|
| 1 | +# Use Case: GitHub Codespaces |
| 2 | + |
| 3 | +**Backstory** |
| 4 | + |
| 5 | +https://github.com/ipa-lab/hackingBuddyGPT/pull/85#issuecomment-2331166997 |
| 6 | + |
| 7 | +> Would it be possible to add codespace support to hackingbuddygpt in a way, that only spawns a single container (maybe with the suid/sudo use-case) and starts hackingBuddyGPT against that container? That might be the 'easiest' show-case/use-case for a new user. |
| 8 | +
|
| 9 | +**Steps** |
| 10 | +1. Go to https://github.com/ipa-lab/hackingBuddyGPT |
| 11 | +2. Click the "Code" button. |
| 12 | +3. Click the "Codespaces" tab. |
| 13 | +4. Click the "Create codespace on main" button. |
| 14 | +5. Wait for Codespaces to start — This may take upwards of 10 minutes. |
| 15 | + |
| 16 | +> Setting up remote connection: Building codespace... |
| 17 | +
|
| 18 | +6. After Codespaces started, you may need to restart a new Terminal via the Command Palette: |
| 19 | + |
| 20 | +Press the key combination: |
| 21 | + |
| 22 | +> `⇧⌘P` `Shift+Command+P` (Mac) / `Ctrl+Shift+P` (Windows/Linux) |
| 23 | +
|
| 24 | +In the Command Palette, type `>` and `Terminal: Create New Terminal` and press the return key. |
| 25 | + |
| 26 | +7. You should see a new terminal similar to the following: |
| 27 | + |
| 28 | +> 👋 Welcome to Codespaces! You are on our default image. |
| 29 | +> |
| 30 | +> `-` It includes runtimes and tools for Python, Node.js, Docker, and more. See the full list here: https://aka.ms/ghcs-default-image |
| 31 | +> |
| 32 | +> `-` Want to use a custom image instead? Learn more here: https://aka.ms/configure-codespace |
| 33 | +> |
| 34 | +> 🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1). |
| 35 | +> |
| 36 | +> 📝 Edit away, run your app as usual, and we'll automatically make it available for you to access. |
| 37 | +> |
| 38 | +> @github-username ➜ /workspaces/hackingBuddyGPT (main) $ |
| 39 | +
|
| 40 | +Type the following to manually run: |
| 41 | +```bash |
| 42 | +./scripts/codespaces_start_hackingbuddygpt_against_a_container.sh |
| 43 | +``` |
| 44 | +7. Eventually, you should see: |
| 45 | + |
| 46 | +> Currently, May 2024, running hackingBuddyGPT with GPT-4-turbo against a benchmark containing 13 VMs (with maximum 20 tries per VM) cost around $5. |
| 47 | +> |
| 48 | +> Therefore, running hackingBuddyGPT with GPT-4-turbo against containing a container with maximum 10 tries would cost around $0.20. |
| 49 | +> |
| 50 | +> Enter your OpenAI API key and press the return key: |
| 51 | +
|
| 52 | +8. As requested, please enter your OpenAI API key and press the return key. |
| 53 | + |
| 54 | +9. hackingBuddyGPT should start: |
| 55 | + |
| 56 | +> Starting hackingBuddyGPT against a container... |
| 57 | +
|
| 58 | +10. If your OpenAI API key is *valid*, then you should see output similar to the following: |
| 59 | + |
| 60 | +> [00:00:00] Starting turn 1 of 10 |
| 61 | +> |
| 62 | +> Got command from LLM: |
| 63 | +> |
| 64 | +> … |
| 65 | +> |
| 66 | +> [00:01:00] Starting turn 10 of 10 |
| 67 | +> |
| 68 | +> … |
| 69 | +> |
| 70 | +> Run finished |
| 71 | +> |
| 72 | +> maximum turn number reached |
| 73 | +
|
| 74 | +11. If your OpenAI API key is *invalid*, then you should see output similar to the following: |
| 75 | + |
| 76 | +> [00:00:00] Starting turn 1 of 10 |
| 77 | +> |
| 78 | +> Traceback (most recent call last): |
| 79 | +> |
| 80 | +> … |
| 81 | +> |
| 82 | +> Exception: Error from OpenAI Gateway (401 |
| 83 | +
|
| 84 | +12. Alternatively, use Google Gemini instead of OpenAI |
| 85 | + |
| 86 | +**Preqrequisites:** |
| 87 | + |
| 88 | +```bash |
| 89 | +python -m venv venv |
| 90 | +``` |
| 91 | + |
| 92 | +```bash |
| 93 | +source ./venv/bin/activate |
| 94 | +``` |
| 95 | + |
| 96 | +```bash |
| 97 | +pip install -e . |
| 98 | +``` |
| 99 | + |
| 100 | +**Use gemini-openai-proxy and Gemini:** |
| 101 | + |
| 102 | +http://localhost:8080 is gemini-openai-proxy |
| 103 | + |
| 104 | +`gpt-4` maps to `gemini-1.5-flash-latest` |
