa-lab/benchmark-privesc-linux/pull/2
Hypothetically, that would enable teams to start GitHub Codespaces in this repository or forks to have containers to test with.
Ubuntu users without GitHub Codespaces can try running
codespaces_create_and_start_containers.sh at
https://github.com/ipa-lab/benchmark-privesc-linux/pull/2/files#diff-4b6f39d52671f0a99ca0f468802c1d9e87cc09ef5b81882f4dc70cb772dd29e1
and make local changes depending on how different their Ubuntu is from GitHub CodeSpaces' Ubuntu.
@andreashappe wrote:
For example, https://github.com/ipa-lab/docs.hackingbuddy/pull/5 hasn't been merged yet.
I am still reviewing that commit (as it is larger, containing a shell script, etc.).
https://github.com/ipa-lab/docs.hackingbuddy/pull/5/files
changes page.md only.
Are you referring to https://github.com/ipa-lab/benchmark-privesc-linux/pull/2/files ?
andreashappe
commented
2 months ago I'd prefer not to add benchmark-privesc-linux as github subtree as then I would also add other repositories (like the web benchmarks) as additional subtree. So keeping them separated seems to be more consistent.
I (personally) would not run either vulnerable containers nor LLM-guided attack tooling outside of my local computers and test-setup but I can understand why people want to do it that way. Would it be possible to add codespace support to hackingbuddygpt in a way, that only spawns a single container (maybe with the suid/sudo use-case) and starts hackingBuddyGPT against that container? That might be the 'easiest' show-case/use-case for a new user.
should be merged since yesterday (; got the links mixed up
Key changes:
192.168.122.151Errors fixed:
Co-authored-by: Haley Lifrieri haleylifrieri@college.harvard.edu Co-authored-by: Haley Lifrieri halifrieri@gmail.com Co-authored-by: Muturi David muturidavid854@gmail.com Co-authored-by: Pardaz Banu Mohammad pardaz.banu786@gmail.com Co-authored-by: Pardaz Banu Mohammad pardazbanu1999@gmail.com Co-authored-by: Toluwalope Olateru-Olagbeg wole2003@gmail.com