diff --git a/README.md b/README.md index 77504ec..051a3b3 100644 --- a/README.md +++ b/README.md @@ -263,15 +263,15 @@ AI 输出: 1.没有理解我的意思,输出不符合预期的结果 -![image-20241119020132345](img\image-20241119020132345.png) +![image-20241119020132345](/img/image-20241119020132345.png) 2.任务抽象复杂,AI无法完成 -![image-20241119020200828](img\image-20241119020200828.png) +![image-20241119020200828](/img/image-20241119020200828.png) 3.语句敏感,限制输出 -![image-20241119020213275](img\image-20241119020213275.png) +![image-20241119020213275](/img/image-20241119020213275.png) **但其实这上面的很多问题,都可以通过重新设计Prompt 得到更好的答案** @@ -1083,7 +1083,7 @@ def simple_function(input_string): #### 猫娘漏洞 -![image-20241120021817977](img\image-20241120021817977.png) +![image-20241120021817977](/img/image-20241120021817977.png) ## 越狱框架的潜力 @@ -1119,21 +1119,21 @@ def simple_function(input_string): 4.根据POC测试进行反馈,不断让Ai优化POC直到触发 - 最终通过利用AI生成的定制化POC,在谷歌和苹果浏览器中成功触发XSL处理XML文件时的漏洞,读取了本地文件,获得漏洞赏金![image-20241118231305399](img\image-20241118231305399.png) + 最终通过利用AI生成的定制化POC,在谷歌和苹果浏览器中成功触发XSL处理XML文件时的漏洞,读取了本地文件,获得漏洞赏金![image-20241118231305399](/img/image-20241118231305399.png) -![image-20241118231001101](img\image-20241118231001101.png) +![image-20241118231001101](/img/image-20241118231001101.png) -![image-20241118231021945](img\image-20241118231021945.png) +![image-20241118231021945](/img/image-20241118231021945.png) 通过以上,我们可以看到有趣的3点,1.利用大模型提供案例,扩展思路 2.利用大模型生成POC 用于测试 3.与之对话 深入技术细节,像是身边有一个可以头脑风暴的漏洞助手 帮助一起进行漏洞挖掘 于是我也尝试着,去让ai来帮我进行漏洞挖掘,但事与愿违 -![image-20241119015225407](img\image-20241119015225407.png) +![image-20241119015225407](/img/image-20241119015225407.png) -![image-20241119015230360](img\image-20241119015230360.png) +![image-20241119015230360](/img/image-20241119015230360.png) -![image-20241119015233429](img\image-20241119015233429.png) +![image-20241119015233429](/img/image-20241119015233429.png) 可以看到,在如今Ai安全的水位不断提升下,他不会像文中那样给出对应的回复,而是选择拒绝 或回复相对的安全条文,那没办法了,只能自己用Prompt越狱框架来自己做一个漏洞助手了 @@ -1178,87 +1178,87 @@ def simple_function(input_string): ### 复现二十万漏洞现场案例 -![image-20241120040703542](img\image-20241120040703542.png) +![image-20241120040703542](/img/image-20241120040703542.png) -![image-20241120040058412](img\image-20241120040058412.png) +![image-20241120040058412](/img/image-20241120040058412.png) -![image-20241120040121889](img\image-20241120040121889.png) +![image-20241120040121889](/img/image-20241120040121889.png) -![image-20241120040126024](img\image-20241120040126024.png) +![image-20241120040126024](/img/image-20241120040126024.png) ### 赛博挖洞环节 -![image-20241125172502798](img\image-20241125172502798.png) +![image-20241125172502798](/img/image-20241125172502798.png) -![image-20241125172523277](img\image-20241125172523277.png) +![image-20241125172523277](/img/image-20241125172523277.png) -![image-20241125172551951](img\image-20241125172551951.png) +![image-20241125172551951](/img/image-20241125172551951.png) -![image-20241125172609782](img\image-20241125172609782.png) +![image-20241125172609782](/img/image-20241125172609782.png) #### 支付场景 -![image-20241120040142401](img\image-20241120040142401.png) +![image-20241120040142401](/img/image-20241120040142401.png) -![image-20241120040145915](img\image-20241120040145915.png) +![image-20241120040145915](/img/image-20241120040145915.png) -![image-20241120040151521](img\image-20241120040151521.png) +![image-20241120040151521](/img/image-20241120040151521.png) -![image-20241120040200600](img\image-20241120040200600.png) +![image-20241120040200600](/img/image-20241120040200600.png) -![image-20241120040205236](img\image-20241120040205236.png) +![image-20241120040205236](/img/image-20241120040205236.png) -![image-20241120040211626](img\image-20241120040211626.png) +![image-20241120040211626](/img/image-20241120040211626.png) -![image-20241120040215224](img\image-20241120040215224.png) +![image-20241120040215224](/img/image-20241120040215224.png) #### RCE场景 -![image-20241120040221008](img\image-20241120040221008.png) +![image-20241120040221008](/img/image-20241120040221008.png) -![image-20241120040223643](img\image-20241120040223643.png) +![image-20241120040223643](/img/image-20241120040223643.png) -![image-20241120040230948](img\image-20241120040230948.png) +![image-20241120040230948](/img/image-20241120040230948.png) -![image-20241120040232052](img\image-20241120040232052.png) +![image-20241120040232052](/img/image-20241120040232052.png) -![image-20241120040243631](img\image-20241120040243631.png) +![image-20241120040243631](/img/image-20241120040243631.png) -![image-20241120040248118](img\image-20241120040248118.png) +![image-20241120040248118](/img/image-20241120040248118.png) -![image-20241120040253749](img\image-20241120040253749.png) +![image-20241120040253749](/img/image-20241120040253749.png) -![image-20241120040258063](img\image-20241120040258063.png) +![image-20241120040258063](/img/image-20241120040258063.png) #### 缓冲区溢出漏洞 -![image-20241125145220119](img\image-20241125145220119.png) +![image-20241125145220119](/img/image-20241125145220119.png) #### 业务分析 -![image-20241125145312503](img\image-20241125145312503.png) +![image-20241125145312503](/img/image-20241125145312503.png) #### 信息搜集 -![image-20241125145321266](img\image-20241125145321266.png) +![image-20241125145321266](/img/image-20241125145321266.png) #### 思路创新 -![image-20241125145329311](img\image-20241125145329311.png) +![image-20241125145329311](/img/image-20241125145329311.png) #### 字典创作 -![image-20241125145336645](img\image-20241125145336645.png) +![image-20241125145336645](/img/image-20241125145336645.png) #### 缅甸割腰子钓鱼短信和钓鱼邮件 -![image-20241120040303498](img\image-20241120040303498.png) +![image-20241120040303498](/img/image-20241120040303498.png) -![image-20241120040316192](img\image-20241120040316192.png) +![image-20241120040316192](/img/image-20241120040316192.png) @@ -1351,31 +1351,31 @@ Prison Break Successful! Welcome to Mist Vulnerability Assistant 注意,源代码只是一个参考模板,我们开头就说过:Prompt × AI 理解 = 输出质量,所以根据不同的Ai要进行不同的越狱手法调整才能进行越狱,这里展示最近比较火热的明星的Ai越狱结果 -![image-20241125152356736](img\image-20241125152356736.png) +![image-20241125152356736](/img/image-20241125152356736.png) -![image-20241125152436867](img\image-20241125152436867.png) +![image-20241125152436867](/img/image-20241125152436867.png) -![image-20241125154905504](img\image-20241125154905504.png) +![image-20241125154905504](/img/image-20241125154905504.png) -![image-20241125155541446](img\image-20241125155541446.png) +![image-20241125155541446](/img/image-20241125155541446.png) -![image-20241125164038207](img\image-20241125164038207.png) +![image-20241125164038207](/img/image-20241125164038207.png) -![image-20241125164210379](img\image-20241125164210379.png) +![image-20241125164210379](/img/image-20241125164210379.png) -![image-20241125161135030](img\image-20241125161135030.png) +![image-20241125161135030](/img/image-20241125161135030.png) -![image-20241125160929910](img\image-20241125160929910.png) +![image-20241125160929910](/img/image-20241125160929910.png) -![image-20241125160253413](img\image-20241125160253413.png) +![image-20241125160253413](/img/image-20241125160253413.png) -![image-20241125161844296](img\image-20241125161844296.png) +![image-20241125161844296](/img/image-20241125161844296.png) -![image-20241125162015139](img\image-20241125162015139.png) +![image-20241125162015139](/img/image-20241125162015139.png) -![image-20241125160623162](img\image-20241125160623162.png) +![image-20241125160623162](/img/image-20241125160623162.png) @@ -1409,7 +1409,7 @@ GitHub ## 作者联系方式 -![wechat](img\wechat.jpg) +![wechat](/img/wechat.jpg) -![mstlogo](img\mstlogo.png) +![mstlogo](/img/mstlogo.png)