Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

some problem about DeepExploit #22

Open
13o-bbr-bbq opened this issue Aug 23, 2018 · 7 comments
Open

some problem about DeepExploit #22

13o-bbr-bbq opened this issue Aug 23, 2018 · 7 comments

Comments

@13o-bbr-bbq
Copy link
Owner

I have tried your DeepExploit system and finished the configuration.
After training, I used the system to exploit one machine, it show some failed message below.

[!] type:<class 'AttributeError'>
[!] args:("'int' object has no attribute 'decode'",)
[!] 'int' object has no attribute 'decode'
[!] Failed: module.info

Is there something i missed or ?
@mbhatt1
Copy link

mbhatt1 commented Aug 23, 2018

You meant to comment here? Or a different repo?

@13o-bbr-bbq
Copy link
Owner Author

i received this issue from anonymous using e-mail.
so posted this issue at this instead of anonymous.

@opsoyo
Copy link

opsoyo commented Dec 12, 2018

I am having a similar experience in Kali after training.

[*] Port scanning: ###.###.###.###
[*] Executing keep_alive..
[!] type:<class 'AttributeError'>
[!] args:("'NoneType' object has no attribute 'decode'",)
[!] 'NoneType' object has no attribute 'decode'
[!] Failed: version

@hustzhm
Copy link

hustzhm commented Jul 11, 2019

Hi,
I have some troubles about the DeepExploit.

  1. For the same target server,the trained model is different.I do not change the parameters about the network,and the target server is metasploitable2-Linux,referred in your GitHub. I want to know how to solve the problem because the different models make the exploit unstable,which can not meet our demands.Perhaps,does the instability of RL lead to the problem?
  2. Every time I use the tool to exploit the same target server,I will get different results.The model sorts the action(payload) by the probability.According to common sense,the same payload should be selected every time for the same port when the model is trained.But the situation is not like that.
  3. I can not use the tool to exploit the other servers.It always failed to exploit.So I just train and test the model in the same server.
    Test result .docx

@rongqinglee
Copy link

I have tried your DeepExploit system and finished the configuration.
After training, I used the system to exploit one machine, it show some failed message below.

[!] type:<class 'AttributeError'>
[!] args:("'int' object has no attribute 'decode'",)
[!] 'int' object has no attribute 'decode'
[!] Failed: module.info

Is there something i missed or ?

I encountered this problem too. Some version of Kali gives rank as 600, 500, ..., but not 'excellent', 'great',...

I modify some code as following and could work:
#rank = module_info[b'rank'].decode('utf-8')
#if rank in {'excellent', 'great', 'good'}:

modify as ==>

rank = module_info[b'rank']
if rank in {600, 500, 400}:

@NovaBlastHD
Copy link

Hi,
I have some troubles about the DeepExploit.

1. For the same target server,the trained model is different.I do not change the parameters about the network,and the target server is metasploitable2-Linux,referred in your GitHub. I want to know how to solve the problem because the different models make the exploit unstable,which can not meet our demands.Perhaps,does the instability of RL lead to the problem?

2. Every time I use the tool to exploit the same target server,I will get different results.The model sorts the action(payload) by the probability.According to common sense,the same payload should be selected every time for the same port when the model is trained.But the situation is not like that.

3. I can not use the tool to exploit the other servers.It always failed to exploit.So I just train and test the model in the same server.
   [Test result .docx](https://github.com/13o-bbr-bbq/machine_learning_security/files/3381708/Test.result.docx)

To answer your first two questions, which are pretty much the same thing, you have to understand how machine learning works. The weights are initialized randomly. I'm not sure if that is the case here but it seems like it. Because they are initialized randomly, when the weights are updated they probably fall inside a local minimum. This is why you get different results each time. If you were to initialized the weights with 0 every time then the model wouldn't be as effective and you would end up with the same data each time.

@1939552724
Copy link

@hustzhm
Hi, I try to run this project! But there are some problems and bugs that I can't solve! Could you show me your sucessful project?

one problem like this:

[] 311/2006 Loaded exploit: linux/samba/trans2open
[!] 312/2006 linux/smtp/apache_james_exec module is danger (rank: normal). Can't load.
[] 313/2006 Loaded exploit: linux/smtp/exim4_dovecot_exec
[*] 314/2006 Loaded exploit: linux/smtp/exim_gethostbyname_bof
[!] type:<class 'KeyError'>
[!] args:(b'rank',)
[!] b'rank'
[!] Failed: module.info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@opsoyo @mbhatt1 @NovaBlastHD @13o-bbr-bbq @rongqinglee @hustzhm @1939552724