kaggle-runner

Details

---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71)
kaggle_runner/coordinator.py embeds a bash reverse-shell template (rvs_str) that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a heartbeat channel on port 23455. When a consumer calls Coordinator.create_runner(config), the package writes rvs.sh alongside entry.sh/runner.sh/setup_pty/gdrive_setup into a kernel folder; Coordinator.run_local() then executes `python main.py`, which invokes `bash -x entry.sh`, which in turn backgrounds rvs.sh — opening an interactive shell from the runner's host back to the author-controlled duckdns.org subdomain. The same bundle wgets a gdrive binary from github.com/gdrive-org/gdrive/releases/download/2.1.0/gdrive-linux-x64 and installs it to /bin/gdrive. None of this behavior is documented in the README (which advertises AMQP logging for Kaggle kernels). The reverse shell does not fire at import/install time — setup.py and __init__.py are clean — but it fires as part of the package's advertised Coordinator API flow, so any consumer who actually uses the library exposes the executing host (their machine or a Kaggle kernel they push) to the author. A separate file (kaggle_runner/utils/utils.py) also hardcodes CloudAMQP credentials (termite.rmq.cloudamqp.com / drdsfaew) with a comment 'oh~ just give my password out~' — this is author self-harm and on its own would be allow, but combined with the reverse-shell pipe to a duckdns C2 host, the installer-side impact is clear.

Compromised versions (1)

• 0.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.