Graham Sutherland / PolynomialMay 20
fun trick: if someone gives a hosted LLM a skill that lets it fetch web pages (directly, not through some third party scraper service) and it's hosted on AWS, you can often trick it into fetching data from the AWS instance metadata server (IMDS) at 169.254.169.254 / [fd00:ec2::254]. the higher end models tend to refuse if you give the IP, but you can just spin up a domain with A/AAAA records pointing at that IP and request that instead. if IMDSv1 isn't disabled you can get secrets out of it.
Show threadlobsterMay 21

@gsuberland

I do not understand. Boosting anyways. Someone might need a little chaosing...

Show threadGraham Sutherland / PolynomialMay 21
@lobster there's a less technical explanation here if that helps: https://chaos.social/@gsuberland/116608756745853934
Graham Sutherland / Polynomial (@[email protected])

@[email protected] LLMs often get given the ability to download webpages, e.g. you say "look at [URL]" and that runs a script that downloads the URL and returns the results back to the LLM (and, in turn, possibly to you). if the LLM itself is running on a server, such as it would be for something like those awful support chat bots, then the request comes from the server, not your computer.

chaos.social
Show threadlobster

@gsuberland

Many thanks appreciate the info. Not for me but glad I boosted :-)

May 21 at 4:32amWeb