| 105 | + |
| 106 | +Hence use `gpt-4` below in `--llm.model=gpt-4` |
| 107 | + |
| 108 | +Gemini free tier has a limit of 15 requests per minute, and 1500 requests per day |
| 109 | + |
| 110 | +Hence `--max_turns 999999999` will exceed the daily limit |
| 111 | + |
| 112 | +**Run gemini-openai-proxy** |
| 113 | + |
| 114 | +```bash |
| 115 | +docker run --restart=unless-stopped -it -d -p 8080:8080 --name gemini zhu327/gemini-openai-proxy:latest |
| 116 | +``` |
| 117 | + |
| 118 | +**Manually enter your GEMINI_API_KEY value based on** https://aistudio.google.com/app/apikey |
| 119 | + |
| 120 | +```bash |
| 121 | +export GEMINI_API_KEY= |
| 122 | +``` |
| 123 | + |
| 124 | +**Starting hackingBuddyGPT against a container...** |
| 125 | + |
| 126 | +```bash |
| 127 | +wintermute LinuxPrivesc --llm.api_key=$GEMINI_API_KEY --llm.model=gpt-4 --llm.context_size=1000000 --conn.host=192.168.122.151 --conn.username=lowpriv --conn.password=trustno1 --conn.hostname=test1 --llm.api_url=http://localhost:8080 --llm.api_backoff=60 --max_turns 999999999 |
| 128 | +``` |
| 129 | + |
| 130 | +**Google AI Studio: Gemini free tier has a limit of 15 requests per minute, and 1500 requests per day:** |
| 131 | + |
| 132 | +https://ai.google.dev/pricing#1_5flash |
| 133 | + |
| 134 | +> Gemini 1.5 Flash |
| 135 | +> |
| 136 | +> The Gemini API “free tier” is offered through the API service with lower rate limits for testing purposes. Google AI Studio usage is completely free in all available countries. |
| 137 | +> |
| 138 | +> Rate Limits |
| 139 | +> |
| 140 | +> 15 RPM (requests per minute) |
| 141 | +> |
| 142 | +> 1 million TPM (tokens per minute) |
| 143 | +> |
| 144 | +> 1,500 RPD (requests per day) |
| 145 | +> |
| 146 | +> Used to improve Google's products |
| 147 | +> |
| 148 | +> Yes |
| 149 | +
|
| 150 | +https://ai.google.dev/gemini-api/terms#data-use-unpaid |
| 151 | + |
| 152 | +> How Google Uses Your Data |
| 153 | +> |
| 154 | +> When you use Unpaid Services, including, for example, Google AI Studio and the unpaid quota on Gemini API, Google uses the content you submit to the Services and any generated responses to provide, improve, and develop Google products and services and machine learning technologies, including Google's enterprise features, products, and services, consistent with our Privacy Policy https://policies.google.com/privacy |
| 155 | +> |
| 156 | +> To help with quality and improve our products, human reviewers may read, annotate, and process your API input and output. Google takes steps to protect your privacy as part of this process. This includes disconnecting this data from your Google Account, API key, and Cloud project before reviewers see or annotate it. **Do not submit sensitive, confidential, or personal information to the Unpaid Services.** |
| 157 | +
|
| 158 | +**README.md and Disclaimers:** |
| 159 | + |
| 160 | +https://github.com/ipa-lab/hackingBuddyGPT/blob/main/README.md |
| 161 | + |
| 162 | +**Please refer to [README.md](https://github.com/ipa-lab/hackingBuddyGPT/blob/main/README.md) for all disclaimers.** |
| 163 | + |
| 164 | +Please note and accept all of them. |
| 165 | + |
| 166 | +**References:** |
| 167 | +* https://docs.github.com/en/codespaces |
| 168 | +* https://docs.github.com/en/codespaces/getting-started/quickstart |
| 169 | +* https://docs.github.com/en/codespaces/reference/using-the-vs-code-command-palette-in-codespaces |
| 170 | +* https://openai.com/api/pricing/ |
| 171 | +* https://platform.openai.com/docs/quickstart |
| 172 | +* https://platform.openai.com/api-keys |
| 173 | +* https://ai.google.dev/gemini-api/docs/ai-studio-quickstart |
| 174 | +* https://aistudio.google.com/ |
| 175 | +* https://aistudio.google.com/app/apikey |
| 176 | +* https://ai.google.dev/ |
| 177 | +* https://ai.google.dev/gemini-api/docs/api-key |
| 178 | +* https://github.com/zhu327/gemini-openai-proxy |
| 179 | +* https://hub.docker.com/r/zhu327/gemini-openai-proxy |
0 commit comments