ipa-lab · andreashappe · Sep 4, 2024 · Sep 1, 2024 · Sep 2, 2024 · Sep 4, 2024
@@ -154,7 +154,7 @@ We try to keep our python dependencies as light as possible. This should allow f
 
 To get everything up and running, clone the repo, download requirements, setup API keys and credentials, and start `wintermute.py`:
 
-~~~ bash
+```bash
 # clone the repository
 $ git clone https://github.com/ipa-lab/hackingBuddyGPT.git
 $ cd hackingBuddyGPT
@@ -173,16 +173,41 @@ $ cp .env.example .env
 $ vi .env
 
 # if you start wintermute without parameters, it will list all available use cases
-$ python wintermute.py
-usage: wintermute.py [-h] {linux_privesc,minimal_linux_privesc,windows privesc} ...
-wintermute.py: error: the following arguments are required: {linux_privesc,windows privesc}
+$ python src/hackingBuddyGPT/cli/wintermute.py
+usage: wintermute.py [-h]
+                     {LinuxPrivesc,WindowsPrivesc,ExPrivEscLinux,ExPrivEscLinuxTemplated,ExPrivEscLinuxHintFile,ExPrivEscLinuxLSE,MinimalWebTesting,WebTestingWithExplanation,SimpleWebAPITesting,SimpleWebAPIDocumentation}
+                     ...
+wintermute.py: error: the following arguments are required: {LinuxPrivesc,WindowsPrivesc,ExPrivEscLinux,ExPrivEscLinuxTemplated,ExPrivEscLinuxHintFile,ExPrivEscLinuxLSE,MinimalWebTesting,WebTestingWithExplanation,SimpleWebAPITesting,SimpleWebAPIDocumentation}
+```
+
+## Provide a Target Machine over SSH
+
+The next important part is having a machine that we can run our agent against. In our case, the target machine will be situated at `192.168.122.151`.
+
+We are using vulnerable Linux systems running in Virtual Machines for this. Never run this against real systems.
+
+> 💡 **We also provide vulnerable machines!**
+>
+> We are using virtual machines from our [Linux Privilege-Escalation Benchmark](https://github.com/ipa-lab/benchmark-privesc-linux) project. Feel free to use them for your own research!
+
+## Run the Hacking Agent
 
+Finally we can run hackingBuddyGPT against our provided test VM. Enjoy!
+
+> ❗ **Don't be evil!**
+>
+> Usage of hackingBuddyGPT for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.
+
+With that out of the way, let's look at an example hackingBuddyGPT run. Each run is structured in rounds. At the start of each round, hackingBuddyGPT asks a LLM for the next command to execute (e.g., `whoami`) for the first round. It then executes that command on the virtual machine, prints its output and starts a new round (in which it also includes the output of prior rounds) until it reaches step number 10 or becomes root:
+
+```bash
 # start wintermute, i.e., attack the configured virtual machine
-$ python wintermute.py minimal_linux_privesc
+$ python src/hackingBuddyGPT/cli/wintermute.py LinuxPrivesc --llm.api_key=sk...ChangeMeToYourOpenAiApiKey --llm.model=gpt-4-turbo --llm.context_size=8192 --conn.host=192.168.122.151 --conn.username=lowpriv --conn.password=trustno1 --conn.hostname=test1
+
 
 # install dependencies for testing if you want to run the tests
-$ pip install .[testing]
-~~~
+$ pip install '.[testing]'
+```
 
 ## Publications about hackingBuddyGPT